PublishedResource

PublishedResource CRD schema reference (group syncagent.kcp.io)

PublishedResource describes how an API type (usually defined by a CRD) on the service cluster should be exposed in kcp workspaces. Besides controlling how namespaced and cluster-wide resources should be mapped, the GVK can also be transformed to provide a uniform, implementation-independent access to the APIs inside kcp.

Full name:: publishedresources.syncagent.kcp.io
Group:: syncagent.kcp.io
Singular name:: publishedresource
Plural name:: publishedresources
Scope:: Cluster
Versions:: v1alpha1

Version v1alpha1

Properties

.apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

.kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

.metadata

object

.spec

object Required

PublishedResourceSpec describes the desired resource publication from a service cluster to kcp.

.spec.enableWorkspacePaths

boolean

EnableWorkspacePaths toggles whether the Sync Agent will not just store the kcp cluster name as a label on each locally synced object, but also the full workspace path. This is optional because it requires additional requests to kcp and should only be used if the workspace path is of interest on the service cluster side.

.spec.filter

object

If specified, the filter will be applied to the resources in a workspace and allow restricting which of them will be handled by the Sync Agent.

.spec.filter.namespace

object

When given, the namespace filter will be applied to a resource’s namespace.

.spec.filter.namespace.matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

.spec.filter.namespace.matchExpressions[*]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

.spec.filter.namespace.matchExpressions[*].key

string Required

key is the label key that the selector applies to.

.spec.filter.namespace.matchExpressions[*].operator

string Required

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

.spec.filter.namespace.matchExpressions[*].values

array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

.spec.filter.namespace.matchExpressions[].values[]

string

.spec.filter.namespace.matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is “key”, the operator is “In”, and the values array contains only “value”. The requirements are ANDed.

.spec.filter.resource

object

When given, the resource filter will be applied to a resource itself.

.spec.filter.resource.matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

.spec.filter.resource.matchExpressions[*]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

.spec.filter.resource.matchExpressions[*].key

string Required

key is the label key that the selector applies to.

.spec.filter.resource.matchExpressions[*].operator

string Required

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

.spec.filter.resource.matchExpressions[*].values

array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

.spec.filter.resource.matchExpressions[].values[]

string

.spec.filter.resource.matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is “key”, the operator is “In”, and the values array contains only “value”. The requirements are ANDed.

.spec.mutation

object

Mutation allows to configure “rewrite rules” to modify the objects in both directions during the synchronization.

.spec.mutation.spec

array

.spec.mutation.spec[*]

object

.spec.mutation.spec[*].cel

object

.spec.mutation.spec[*].cel.expression

string Required

.spec.mutation.spec[*].cel.path

string Required

.spec.mutation.spec[*].delete

object

.spec.mutation.spec[*].delete.path

string Required

.spec.mutation.spec[*].regex

object

.spec.mutation.spec[*].regex.path

string Required

.spec.mutation.spec[*].regex.pattern

string

Pattern can be left empty to simply replace the entire value with the replacement.

.spec.mutation.spec[*].regex.replacement

string

.spec.mutation.spec[*].template

object

.spec.mutation.spec[*].template.path

string Required

.spec.mutation.spec[*].template.template

string Required

.spec.mutation.status

array

.spec.mutation.status[*]

object

.spec.mutation.status[*].cel

object

.spec.mutation.status[*].cel.expression

string Required

.spec.mutation.status[*].cel.path

string Required

.spec.mutation.status[*].delete

object

.spec.mutation.status[*].delete.path

string Required

.spec.mutation.status[*].regex

object

.spec.mutation.status[*].regex.path

string Required

.spec.mutation.status[*].regex.pattern

string

Pattern can be left empty to simply replace the entire value with the replacement.

.spec.mutation.status[*].regex.replacement

string

.spec.mutation.status[*].template

object

.spec.mutation.status[*].template.path

string Required

.spec.mutation.status[*].template.template

string Required

.spec.naming

object

Naming can be used to control how the namespace and names for local objects are formed. If not specified, the Sync Agent will use defensive defaults to prevent naming collisions in the service cluster. When configuring this, great care must be taken to not allow for naming collisions to happen; keep in mind that the same name/namespace can exists in many different kcp workspaces.

.spec.naming.name

string

The name field allows to control the name the local objects created by the Sync Agent. If left empty, the default value is:

”{{ .Object.metadata.namespace | sha3short }}-{{ .Object.metadata.name | sha3short }}”

This guarantees unique names as long as the cluster name is used for the local namespace (the default unless configured otherwise).

This value is a Go template, see the documentation for the available variables and functions.

Alternatively (but deprecated), this value can be a simple string using one of the following placeholders:

$remoteClusterName – the kcp workspace’s cluster name (e.g. “1084s8ceexsehjm2”)
$remoteNamespace – the original namespace used by the consumer inside the kcp workspace (if targetNamespace is left empty, it’s equivalent to setting “$remote_ns”)
$remoteNamespaceHash – first 20 hex characters of the SHA-1 hash of $remoteNamespace
$remoteName – the original name of the object inside the kcp workspace (rarely used to construct local namespace names)
$remoteNameHash – first 20 hex characters of the SHA-1 hash of $remoteName

Authors are advised to use Go templates instead, as the custom variable syntax is deprecated and will be removed from a future release of the Sync Agent.

.spec.naming.namespace

string

For namespaced resources, the this field allows to control where the local objects will be created. If left empty, “{{ .ClusterName }}” is assumed.

This value is a Go template, see the documentation for the available variables and functions.

Alternatively (but deprecated), this value can be a simple string using one of the following placeholders:

$remoteClusterName – the kcp workspace’s cluster name (e.g. “1084s8ceexsehjm2”)
$remoteNamespace – the original namespace used by the consumer inside the kcp workspace (if targetNamespace is left empty, it’s equivalent to setting “$remote_ns”)
$remoteNamespaceHash – first 20 hex characters of the SHA-1 hash of $remoteNamespace
$remoteName – the original name of the object inside the kcp workspace (rarely used to construct local namespace names)
$remoteNameHash – first 20 hex characters of the SHA-1 hash of $remoteName

Authors are advised to use Go templates instead, as the custom variable syntax is deprecated and will be removed from a future release of the Sync Agent.

.spec.projection

object

Projection is used to change the GVK of a published resource within kcp. This can be used to hide implementation details and provide a customized API experience to the user. All fields in the projection are optional. If a field is set, it will overwrite that field in the GVK. The namespaced field can be set to turn a cluster-wide resource namespaced or vice-versa.

.spec.projection.categories

array

Categories can be used to overwrite the original categories a resource was in. Set this to an empty list to remove all categories.

.spec.projection.categories[*]

string

.spec.projection.group

string

The API group, for example “myservice.example.com”. Leave empty to not modify the API group.

.spec.projection.kind

string

The resource Kind, for example “Database”. Setting this field will also overwrite the singular name by lowercasing the resource kind. In addition, if this is set, the plural name will also be updated by taking the lowercased kind name and appending an “s”. If this would yield an undesirable name, use the plural field to explicitly give the plural name.

.spec.projection.plural

string

When overwriting the Kind, it can be necessary to also override the plural name in case of more complex pluralization rules.

.spec.projection.scope

string

Whether or not the resource is namespaced.

.spec.projection.shortNames

array

ShortNames can be used to overwrite the original short names for a resource, usually when the Kind is remapped, new short names are also in order. Set this to an empty list to remove all short names.

.spec.projection.shortNames[*]

string

.spec.projection.version

string

The API version, for example “v1beta1”. Leave empty to not modify the version.

This field must not be set when multiple versions have been selected.

Deprecated: Use .versions instead.

.spec.projection.versions

object

Versions allows to map API versions onto new values in kcp. Leave empty to not modify the versions.

array

Related configures additional resources that semantically belong to the synced resource, like a Secret containing generated credentials. Related objects are synced along the main resource.

object

RelatedResourceSpec describes a single related resource, which might point to any number of actual Kubernetes objects.

(in the following rule, group is optional becaue core/v1 is represented by group=“”) group is included here because when an identityHash is used, core/v1 cannot possible be targetted

string

Group is the API group of the related resource. This should be left blank for resources in the core API group.

string Required

Identifier is a unique name for this related resource. The name must be unique within one PublishedResource and is the key by which consumers (end users) can identify and consume the related resource. Common names are “connection-details” or “credentials”. The identifier must be an alphanumeric string.

string

IdentityHash is the identity hash of a kcp APIExport, in case the given Kind is provided by an APIExport and not Kube-native.

string

Kind is the object kind of the related resource (for example “Secret”).

Deprecated: Use “Resource” instead. This field is limited to “ConfigMap” and “Secret” and will be removed in the future. Kind and Resource cannot be specified at the same time.

object

Mutation configures optional transformation rules for the related resource. Status mutations are only performed when the related resource originates in kcp.

array

object

string Required

object

string Required

object

string Required

string

Pattern can be left empty to simply replace the entire value with the replacement.

string

object

string Required

array

object

string Required

object

string Required

object

string Required

string

Pattern can be left empty to simply replace the entire value with the replacement.

string

object

string Required

object Required

Object describes how the related resource can be found on the origin side and where it is to supposed to be created on the destination side.

object

Namespace configures in what namespace the related object resides in. If not specified, the same namespace as the main object is assumed. If the main object is cluster-scoped, this field is required and an error will be raised during syncing if the field is not specified.

object

Reference points to a field inside the main object. This reference is evaluated on both source and destination sides to find the related object.

string Required

Path is a simplified JSONPath expression like “metadata.name”. A reference must always select at least something in the object, even if the value is discarded by the regular expression.

object

Regex is a Go regular expression that is optionally applied to the selected value from the path.

string

Pattern can be left empty to simply replace the entire value with the replacement.

string

Replacement is the string that the matched pattern is replaced with. It can contain references to groups in the pattern by using \N.

object

Selector is a label selector that is useful if no reference is in the main resource (i.e. if the related object links back to its parent, instead of the parent pointing to the related object).

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

string Required

key is the label key that the selector applies to.

string Required

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

string

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is “key”, the operator is “In”, and the values array contains only “value”. The requirements are ANDed.

object Required

object

Regex is a Go regular expression that is optionally applied to the selected value from the path.

string

Pattern can be left empty to simply replace the entire value with the replacement.

string

Replacement is the string that the matched pattern is replaced with. It can contain references to groups in the pattern by using \N.

object

TemplateExpression is a Go templated string that can make use of variables to construct the resulting string.

string

object

Template is a Go templated string that can make use of variables to construct the resulting string.

string

object

Reference points to a field inside the main object. This reference is evaluated on both source and destination sides to find the related object.

string Required

Path is a simplified JSONPath expression like “metadata.name”. A reference must always select at least something in the object, even if the value is discarded by the regular expression.

object

Regex is a Go regular expression that is optionally applied to the selected value from the path.

string

Pattern can be left empty to simply replace the entire value with the replacement.

string

Replacement is the string that the matched pattern is replaced with. It can contain references to groups in the pattern by using \N.

object

Selector is a label selector that is useful if no reference is in the main resource (i.e. if the related object links back to its parent, instead of the parent pointing to the related object).

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

string Required

key is the label key that the selector applies to.

string Required

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

string

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is “key”, the operator is “In”, and the values array contains only “value”. The requirements are ANDed.

object Required

object

Regex is a Go regular expression that is optionally applied to the selected value from the path.

string

Pattern can be left empty to simply replace the entire value with the replacement.

string

Replacement is the string that the matched pattern is replaced with. It can contain references to groups in the pattern by using \N.

object

TemplateExpression is a Go templated string that can make use of variables to construct the resulting string.

string

object

Template is a Go templated string that can make use of variables to construct the resulting string.

string

string Required

object

Projection is used to change the GVK of a related resource on the opposite side of its origin. All fields in the projection are optional. If a field is set, it will overwrite that field in the GVK.

string

The API group, for example “myservice.example.com”. Leave empty to not modify the API group.

string

The resource name, for example “databases”. Leave empty to not modify the resource.

string

The API version, for example “v1beta1”. Leave empty to not modify the version.

string

Resource is the name of the related resource (for example “secrets”).

string

Version is the API version of the related resource. This can be left blank to automatically use the preferred version.

.spec.resource

object Required

Describes the “source” Resource that exists on this, the service cluster, that should be exposed in kcp workspaces. All fields have to be specified.

.spec.resource.apiGroup

string Required

The API group of a resource, for example “storage.initroid.com”.

.spec.resource.kind

string Required

The resource Kind, for example “Database”.

.spec.resource.version

string

The API version, for example “v1beta1”. Setting this field will only publish the given version, otherwise all versions for the group/kind will be published.

Deprecated: Use .versions instead.

.spec.resource.versions

array

Versions allows to select a subset of versions to publish. Leave empty to publish all available versions.

.spec.resource.versions[*]

string

.spec.synchronization

object

Synchronization allows to configure how the syncagent processes this resource.

.spec.synchronization.enabled

boolean Required

Enabled can be used to toggle the synchronization as a whole. When set to false, the syncagent will only copy the CRD and include it in the APIExport, but not will attempt to synchronize objects of this resource from the kcp workspaces to the provider. Synchronization must be disabled for resources that are used as related resources for other PublishedResources. Otherwise the syncagent would potentially loop and never finish processing an object.

.status

object

Status contains reconciliation information for the published resource.

.status.resourceSchemaName

string

PublishedResource