APIBinding
APIBinding CRD schema reference (group apis.kcp.io)
Version v1alpha1
Properties
.apiVersion
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
.kind
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
.metadata
.spec
Spec holds the desired state.
.spec.permissionClaims
permissionClaims records decisions about permission claims requested by the API service provider. Individual claims can be accepted or rejected. If accepted, the API service provider gets the requested access to the specified resources in this workspace. Access is granted per GroupResource, identity, and other properties.
.spec.permissionClaims[*]
AcceptablePermissionClaim is a PermissionClaim that records if the user accepts or rejects it.
.spec.permissionClaims[*].all
all claims all resources for the given group/resource. This is mutually exclusive with resourceSelector.
.spec.permissionClaims[*].group
group is the name of an API group. For core groups this is the empty string ‘“”’.
.spec.permissionClaims[*].identityHash
This is the identity for a given APIExport that the APIResourceSchema belongs to. The hash can be found on APIExport and APIResourceSchema’s status. It will be empty for core types. Note that one must look this up for a particular KCP instance.
.spec.permissionClaims[*].resource
resource is the name of the resource. Note: it is worth noting that you can not ask for permissions for resource provided by a CRD not provided by an api export.
.spec.permissionClaims[*].resourceSelector
resourceSelector is a list of claimed resource selectors.
.spec.permissionClaims[*].resourceSelector[*]
.spec.permissionClaims[*].resourceSelector[*].name
name of an object within a claimed group/resource. It matches the metadata.name field of the underlying object. If namespace is unset, all objects matching that name will be claimed.
.spec.permissionClaims[*].resourceSelector[*].namespace
namespace containing the named object. Matches metadata.namespace field. If “name” is unset, all objects from the namespace are being claimed.
.spec.permissionClaims[*].state
.spec.reference
reference uniquely identifies an API to bind to.
.spec.reference.export
export is a reference to an APIExport by cluster name and export name.
The creator of the APIBinding needs to have access to the APIExport with the
verb bind in order to bind to it.
.spec.reference.export.name
name is the name of the APIExport that describes the API.
.spec.reference.export.path
path is a logical cluster path where the APIExport is defined. If the path is unset, the logical cluster of the APIBinding is used.
.status
Status communicates the observed state.
.status.apiExportClusterName
APIExportClusterName records the name (not path) of the logical cluster that contains the APIExport.
.status.appliedPermissionClaims
appliedPermissionClaims is a list of the permission claims the system has seen and applied, according to the requests of the API service provider in the APIExport and the acceptance state in spec.permissionClaims.
.status.appliedPermissionClaims[*]
PermissionClaim identifies an object by GR and identity hash. Its purpose is to determine the added permissions that a service provider may request and that a consumer may accept and allow the service provider access to.
.status.appliedPermissionClaims[*].all
all claims all resources for the given group/resource. This is mutually exclusive with resourceSelector.
.status.appliedPermissionClaims[*].group
group is the name of an API group. For core groups this is the empty string ‘“”’.
.status.appliedPermissionClaims[*].identityHash
This is the identity for a given APIExport that the APIResourceSchema belongs to. The hash can be found on APIExport and APIResourceSchema’s status. It will be empty for core types. Note that one must look this up for a particular KCP instance.
.status.appliedPermissionClaims[*].resource
resource is the name of the resource. Note: it is worth noting that you can not ask for permissions for resource provided by a CRD not provided by an api export.
.status.appliedPermissionClaims[*].resourceSelector
resourceSelector is a list of claimed resource selectors.
.status.appliedPermissionClaims[*].resourceSelector[*]
.status.appliedPermissionClaims[*].resourceSelector[*].name
name of an object within a claimed group/resource. It matches the metadata.name field of the underlying object. If namespace is unset, all objects matching that name will be claimed.
.status.appliedPermissionClaims[*].resourceSelector[*].namespace
namespace containing the named object. Matches metadata.namespace field. If “name” is unset, all objects from the namespace are being claimed.
.status.boundResources
boundResources records the state of bound APIs.
.status.boundResources[*]
BoundAPIResource describes a bound GroupVersionResource through an APIResourceSchema of an APIExport..
.status.boundResources[*].group
group is the group of the bound API. Empty string for the core API group.
.status.boundResources[*].resource
resource is the resource of the bound API.
kubebuilder:validation:MinLength=1
.status.boundResources[*].schema
Schema references the APIResourceSchema that is bound to this API.
.status.boundResources[*].schema.UID
UID is the UID of the APIResourceSchema that is bound to this API.
.status.boundResources[*].schema.identityHash
identityHash is the hash of the API identity that this schema is bound to. The API identity determines the etcd prefix used to persist the object. Different identity means that the objects are effectively served and stored under a distinct resource. A CRD of the same GroupVersionResource uses a different identity and hence a separate etcd prefix.
.status.boundResources[*].schema.name
name is the bound APIResourceSchema name.
.status.boundResources[*].storageVersions
storageVersions lists all versions of a resource that were ever persisted. Tracking these versions allows a migration path for stored versions in etcd. The field is mutable so a migration controller can finish a migration to another version (ensuring no old objects are left in storage), and then remove the rest of the versions from this list.
Versions may not be removed while they exist in this list.
.status.boundResources[*].storageVersions[*]
.status.conditions
conditions is a list of conditions that apply to the APIBinding.
.status.conditions[*]
Condition defines an observation of a object operational state.
.status.conditions[*].lastTransitionTime
Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
.status.conditions[*].message
A human readable message indicating details about the transition. This field may be empty.
.status.conditions[*].reason
The reason for the condition’s last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.
.status.conditions[*].severity
Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.
.status.conditions[*].status
Status of the condition, one of True, False, Unknown.
.status.conditions[*].type
Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.
.status.exportPermissionClaims
exportPermissionClaims records the permissions that the export provider is asking for the binding to grant.
.status.exportPermissionClaims[*]
PermissionClaim identifies an object by GR and identity hash. Its purpose is to determine the added permissions that a service provider may request and that a consumer may accept and allow the service provider access to.
.status.exportPermissionClaims[*].all
all claims all resources for the given group/resource. This is mutually exclusive with resourceSelector.
.status.exportPermissionClaims[*].group
group is the name of an API group. For core groups this is the empty string ‘“”’.
.status.exportPermissionClaims[*].identityHash
This is the identity for a given APIExport that the APIResourceSchema belongs to. The hash can be found on APIExport and APIResourceSchema’s status. It will be empty for core types. Note that one must look this up for a particular KCP instance.
.status.exportPermissionClaims[*].resource
resource is the name of the resource. Note: it is worth noting that you can not ask for permissions for resource provided by a CRD not provided by an api export.
.status.exportPermissionClaims[*].resourceSelector
resourceSelector is a list of claimed resource selectors.
.status.exportPermissionClaims[*].resourceSelector[*]
.status.exportPermissionClaims[*].resourceSelector[*].name
name of an object within a claimed group/resource. It matches the metadata.name field of the underlying object. If namespace is unset, all objects matching that name will be claimed.
.status.exportPermissionClaims[*].resourceSelector[*].namespace
namespace containing the named object. Matches metadata.namespace field. If “name” is unset, all objects from the namespace are being claimed.
.status.phase
phase is the current phase of the APIBinding: - “”: the APIBinding has just been created, waiting to be bound. - Binding: the APIBinding is being bound. - Bound: the APIBinding is bound and the referenced APIs are available in the workspace.