--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.0 name: works.placement.kubernetes-fleet.io spec: group: placement.kubernetes-fleet.io names: categories: - fleet - fleet-placement kind: Work listKind: WorkList plural: works singular: work scope: Namespaced versions: - name: v1 schema: openAPIV3Schema: description: Work is the Schema for the works API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: spec defines the workload of a work. properties: applyStrategy: description: |- ApplyStrategy describes how to resolve the conflict if the resource to be placed already exists in the target cluster and is owned by other appliers. This field is a beta-level feature. properties: allowCoOwnership: description: |- AllowCoOwnership defines whether to apply the resource if it already exists in the target cluster and is not solely owned by fleet (i.e., metadata.ownerReferences contains only fleet custom resources). If true, apply the resource and add fleet as a co-owner. If false, leave the resource unchanged and fail the apply. type: boolean serverSideApplyConfig: description: ServerSideApplyConfig defines the configuration for server side apply. It is honored only when type is ServerSideApply. properties: force: description: |- Force represents to force apply to succeed when resolving the conflicts For any conflicting fields, - If true, use the values from the resource to be applied to overwrite the values of the existing resource in the target cluster, as well as take over ownership of such fields. - If false, apply will fail with the reason ApplyConflictWithOtherApplier. For non-conflicting fields, values stay unchanged and ownership are shared between appliers. type: boolean type: object type: default: ClientSideApply description: |- Type defines the type of strategy to use. Default to ClientSideApply. Server-side apply is a safer choice. Read more about the differences between server-side apply and client-side apply: https://kubernetes.io/docs/reference/using-api/server-side-apply/#comparison-with-client-side-apply. enum: - ClientSideApply - ServerSideApply type: string type: object workload: description: Workload represents the manifest workload to be deployed on spoke cluster properties: manifests: description: Manifests represents a list of kubernetes resources to be deployed on the spoke cluster. items: description: Manifest represents a resource to be deployed on spoke cluster. type: object x-kubernetes-embedded-resource: true x-kubernetes-preserve-unknown-fields: true type: array type: object type: object status: description: status defines the status of each applied manifest on the spoke cluster. properties: conditions: description: |- Conditions contains the different condition statuses for this work. Valid condition types are: 1. Applied represents workload in Work is applied successfully on the spoke cluster. 2. Progressing represents workload in Work in the transitioning from one state to another the on the spoke cluster. 3. Available represents workload in Work exists on the spoke cluster. 4. Degraded represents the current state of workload does not match the desired state for a certain period. items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array manifestConditions: description: |- ManifestConditions represents the conditions of each resource in work deployed on spoke cluster. items: description: |- ManifestCondition represents the conditions of the resources deployed on spoke cluster. properties: conditions: description: Conditions represents the conditions of this resource on spoke cluster items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array identifier: description: resourceId represents a identity of a resource linking to manifests in spec. properties: group: description: Group is the group of the resource. type: string kind: description: Kind is the kind of the resource. type: string name: description: Name is the name of the resource type: string namespace: description: |- Namespace is the namespace of the resource, the resource is cluster scoped if the value is empty type: string ordinal: description: |- Ordinal represents an index in manifests list, so the condition can still be linked to a manifest even though manifest cannot be parsed successfully. type: integer resource: description: Resource is the resource type of the resource type: string version: description: Version is the version of the resource. type: string required: - ordinal type: object required: - conditions - identifier type: object type: array required: - conditions type: object type: object served: true storage: false subresources: status: {} - name: v1beta1 schema: openAPIV3Schema: description: Work is the Schema for the works API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: spec defines the workload of a work. properties: applyStrategy: description: |- ApplyStrategy describes how to resolve the conflict if the resource to be placed already exists in the target cluster and is owned by other appliers. properties: allowCoOwnership: description: |- AllowCoOwnership controls whether co-ownership between Fleet and other agents are allowed on a Fleet-managed resource. If set to false, Fleet will refuse to apply manifests to a resource that has been owned by one or more non-Fleet agents. Note that Fleet does not support the case where one resource is being placed multiple times by different CRPs on the same member cluster. An apply error will be returned if Fleet finds that a resource has been owned by another placement attempt by Fleet, even with the AllowCoOwnership setting set to true. type: boolean comparisonOption: default: PartialComparison description: |- ComparisonOption controls how Fleet compares the desired state of a resource, as kept in a hub cluster manifest, with the current state of the resource (if applicable) in the member cluster. Available options are: * PartialComparison: with this option, Fleet will compare only fields that are managed by Fleet, i.e., the fields that are specified explicitly in the hub cluster manifest. Unmanaged fields are ignored. This is the default option. * FullComparison: with this option, Fleet will compare all fields of the resource, even if the fields are absent from the hub cluster manifest. Consider using the PartialComparison option if you would like to: * use the default values for certain fields; or * let another agent, e.g., HPAs, VPAs, etc., on the member cluster side manage some fields; or * allow ad-hoc or cluster-specific settings on the member cluster side. To use the FullComparison option, it is recommended that you: * specify all fields as appropriate in the hub cluster, even if you are OK with using default values; * make sure that no fields are managed by agents other than Fleet on the member cluster side, such as HPAs, VPAs, or other controllers. See the Fleet documentation for further explanations and usage examples. enum: - PartialComparison - FullComparison type: string serverSideApplyConfig: description: ServerSideApplyConfig defines the configuration for server side apply. It is honored only when type is ServerSideApply. properties: force: description: |- Force represents to force apply to succeed when resolving the conflicts For any conflicting fields, - If true, use the values from the resource to be applied to overwrite the values of the existing resource in the target cluster, as well as take over ownership of such fields. - If false, apply will fail with the reason ApplyConflictWithOtherApplier. For non-conflicting fields, values stay unchanged and ownership are shared between appliers. type: boolean type: object type: default: ClientSideApply description: |- Type is the apply strategy to use; it determines how Fleet applies manifests from the hub cluster to a member cluster. Available options are: * ClientSideApply: Fleet uses three-way merge to apply manifests, similar to how kubectl performs a client-side apply. This is the default option. Note that this strategy requires that Fleet keep the last applied configuration in the annotation of an applied resource. If the object gets so large that apply ops can no longer be executed, Fleet will switch to server-side apply. Use ComparisonOption and WhenToApply settings to control when an apply op can be executed. * ServerSideApply: Fleet uses server-side apply to apply manifests; Fleet itself will become the field manager for specified fields in the manifests. Specify ServerSideApplyConfig as appropriate if you would like Fleet to take over field ownership upon conflicts. This is the recommended option for most scenarios; it might help reduce object size and safely resolve conflicts between field values. For more information, please refer to the Kubernetes documentation (https://kubernetes.io/docs/reference/using-api/server-side-apply/#comparison-with-client-side-apply). Use ComparisonOption and WhenToApply settings to control when an apply op can be executed. * ReportDiff: Fleet will compare the desired state of a resource as kept in the hub cluster with its current state (if applicable) on the member cluster side, and report any differences. No actual apply ops would be executed, and resources will be left alone as they are on the member clusters. If configuration differences are found on a resource, Fleet will consider this as an apply error, which might block rollout depending on the specified rollout strategy. Use ComparisonOption setting to control how the difference is calculated. ClientSideApply and ServerSideApply apply strategies only work when Fleet can assume ownership of a resource (e.g., the resource is created by Fleet, or Fleet has taken over the resource). See the comments on the WhenToTakeOver field for more information. ReportDiff apply strategy, however, will function regardless of Fleet's ownership status. One may set up a CRP with the ReportDiff strategy and the Never takeover option, and this will turn Fleet into a detection tool that reports only configuration differences but do not touch any resources on the member cluster side. For a comparison between the different strategies and usage examples, refer to the Fleet documentation. enum: - ClientSideApply - ServerSideApply - ReportDiff type: string whenToApply: default: Always description: |- WhenToApply controls when Fleet would apply the manifests on the hub cluster to the member clusters. Available options are: * Always: with this option, Fleet will periodically apply hub cluster manifests on the member cluster side; this will effectively overwrite any change in the fields managed by Fleet (i.e., specified in the hub cluster manifest). This is the default option. Note that this option would revert any ad-hoc changes made on the member cluster side in the managed fields; if you would like to make temporary edits on the member cluster side in the managed fields, switch to IfNotDrifted option. Note that changes in unmanaged fields will be left alone; if you use the FullDiff compare option, such changes will be reported as drifts. * IfNotDrifted: with this option, Fleet will stop applying hub cluster manifests on clusters that have drifted from the desired state; apply ops would still continue on the rest of the clusters. Drifts are calculated using the ComparisonOption, as explained in the corresponding field. Use this option if you would like Fleet to detect drifts in your multi-cluster setup. A drift occurs when an agent makes an ad-hoc change on the member cluster side that makes affected resources deviate from its desired state as kept in the hub cluster; and this option grants you an opportunity to view the drift details and take actions accordingly. The drift details will be reported in the CRP status. To fix a drift, you may: * revert the changes manually on the member cluster side * update the hub cluster manifest; this will trigger Fleet to apply the latest revision of the manifests, which will overwrite the drifted fields (if they are managed by Fleet) * switch to the Always option; this will trigger Fleet to apply the current revision of the manifests, which will overwrite the drifted fields (if they are managed by Fleet). * if applicable and necessary, delete the drifted resources on the member cluster side; Fleet will attempt to re-create them using the hub cluster manifests enum: - Always - IfNotDrifted type: string whenToTakeOver: default: Always description: |- WhenToTakeOver determines the action to take when Fleet applies resources to a member cluster for the first time and finds out that the resource already exists in the cluster. This setting is most relevant in cases where you would like Fleet to manage pre-existing resources on a member cluster. Available options include: * Always: with this action, Fleet will apply the hub cluster manifests to the member clusters even if the affected resources already exist. This is the default action. Note that this might lead to fields being overwritten on the member clusters, if they are specified in the hub cluster manifests. * IfNoDiff: with this action, Fleet will apply the hub cluster manifests to the member clusters if (and only if) pre-existing resources look the same as the hub cluster manifests. This is a safer option as pre-existing resources that are inconsistent with the hub cluster manifests will not be overwritten; Fleet will ignore them until the inconsistencies are resolved properly: any change you make to the hub cluster manifests would not be applied, and if you delete the manifests or even the ClusterResourcePlacement itself from the hub cluster, these pre-existing resources would not be taken away. Fleet will check for inconsistencies in accordance with the ComparisonOption setting. See also the comments on the ComparisonOption field for more information. If a diff has been found in a field that is **managed** by Fleet (i.e., the field **is specified ** in the hub cluster manifest), consider one of the following actions: * set the field in the member cluster to be of the same value as that in the hub cluster manifest. * update the hub cluster manifest so that its field value matches with that in the member cluster. * switch to the Always action, which will allow Fleet to overwrite the field with the value in the hub cluster manifest. If a diff has been found in a field that is **not managed** by Fleet (i.e., the field **is not specified** in the hub cluster manifest), consider one of the following actions: * remove the field from the member cluster. * update the hub cluster manifest so that the field is included in the hub cluster manifest. If appropriate, you may also delete the object from the member cluster; Fleet will recreate it using the hub cluster manifest. * Never: with this action, Fleet will not apply a hub cluster manifest to the member clusters if there is a corresponding pre-existing resource. However, if a manifest has never been applied yet; or it has a corresponding resource which Fleet has assumed ownership, apply op will still be executed. This is the safest option; one will have to remove the pre-existing resources (so that Fleet can re-create them) or switch to a different WhenToTakeOver option before Fleet starts processing the corresponding hub cluster manifests. If you prefer Fleet stop processing all manifests, use this option along with the ReportDiff apply strategy type. This setup would instruct Fleet to touch nothing on the member cluster side but still report configuration differences between the hub cluster and member clusters. Fleet will not give up ownership that it has already assumed though. enum: - Always - IfNoDiff - Never type: string type: object workload: description: Workload represents the manifest workload to be deployed on spoke cluster properties: manifests: description: Manifests represents a list of kubernetes resources to be deployed on the spoke cluster. items: description: Manifest represents a resource to be deployed on spoke cluster. type: object x-kubernetes-embedded-resource: true x-kubernetes-preserve-unknown-fields: true type: array type: object type: object status: description: status defines the status of each applied manifest on the spoke cluster. properties: conditions: description: |- Conditions contains the different condition statuses for this work. Valid condition types are: 1. Applied represents workload in Work is applied successfully on the spoke cluster. 2. Progressing represents workload in Work in the transitioning from one state to another the on the spoke cluster. 3. Available represents workload in Work exists on the spoke cluster. 4. Degraded represents the current state of workload does not match the desired state for a certain period. items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array manifestConditions: description: |- ManifestConditions represents the conditions of each resource in work deployed on spoke cluster. items: description: |- ManifestCondition represents the conditions of the resources deployed on spoke cluster. properties: conditions: description: Conditions represents the conditions of this resource on spoke cluster items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array diffDetails: description: |- DiffDetails explains the details about the observed configuration differences. Fleet might truncate the details as appropriate to control object size. Note that configuration differences can only occur on a resource if it is not currently owned by Fleet (i.e., it is a pre-existing resource that needs to be taken over), or if its corresponding placement is set to use the ReportDiff apply strategy. In other words, DiffDetails and DriftDetails will not be populated at the same time. properties: firstDiffedObservedTime: description: |- FirsftDiffedObservedTime is the timestamp when the configuration difference was first detected. format: date-time type: string observationTime: description: ObservationTime is the timestamp when the configuration difference was last detected. format: date-time type: string observedDiffs: description: |- ObservedDiffs describes each field with configuration difference as found from the member cluster side. Fleet might truncate the details as appropriate to control object size. Each entry specifies how the live state (the state on the member cluster side) compares against the desired state (the state kept in the hub cluster manifest). items: description: |- PatchDetail describes a patch that explains an observed configuration drift or difference. A patch detail can be transcribed as a JSON patch operation, as specified in RFC 6902. properties: path: description: The JSON path that points to a field that has drifted or has configuration differences. type: string valueInHub: description: |- The value at the JSON path from the hub cluster side. This field can be empty if the JSON path does not exist on the hub cluster side; i.e., applying the manifest from the hub cluster side would remove the field. type: string valueInMember: description: |- The value at the JSON path from the member cluster side. This field can be empty if the JSON path does not exist on the member cluster side; i.e., applying the manifest from the hub cluster side would add a new field. type: string required: - path type: object type: array observedInMemberClusterGeneration: description: |- ObservedInMemberClusterGeneration is the generation of the applied manifest on the member cluster side. This might be nil if the resource has not been created yet in the member cluster. format: int64 type: integer required: - firstDiffedObservedTime - observationTime type: object driftDetails: description: |- DriftDetails explains about the observed configuration drifts. Fleet might truncate the details as appropriate to control object size. Note that configuration drifts can only occur on a resource if it is currently owned by Fleet and its corresponding placement is set to use the ClientSideApply or ServerSideApply apply strategy. In other words, DriftDetails and DiffDetails will not be populated at the same time. properties: firstDriftedObservedTime: description: FirsftDriftedObservedTime is the timestamp when the drift was first detected. format: date-time type: string observationTime: description: ObservationTime is the timestamp when the drift was last detected. format: date-time type: string observedDrifts: description: |- ObservedDrifts describes each drifted field found from the applied manifest. Fleet might truncate the details as appropriate to control object size. Each entry specifies how the live state (the state on the member cluster side) compares against the desired state (the state kept in the hub cluster manifest). items: description: |- PatchDetail describes a patch that explains an observed configuration drift or difference. A patch detail can be transcribed as a JSON patch operation, as specified in RFC 6902. properties: path: description: The JSON path that points to a field that has drifted or has configuration differences. type: string valueInHub: description: |- The value at the JSON path from the hub cluster side. This field can be empty if the JSON path does not exist on the hub cluster side; i.e., applying the manifest from the hub cluster side would remove the field. type: string valueInMember: description: |- The value at the JSON path from the member cluster side. This field can be empty if the JSON path does not exist on the member cluster side; i.e., applying the manifest from the hub cluster side would add a new field. type: string required: - path type: object type: array observedInMemberClusterGeneration: description: |- ObservedInMemberClusterGeneration is the generation of the applied manifest on the member cluster side. format: int64 type: integer required: - firstDriftedObservedTime - observationTime - observedInMemberClusterGeneration type: object identifier: description: resourceId represents a identity of a resource linking to manifests in spec. properties: group: description: Group is the group of the resource. type: string kind: description: Kind is the kind of the resource. type: string name: description: Name is the name of the resource. type: string namespace: description: |- Namespace is the namespace of the resource, the resource is cluster scoped if the value is empty. type: string ordinal: description: |- Ordinal represents an index in manifests list, so the condition can still be linked to a manifest even though manifest cannot be parsed successfully. type: integer resource: description: Resource is the resource type of the resource. type: string version: description: Version is the version of the resource. type: string required: - ordinal type: object required: - conditions - identifier type: object type: array required: - conditions type: object type: object served: true storage: true subresources: status: {}