diff --git a/api/v1alpha1/cozystackresourcedefinitions_types.go b/api/v1alpha1/cozystackresourcedefinitions_types.go index 989440ee..b2baee85 100644 --- a/api/v1alpha1/cozystackresourcedefinitions_types.go +++ b/api/v1alpha1/cozystackresourcedefinitions_types.go @@ -52,6 +52,10 @@ type CozystackResourceDefinitionSpec struct { // Secret selectors Secrets CozystackResourceDefinitionResources `json:"secrets,omitempty"` + // Service selectors + Services CozystackResourceDefinitionResources `json:"services,omitempty"` + // Ingress selectors + Ingresses CozystackResourceDefinitionResources `json:"ingresses,omitempty"` // Dashboard configuration for this resource Dashboard *CozystackResourceDefinitionDashboard `json:"dashboard,omitempty"` diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 5967707e..42cf4c4a 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -237,6 +237,8 @@ func (in *CozystackResourceDefinitionSpec) DeepCopyInto(out *CozystackResourceDe out.Application = in.Application in.Release.DeepCopyInto(&out.Release) in.Secrets.DeepCopyInto(&out.Secrets) + in.Services.DeepCopyInto(&out.Services) + in.Ingresses.DeepCopyInto(&out.Ingresses) if in.Dashboard != nil { in, out := &in.Dashboard, &out.Dashboard *out = new(CozystackResourceDefinitionDashboard) diff --git a/internal/lineagecontrollerwebhook/matcher.go b/internal/lineagecontrollerwebhook/matcher.go index 1a21f5ca..7c756a49 100644 --- a/internal/lineagecontrollerwebhook/matcher.go +++ b/internal/lineagecontrollerwebhook/matcher.go @@ -62,12 +62,12 @@ func matchResourceToSelectorArray(ctx context.Context, name string, templateCont return false } -func matchResourceToExcludeInclude(ctx context.Context, name string, templateContext, l map[string]string, ex, in []*cozyv1alpha1.CozystackResourceDefinitionResourceSelector) bool { - if matchResourceToSelectorArray(ctx, name, templateContext, l, ex) { +func matchResourceToExcludeInclude(ctx context.Context, name string, templateContext, l map[string]string, resources *cozyv1alpha1.CozystackResourceDefinitionResources) bool { + if resources == nil { return false } - if matchResourceToSelectorArray(ctx, name, templateContext, l, in) { - return true + if matchResourceToSelectorArray(ctx, name, templateContext, l, resources.Exclude) { + return false } - return false + return matchResourceToSelectorArray(ctx, name, templateContext, l, resources.Include) } diff --git a/internal/lineagecontrollerwebhook/webhook.go b/internal/lineagecontrollerwebhook/webhook.go index fb7647fd..b368ea1a 100644 --- a/internal/lineagecontrollerwebhook/webhook.go +++ b/internal/lineagecontrollerwebhook/webhook.go @@ -19,6 +19,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + cozyv1alpha1 "github.com/cozystack/cozystack/api/v1alpha1" corev1alpha1 "github.com/cozystack/cozystack/pkg/apis/core/v1alpha1" ) @@ -27,6 +28,20 @@ var ( AncestryAmbiguous = fmt.Errorf("object ancestry is ambiguous") ) +// getResourceSelectors returns the appropriate CozystackResourceDefinitionResources for a given GroupKind +func (h *LineageControllerWebhook) getResourceSelectors(gk schema.GroupKind, crd *cozyv1alpha1.CozystackResourceDefinition) *cozyv1alpha1.CozystackResourceDefinitionResources { + switch { + case gk.Group == "" && gk.Kind == "Secret": + return &crd.Spec.Secrets + case gk.Group == "" && gk.Kind == "Service": + return &crd.Spec.Services + case gk.Group == "networking.k8s.io" && gk.Kind == "Ingress": + return &crd.Spec.Ingresses + default: + return nil + } +} + // SetupWithManager registers the handler with the webhook server. func (h *LineageControllerWebhook) SetupWithManagerAsWebhook(mgr ctrl.Manager) error { cfg := rest.CopyConfig(mgr.GetConfig()) @@ -138,19 +153,16 @@ func (h *LineageControllerWebhook) computeLabels(ctx context.Context, o *unstruc "name": obj.GetName(), "namespace": o.GetNamespace(), } - if o.GetAPIVersion() != "v1" || o.GetKind() != "Secret" { - return labels, err - } cfg := h.config.Load().(*runtimeConfig) crd := cfg.appCRDMap[appRef{gv.Group, obj.GetKind()}] + resourceSelectors := h.getResourceSelectors(o.GroupVersionKind().GroupKind(), crd) - // TODO: expand this to work with other resources than Secrets labels[corev1alpha1.TenantResourceLabelKey] = func(b bool) string { if b { return corev1alpha1.TenantResourceLabelValue } return "false" - }(matchResourceToExcludeInclude(ctx, o.GetName(), templateLabels, o.GetLabels(), crd.Spec.Secrets.Exclude, crd.Spec.Secrets.Include)) + }(matchResourceToExcludeInclude(ctx, o.GetName(), templateLabels, o.GetLabels(), resourceSelectors)) return labels, err } diff --git a/packages/apps/virtual-machine/templates/service.yaml b/packages/apps/virtual-machine/templates/service.yaml index 77698a2d..d9d77825 100644 --- a/packages/apps/virtual-machine/templates/service.yaml +++ b/packages/apps/virtual-machine/templates/service.yaml @@ -5,6 +5,7 @@ kind: Service metadata: name: {{ include "virtual-machine.fullname" . }} labels: + apps.cozystack.io/user-service: "true" {{- include "virtual-machine.labels" . | nindent 4 }} annotations: networking.cozystack.io/wholeIP: "true" diff --git a/packages/apps/vm-instance/templates/service.yaml b/packages/apps/vm-instance/templates/service.yaml index 009062fd..d1ef4df9 100644 --- a/packages/apps/vm-instance/templates/service.yaml +++ b/packages/apps/vm-instance/templates/service.yaml @@ -5,6 +5,7 @@ kind: Service metadata: name: {{ include "virtual-machine.fullname" . }} labels: + apps.cozystack.io/user-service: "true" {{- include "virtual-machine.labels" . | nindent 4 }} annotations: networking.cozystack.io/wholeIP: "true" diff --git a/packages/system/cozystack-api/cozyrds/bootbox.yaml b/packages/system/cozystack-api/cozyrds/bootbox.yaml index 3235e3cc..87e35626 100644 --- a/packages/system/cozystack-api/cozyrds/bootbox.yaml +++ b/packages/system/cozystack-api/cozyrds/bootbox.yaml @@ -31,3 +31,13 @@ spec: secrets: exclude: [] include: [] + services: + exclude: [] + include: + - resourceNames: + - bootbox + ingresses: + exclude: [] + include: + - resourceNames: + - bootbox diff --git a/packages/system/cozystack-api/cozyrds/bucket.yaml b/packages/system/cozystack-api/cozyrds/bucket.yaml index d8f5b20b..889a36b5 100644 --- a/packages/system/cozystack-api/cozyrds/bucket.yaml +++ b/packages/system/cozystack-api/cozyrds/bucket.yaml @@ -35,3 +35,8 @@ spec: - resourceNames: - bucket-{{ .name }} - bucket-{{ .name }}-credentials + ingresses: + exclude: [] + include: + - resourceNames: + - bucket-{{ .name }}-ui diff --git a/packages/system/cozystack-api/cozyrds/clickhouse.yaml b/packages/system/cozystack-api/cozyrds/clickhouse.yaml index b41d44e8..49cf575f 100644 --- a/packages/system/cozystack-api/cozyrds/clickhouse.yaml +++ b/packages/system/cozystack-api/cozyrds/clickhouse.yaml @@ -32,3 +32,8 @@ spec: include: - resourceNames: - clickhouse-{{ .name }}-credentials + services: + exclude: [] + include: + - resourceNames: + - chendpoint-clickhouse-{{ .name }} diff --git a/packages/system/cozystack-api/cozyrds/etcd.yaml b/packages/system/cozystack-api/cozyrds/etcd.yaml index e27aba33..5f7d3fef 100644 --- a/packages/system/cozystack-api/cozyrds/etcd.yaml +++ b/packages/system/cozystack-api/cozyrds/etcd.yaml @@ -32,3 +32,8 @@ spec: secrets: exclude: [] include: [] + services: + exclude: [] + include: + - resourceNames: + - etcd diff --git a/packages/system/cozystack-api/cozyrds/ferretdb.yaml b/packages/system/cozystack-api/cozyrds/ferretdb.yaml index 9afce618..853d5d22 100644 --- a/packages/system/cozystack-api/cozyrds/ferretdb.yaml +++ b/packages/system/cozystack-api/cozyrds/ferretdb.yaml @@ -33,3 +33,8 @@ spec: include: - resourceNames: - ferretdb-{{ .name }}-credentials + services: + exclude: [] + include: + - resourceNames: + - ferretdb-{{ .name }} diff --git a/packages/system/cozystack-api/cozyrds/ingress.yaml b/packages/system/cozystack-api/cozyrds/ingress.yaml index 84263b43..80d52549 100644 --- a/packages/system/cozystack-api/cozyrds/ingress.yaml +++ b/packages/system/cozystack-api/cozyrds/ingress.yaml @@ -32,3 +32,8 @@ spec: secrets: exclude: [] include: [] + services: + exclude: [] + include: + - resourceNames: + - "{{ slice .namespace 7 }}-ingress-controller" diff --git a/packages/system/cozystack-api/cozyrds/kafka.yaml b/packages/system/cozystack-api/cozyrds/kafka.yaml index 7c4820cb..05594e07 100644 --- a/packages/system/cozystack-api/cozyrds/kafka.yaml +++ b/packages/system/cozystack-api/cozyrds/kafka.yaml @@ -33,3 +33,8 @@ spec: include: - resourceNames: - kafka-{{ .name }}-clients-ca + services: + exclude: [] + include: + - resourceNames: + - kafka-{{ .name }}-kafka-bootstrap diff --git a/packages/system/cozystack-api/cozyrds/kubernetes.yaml b/packages/system/cozystack-api/cozyrds/kubernetes.yaml index f7f32be7..db9ec9dc 100644 --- a/packages/system/cozystack-api/cozyrds/kubernetes.yaml +++ b/packages/system/cozystack-api/cozyrds/kubernetes.yaml @@ -34,3 +34,13 @@ spec: include: - resourceNames: - kubernetes-{{ .name }}-admin-kubeconfig + services: + exclude: [] + include: + - resourceNames: + - kubernetes-{{ .name }} + ingresses: + exclude: [] + include: + - resourceNames: + - kubernetes-{{ .name }} diff --git a/packages/system/cozystack-api/cozyrds/monitoring.yaml b/packages/system/cozystack-api/cozyrds/monitoring.yaml index 1bdb271b..af99f73c 100644 --- a/packages/system/cozystack-api/cozyrds/monitoring.yaml +++ b/packages/system/cozystack-api/cozyrds/monitoring.yaml @@ -34,3 +34,15 @@ spec: include: - resourceNames: - grafana-admin-password + services: + exclude: [] + include: + - resourceNames: + - grafana-service + - alerta + ingresses: + exclude: [] + include: + - resourceNames: + - grafana-ingress + - alerta diff --git a/packages/system/cozystack-api/cozyrds/mysql.yaml b/packages/system/cozystack-api/cozyrds/mysql.yaml index ed1d20a7..6f78b077 100644 --- a/packages/system/cozystack-api/cozyrds/mysql.yaml +++ b/packages/system/cozystack-api/cozyrds/mysql.yaml @@ -33,3 +33,9 @@ spec: include: - resourceNames: - mysql-{{ .name }}-credentials + services: + exclude: [] + include: + - resourceNames: + - mysql-{{ .name }}-primary + - mysql-{{ .name }}-secondary diff --git a/packages/system/cozystack-api/cozyrds/nats.yaml b/packages/system/cozystack-api/cozyrds/nats.yaml index b406b439..692075a9 100644 --- a/packages/system/cozystack-api/cozyrds/nats.yaml +++ b/packages/system/cozystack-api/cozyrds/nats.yaml @@ -33,3 +33,8 @@ spec: include: - resourceNames: - nats-{{ .name }}-credentials + services: + exclude: [] + include: + - resourceNames: + - nats-{{ .name }} diff --git a/packages/system/cozystack-api/cozyrds/postgres.yaml b/packages/system/cozystack-api/cozyrds/postgres.yaml index 12e3c9a8..17363553 100644 --- a/packages/system/cozystack-api/cozyrds/postgres.yaml +++ b/packages/system/cozystack-api/cozyrds/postgres.yaml @@ -41,3 +41,11 @@ spec: include: - resourceNames: - postgres-{{ .name }}-credentials + services: + exclude: [] + include: + - resourceNames: + - postgres-{{ .name }}-r + - postgres-{{ .name }}-ro + - postgres-{{ .name }}-rw + - postgres-{{ .name }}-external-write diff --git a/packages/system/cozystack-api/cozyrds/rabbitmq.yaml b/packages/system/cozystack-api/cozyrds/rabbitmq.yaml index 28844a4b..5e646959 100644 --- a/packages/system/cozystack-api/cozyrds/rabbitmq.yaml +++ b/packages/system/cozystack-api/cozyrds/rabbitmq.yaml @@ -35,3 +35,8 @@ spec: - rabbitmq-{{ .name }}-default-user - matchLabels: apps.cozystack.io/user-secret: "true" + services: + exclude: [] + include: + - resourceNames: + - rabbitmq-{{ .name }} diff --git a/packages/system/cozystack-api/cozyrds/redis.yaml b/packages/system/cozystack-api/cozyrds/redis.yaml index 0c502370..29c33a26 100644 --- a/packages/system/cozystack-api/cozyrds/redis.yaml +++ b/packages/system/cozystack-api/cozyrds/redis.yaml @@ -33,3 +33,11 @@ spec: include: - resourceNames: - redis-{{ .name }}-auth + services: + exclude: [] + include: + - resourceNames: + - rfs-redis-{{ .name }} + - rfrm-redis-{{ .name }} + - rfrs-redis-{{ .name }} + - redis-{{ .name }}-external-lb diff --git a/packages/system/cozystack-api/cozyrds/seaweedfs.yaml b/packages/system/cozystack-api/cozyrds/seaweedfs.yaml index 3d3119e1..2d027491 100644 --- a/packages/system/cozystack-api/cozyrds/seaweedfs.yaml +++ b/packages/system/cozystack-api/cozyrds/seaweedfs.yaml @@ -32,3 +32,13 @@ spec: secrets: exclude: [] include: [] + services: + exclude: [] + include: + - resourceNames: + - seaweedfs-{{ .name }}-s3 + ingresses: + exclude: [] + include: + - resourceNames: + - ingress-seaweedfs-{{ .name }}-s3 diff --git a/packages/system/cozystack-api/cozyrds/vm-instance.yaml b/packages/system/cozystack-api/cozyrds/vm-instance.yaml index b120c720..7d5ec69a 100644 --- a/packages/system/cozystack-api/cozyrds/vm-instance.yaml +++ b/packages/system/cozystack-api/cozyrds/vm-instance.yaml @@ -32,3 +32,8 @@ spec: secrets: exclude: [] include: [] + services: + exclude: [] + include: + - matchLabels: + apps.cozystack.io/user-service: "true" diff --git a/packages/system/cozystack-api/cozyrds/vpn.yaml b/packages/system/cozystack-api/cozyrds/vpn.yaml index ca9e187d..2d067fd1 100644 --- a/packages/system/cozystack-api/cozyrds/vpn.yaml +++ b/packages/system/cozystack-api/cozyrds/vpn.yaml @@ -33,3 +33,8 @@ spec: include: - resourceNames: - vpn-{{ .name }}-urls + services: + exclude: [] + include: + - resourceNames: + - vpn-{{ .name }}-vpn diff --git a/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml b/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml index 4c221281..685d4ac5 100644 --- a/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml +++ b/packages/system/cozystack-controller/crds/cozystack.io_cozystackresourcedefinitions.yaml @@ -126,6 +126,173 @@ spec: - plural - singular type: object + ingresses: + description: Ingress selectors + properties: + exclude: + description: |- + Exclude contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, it is + hidden from the user, regardless of the matches in the include array. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + include: + description: |- + Include contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, and + matches none of the selectors in the exclude array that resource is marked + as a tenant resource and is visible to users. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + type: object release: description: Release configuration properties: @@ -337,6 +504,173 @@ spec: x-kubernetes-map-type: atomic type: array type: object + services: + description: Service selectors + properties: + exclude: + description: |- + Exclude contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, it is + hidden from the user, regardless of the matches in the include array. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + include: + description: |- + Include contains an array of resource selectors that target resources. + If a resource matches the selector in any of the elements in the array, and + matches none of the selectors in the exclude array that resource is marked + as a tenant resource and is visible to users. + items: + description: |- + CozystackResourceDefinitionResourceSelector extends metav1.LabelSelector with resourceNames support. + A resource matches this selector only if it satisfies ALL criteria: + - Label selector conditions (matchExpressions and matchLabels) + - AND has a name that matches one of the names in resourceNames (if specified) + + The resourceNames field supports Go templates with the following variables available: + - {{ .name }}: The name of the managing application (from apps.cozystack.io/application.name) + - {{ .kind }}: The lowercased kind of the managing application (from apps.cozystack.io/application.kind) + - {{ .namespace }}: The namespace of the resource being processed + + Example YAML: + secrets: + include: + - matchExpressions: + - key: badlabel + operator: DoesNotExist + matchLabels: + goodlabel: goodvalue + resourceNames: + - "{{ .name }}-secret" + - "{{ .kind }}-{{ .name }}-tls" + - "specificname" + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + resourceNames: + description: |- + ResourceNames is a list of resource names to match + If specified, the resource must have one of these exact names to match the selector + items: + type: string + type: array + type: object + x-kubernetes-map-type: atomic + type: array + type: object required: - application - release