diff --git a/api/v1alpha2/template.go b/api/v1alpha2/template.go index 33a64ebe3..fa8843631 100644 --- a/api/v1alpha2/template.go +++ b/api/v1alpha2/template.go @@ -49,11 +49,9 @@ type Action struct { // +optional Volumes []Volume `json:"volumes,omitempty"` - // NetworkNamespace defines the network namespace to run the container in. This enables access - // to the host network namespace. - // See https://man7.org/linux/man-pages/man7/namespaces.7.html. + // Namespace defines the Linux namespaces this container should execute in. // +optional - NetworkNamespace *string `json:"networkNamespace,omitempty"` + Namespace *Namespace `json:"namespaces,omitempty"` } // Volume is a specification for mounting a volume in an action. Volumes take the form @@ -71,6 +69,18 @@ type Action struct { // See https://docs.docker.com/storage/volumes/ for additional details. type Volume string +// Namespace defines the Linux namespaces to use for the container. +// See https://man7.org/linux/man-pages/man7/namespaces.7.html. +type Namespace struct { + // Network defines the network namespace. + // +optional + Network *string `json:"network,omitempty"` + + // PID defines the PID namespace + // +optional + PID *int `json:"pid,omitempty"` +} + // +kubebuilder:object:root=true // +kubebuilder:resource:categories=tinkerbell,shortName=tpl // +kubebuilder:unservedversion diff --git a/api/v1alpha2/zz_generated.deepcopy.go b/api/v1alpha2/zz_generated.deepcopy.go index ef69c0fc9..12fcb75cc 100644 --- a/api/v1alpha2/zz_generated.deepcopy.go +++ b/api/v1alpha2/zz_generated.deepcopy.go @@ -51,10 +51,10 @@ func (in *Action) DeepCopyInto(out *Action) { *out = make([]Volume, len(*in)) copy(*out, *in) } - if in.NetworkNamespace != nil { - in, out := &in.NetworkNamespace, &out.NetworkNamespace - *out = new(string) - **out = **in + if in.Namespace != nil { + in, out := &in.Namespace, &out.Namespace + *out = new(Namespace) + (*in).DeepCopyInto(*out) } } @@ -343,6 +343,31 @@ func (in *Instance) DeepCopy() *Instance { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Namespace) DeepCopyInto(out *Namespace) { + *out = *in + if in.Network != nil { + in, out := &in.Network, &out.Network + *out = new(string) + **out = **in + } + if in.PID != nil { + in, out := &in.PID, &out.PID + *out = new(int) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Namespace. +func (in *Namespace) DeepCopy() *Namespace { + if in == nil { + return nil + } + out := new(Namespace) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NetworkInterface) DeepCopyInto(out *NetworkInterface) { *out = *in diff --git a/buf.lock b/buf.lock index c3e490630..1304ceb99 100644 --- a/buf.lock +++ b/buf.lock @@ -4,4 +4,4 @@ deps: - remote: buf.build owner: googleapis repository: googleapis - commit: cc916c31859748a68fd229a3c8d7a2e8 + commit: 28151c0d0a1641bf938a7672c500e01d diff --git a/config/crd/bases/tinkerbell.org_hardware.yaml b/config/crd/bases/tinkerbell.org_hardware.yaml index b37412525..760138e83 100644 --- a/config/crd/bases/tinkerbell.org_hardware.yaml +++ b/config/crd/bases/tinkerbell.org_hardware.yaml @@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 name: hardware.tinkerbell.org spec: group: tinkerbell.org @@ -421,7 +420,7 @@ spec: description: NetworkInterface is the desired configuration for a particular network interface. properties: dhcp: - description: DHCP is the basic network information for serving DHCP requests. Requires when DisbaleDHCP is false. + description: DHCP is the basic network information for serving DHCP requests. Required when DisbaleDHCP is false. properties: gateway: description: Gateway is the default gateway address to serve. diff --git a/config/crd/bases/tinkerbell.org_osies.yaml b/config/crd/bases/tinkerbell.org_osies.yaml index dfd2ba236..40f22b85d 100644 --- a/config/crd/bases/tinkerbell.org_osies.yaml +++ b/config/crd/bases/tinkerbell.org_osies.yaml @@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 name: osies.tinkerbell.org spec: group: tinkerbell.org diff --git a/config/crd/bases/tinkerbell.org_templates.yaml b/config/crd/bases/tinkerbell.org_templates.yaml index 24c0d5e62..4d21fa013 100644 --- a/config/crd/bases/tinkerbell.org_templates.yaml +++ b/config/crd/bases/tinkerbell.org_templates.yaml @@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 name: templates.tinkerbell.org spec: group: tinkerbell.org @@ -74,12 +73,13 @@ spec: description: Action defines an individual action to be run on a target machine. properties: args: - description: Args are a set of arguments to be passed to the container on launch. + description: Args are a set of arguments to be passed to the command executed by the container on launch. items: type: string type: array cmd: - description: Cmd defines the command to use when launching the image. + description: Cmd defines the command to use when launching the image. It overrides the default command of the action. It must be a unix path to an executable program. + pattern: ^(/[^/ ]*)+/?$ type: string env: additionalProperties: @@ -92,9 +92,16 @@ spec: name: description: Name is a name for the action. type: string - networkNamespace: - description: NetworkNamespace defines the network namespace to run the container in. This enables access to the host network namespace. See https://man7.org/linux/man-pages/man7/namespaces.7.html. - type: string + namespaces: + description: Namespace defines the Linux namespaces this container should execute in. + properties: + network: + description: Network defines the network namespace. + type: string + pid: + description: PID defines the PID namespace + type: integer + type: object volumes: description: Volumes defines the volumes to mount into the container. items: diff --git a/config/crd/bases/tinkerbell.org_workflows.yaml b/config/crd/bases/tinkerbell.org_workflows.yaml index 1a7f5d7e3..abe5e82af 100644 --- a/config/crd/bases/tinkerbell.org_workflows.yaml +++ b/config/crd/bases/tinkerbell.org_workflows.yaml @@ -2,8 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.11.4 name: workflows.tinkerbell.org spec: group: tinkerbell.org @@ -209,12 +208,13 @@ spec: description: Rendered is the rendered action. properties: args: - description: Args are a set of arguments to be passed to the container on launch. + description: Args are a set of arguments to be passed to the command executed by the container on launch. items: type: string type: array cmd: - description: Cmd defines the command to use when launching the image. + description: Cmd defines the command to use when launching the image. It overrides the default command of the action. It must be a unix path to an executable program. + pattern: ^(/[^/ ]*)+/?$ type: string env: additionalProperties: @@ -227,9 +227,16 @@ spec: name: description: Name is a name for the action. type: string - networkNamespace: - description: NetworkNamespace defines the network namespace to run the container in. This enables access to the host network namespace. See https://man7.org/linux/man-pages/man7/namespaces.7.html. - type: string + namespaces: + description: Namespace defines the Linux namespaces this container should execute in. + properties: + network: + description: Network defines the network namespace. + type: string + pid: + description: PID defines the PID namespace + type: integer + type: object volumes: description: Volumes defines the volumes to mount into the container. items: diff --git a/config/server-rbac/role.yaml b/config/server-rbac/role.yaml index 623786121..1a228bd4c 100644 --- a/config/server-rbac/role.yaml +++ b/config/server-rbac/role.yaml @@ -1,7 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: server-role rules: - apiGroups: