Skip to content

APIServiceBinding

APIServiceBinding CRD schema reference (group kube-bind.io)

APIServiceBinding binds an API service represented by a APIServiceExport in a service provider cluster into a consumer cluster. This object lives in the consumer cluster.
Full name:
apiservicebindings.kube-bind.io
Group:
kube-bind.io
Singular name:
apiservicebinding
Plural name:
apiservicebindings
Scope:
Cluster
Versions:
v1alpha1v1alpha2

Version v1alpha1

Properties

.apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

.kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

.metadata

object

.spec

object

spec specifies how an API service from a service provider should be bound in the local consumer cluster.

.spec.kubeconfigSecretRef

object Required

kubeconfigSecretName is the secret ref that contains the kubeconfig of the service cluster.

.spec.kubeconfigSecretRef.key

string Required

The key of the secret to select from. Must be “kubeconfig”.

.spec.kubeconfigSecretRef.name

string Required

Name of the referent.

.spec.kubeconfigSecretRef.namespace

string Required

Namespace of the referent.

.status

object

status contains reconciliation information for a service binding.

.status.conditions

array

conditions is a list of conditions that apply to the APIServiceBinding.

.status.conditions[*]

object

Condition defines an observation of a object operational state.

.status.conditions[*].lastTransitionTime

string Required

Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

.status.conditions[*].message

string

A human readable message indicating details about the transition. This field may be empty.

.status.conditions[*].reason

string

The reason for the condition’s last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.

.status.conditions[*].severity

string

Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.

.status.conditions[*].status

string Required

Status of the condition, one of True, False, Unknown.

.status.conditions[*].type

string Required

Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.

.status.providerPrettyName

string

providerPrettyName is the pretty name of the service provider cluster. This can be shared among different APIServiceBindings.

Version v1alpha2

Properties

.apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

.kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

.metadata

object

.spec

object

spec specifies how an API service from a service provider should be bound in the local consumer cluster.

.spec.kubeconfigSecretRef

object Required

kubeconfigSecretName is the secret ref that contains the kubeconfig of the service cluster.

.spec.kubeconfigSecretRef.key

string Required

The key of the secret to select from. Must be “kubeconfig”.

.spec.kubeconfigSecretRef.name

string Required

Name of the referent.

.spec.kubeconfigSecretRef.namespace

string Required

Namespace of the referent.

.status

object

status contains reconciliation information for a service binding.

.status.boundSchemas

array

BoundSchemas contains references to all BoundAPIResourceSchema objects associated with this APIServiceBinding, tracking consumer usage status.

.status.boundSchemas[*]

object

BoundSchemaReference contains a reference to a BoundAPIResourceSchema with status information.

.status.boundSchemas[*].group

string

group is the name of an API group. For core groups this is the empty string ‘“”’.

.status.boundSchemas[*].resource

string Required

resource is the name of the resource. Note: it is worth noting that you can not ask for permissions for resource provided by a CRD not provided by an service binding export.

.status.conditions

array

conditions is a list of conditions that apply to the APIServiceBinding.

.status.conditions[*]

object

Condition defines an observation of a object operational state.

.status.conditions[*].lastTransitionTime

string Required

Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

.status.conditions[*].message

string

A human readable message indicating details about the transition. This field may be empty.

.status.conditions[*].reason

string

The reason for the condition’s last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.

.status.conditions[*].severity

string

Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.

.status.conditions[*].status

string Required

Status of the condition, one of True, False, Unknown.

.status.conditions[*].type

string Required

Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.

.status.permissionClaims

array

PermissionClaims records decisions about permission claims requested by the service provider. Access is granted per GroupResource.

.status.permissionClaims[*]

object

PermissionClaim selects objects of a GVR that a service provider may request and that a consumer may accept and allow the service provider access to.

.status.permissionClaims[*].group

string

group is the name of an API group. For core groups this is the empty string ‘“”’.

.status.permissionClaims[*].resource

string Required

resource is the name of the resource. Note: it is worth noting that you can not ask for permissions for resource provided by a CRD not provided by an service binding export.

.status.permissionClaims[*].selector

object Required

Selector is a resource selector that selects objects of a GVR.

.status.permissionClaims[*].selector.labelSelector

object

LabelSelector is a label selector that selects objects of a GVR.

.status.permissionClaims[*].selector.labelSelector.matchExpressions

array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

.status.permissionClaims[*].selector.labelSelector.matchExpressions[*]

object

A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.

.status.permissionClaims[*].selector.labelSelector.matchExpressions[*].key

string Required

key is the label key that the selector applies to.

.status.permissionClaims[*].selector.labelSelector.matchExpressions[*].operator

string Required

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

.status.permissionClaims[*].selector.labelSelector.matchExpressions[*].values

array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

.status.permissionClaims[*].selector.labelSelector.matchExpressions[*].values[*]

string

.status.permissionClaims[*].selector.labelSelector.matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is “key”, the operator is “In”, and the values array contains only “value”. The requirements are ANDed.

.status.permissionClaims[*].selector.namedResources

array

NamedResource is a shorthand for selecting a single resource by name and namespace.

.status.permissionClaims[*].selector.namedResources[*]

object

NamedResource selects a specific resource by name and namespace.

.status.permissionClaims[*].selector.namedResources[*].name

string Required

Name is the name of the resource. Name matches the metadata.name field of the underlying object.

.status.permissionClaims[*].selector.namedResources[*].namespace

string

Namespace represents namespace where an object of the given group/resource may be managed. Namespaces matches against the metadata.namespace field. If not provided, the object is assumed to be cluster-scoped. Namespaces field is ignored for namespaced isolation mode.

.status.providerPrettyName

string

providerPrettyName is the pretty name of the service provider cluster. This can be shared among different APIServiceBindings.