feature: Virtual resources aggregation #3487
Description
Feature Description
Continuation of Part II of Provider resource reflection - Virtual Resources design document.
The aggregation layer allows referring to the EndpointSlice object in the APIExport VirtualResource stanza to provide data source for aggregation (where to forward certain requests in the handler chain) for workspace view.
Proposed Solution
APIExport example:
apiVersion: apis.kcp.io/v1alpha2
kind: APIExport
metadata:
name: cowboys
spec:
identity:
secretRef:
name: cowboys
namespace: kcp-system
resources:
- schema: today.cowboys.wildwest.dev
storage: crd
- schema: instances.compute.corp.io
storage: virtual
endpointSliceSelector:
kind: PublishedResourceEndpointSlice
apiVersion: apis.kcp.io/v1alpha1
path: root:foo:instances
identitySecretRef:
name: secret-name-for-identity
namespace: default
resourceSelector:
name:
namespace:
labelSelector:
matchLabels: kcp.io/published-resource-name: premium-instance-types
permissionClaims:
- all: true
group: rbac.authorization.k8s.io
resource: clusterrolebindings
- all: true
group: apiextensions.k8s.io
resource: custom resource definitions
identityHash: supersecure
status:
conditions:
- lastTransitionTime: "2025-02-09T10:38:27Z"
status: "True"
type: IdentityValid
identityHash: 20d38642fc137069154e84e7f450a622ac300542e5c3f3a4c403aad8db9ec6adAPIBinding example:
apiVersion: apis.kcp.io/v1alpha1
kind: APIBinding
metadata:
name: kube-bind.io
spec:
permissionClaims:
- all: true
group: rbac.authorization.k8s.io
resource: clusterrolebindings
state: Accepted
- all: true
group: apiextensions.k8s.io
resource: customresourcedefinitions
state: Accepted
identityHash: supersecurehash
- all: true
group: instances.corp.com
resource: instances
state: Accepted
identityHash: supersecurehash
reference:
export:
name: kube-bind.io
path: root:kube-bindAlternative Solutions
No response
Want to contribute?
- I would like to work on this issue.
Additional Context
No response
Metadata
Metadata
Assignees
Type
Projects
Status