ClusterOverridePolicy v1alpha1

apiVersion: policy.karmada.io/v1alpha1

import "github.com/karmada-io/karmada/pkg/apis/policy/v1alpha1"

ClusterOverridePolicy

ClusterOverridePolicy represents the cluster-wide policy that overrides a group of resources to one or more clusters.


  • apiVersion: policy.karmada.io/v1alpha1

  • kind: ClusterOverridePolicy

  • metadata (ObjectMeta)

  • spec (OverrideSpec), required

    Spec represents the desired behavior of ClusterOverridePolicy.

    OverrideSpec defines the desired behavior of OverridePolicy.

    • spec.overrideRules ([]RuleWithCluster)

      OverrideRules defines a collection of override rules on target clusters.

      RuleWithCluster defines the override rules on clusters.

      • spec.overrideRules.overriders (Overriders), required

        Overriders represents the override rules that would apply on resources

        *Overriders offers various alternatives to represent the override rules.

        If more than one alternative exists, they will be applied with following order: - ImageOverrider - CommandOverrider - ArgsOverrider - LabelsOverrider - AnnotationsOverrider - FieldOverrider - Plaintext*

        • spec.overrideRules.overriders.annotationsOverrider ([]LabelAnnotationOverrider)

          AnnotationsOverrider represents the rules dedicated to handling workload annotations

          LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations

          • spec.overrideRules.overriders.annotationsOverrider.operator (string), required

            Operator represents the operator which will apply on the workload.

          • spec.overrideRules.overriders.annotationsOverrider.value (map[string]string), required

            Value to be applied to annotations/labels of workload. Items in Value which will be appended after annotations/labels when Operator is ‘add’. Items in Value which match in annotations/labels will be deleted when Operator is ‘remove’. Items in Value which match in annotations/labels will be replaced when Operator is ‘replace’.

        • spec.overrideRules.overriders.argsOverrider ([]CommandArgsOverrider)

          ArgsOverrider represents the rules dedicated to handling container args

          CommandArgsOverrider represents the rules dedicated to handling command/args overrides.

          • spec.overrideRules.overriders.argsOverrider.containerName (string), required

            The name of container

          • spec.overrideRules.overriders.argsOverrider.operator (string), required

            Operator represents the operator which will apply on the command/args.

          • spec.overrideRules.overriders.argsOverrider.value ([]string)

            Value to be applied to command/args. Items in Value which will be appended after command/args when Operator is ‘add’. Items in Value which match in command/args will be deleted when Operator is ‘remove’. If Value is empty, then the command/args will remain the same.

        • spec.overrideRules.overriders.commandOverrider ([]CommandArgsOverrider)

          CommandOverrider represents the rules dedicated to handling container command

          CommandArgsOverrider represents the rules dedicated to handling command/args overrides.

          • spec.overrideRules.overriders.commandOverrider.containerName (string), required

            The name of container

          • spec.overrideRules.overriders.commandOverrider.operator (string), required

            Operator represents the operator which will apply on the command/args.

          • spec.overrideRules.overriders.commandOverrider.value ([]string)

            Value to be applied to command/args. Items in Value which will be appended after command/args when Operator is ‘add’. Items in Value which match in command/args will be deleted when Operator is ‘remove’. If Value is empty, then the command/args will remain the same.

        • spec.overrideRules.overriders.fieldOverrider ([]FieldOverrider)

          FieldOverrider represents the rules dedicated to modifying a specific field in any Kubernetes resource. This allows changing a single field within the resource with multiple operations. It is designed to handle structured field values such as those found in ConfigMaps or Secrets. The current implementation supports JSON and YAML formats, but can easily be extended to support XML in the future.

          FieldOverrider represents the rules dedicated to modifying a specific field in any Kubernetes resource. This allows changing a single field within the resource with multiple operations. It is designed to handle structured field values such as those found in ConfigMaps or Secrets. The current implementation supports JSON and YAML formats, but can easily be extended to support XML in the future. Note: In any given instance, FieldOverrider processes either JSON or YAML fields, but not both simultaneously.

          • spec.overrideRules.overriders.fieldOverrider.fieldPath (string), required

            FieldPath specifies the initial location in the instance document where the operation should take place. The path uses RFC 6901 for navigating into nested structures. For example, the path “/data/db-config.yaml” specifies the configuration data key named “db-config.yaml” in a ConfigMap: “/data/db-config.yaml”.

          • spec.overrideRules.overriders.fieldOverrider.json ([]JSONPatchOperation)

            JSON represents the operations performed on the JSON document specified by the FieldPath.

            JSONPatchOperation represents a single field modification operation for JSON format.

            • spec.overrideRules.overriders.fieldOverrider.json.operator (string), required

              Operator indicates the operation on target field. Available operators are: “add”, “remove”, and “replace”.

            • spec.overrideRules.overriders.fieldOverrider.json.subPath (string), required

              SubPath specifies the relative location within the initial FieldPath where the operation should take place. The path uses RFC 6901 for navigating into nested structures.

            • spec.overrideRules.overriders.fieldOverrider.json.value (JSON)

              Value is the new value to set for the specified field if the operation is “add” or “replace”. For “remove” operation, this field is ignored.

              JSON represents any valid JSON value. These types are supported: bool, int64, float64, string, []interface[], map[string]interface[] and nil.

          • spec.overrideRules.overriders.fieldOverrider.yaml ([]YAMLPatchOperation)

            YAML represents the operations performed on the YAML document specified by the FieldPath.

            YAMLPatchOperation represents a single field modification operation for YAML format.

            • spec.overrideRules.overriders.fieldOverrider.yaml.operator (string), required

              Operator indicates the operation on target field. Available operators are: “add”, “remove”, and “replace”.

            • spec.overrideRules.overriders.fieldOverrider.yaml.subPath (string), required

              SubPath specifies the relative location within the initial FieldPath where the operation should take place. The path uses RFC 6901 for navigating into nested structures.

            • spec.overrideRules.overriders.fieldOverrider.yaml.value (JSON)

              Value is the new value to set for the specified field if the operation is “add” or “replace”. For “remove” operation, this field is ignored.

              JSON represents any valid JSON value. These types are supported: bool, int64, float64, string, []interface[], map[string]interface[] and nil.

        • spec.overrideRules.overriders.imageOverrider ([]ImageOverrider)

          ImageOverrider represents the rules dedicated to handling image overrides.

          ImageOverrider represents the rules dedicated to handling image overrides.

          • spec.overrideRules.overriders.imageOverrider.component (string), required

            Component is part of image name. Basically we presume an image can be made of ‘[registry/]repository[:tag]‘. The registry could be: - registry.k8s.io - fictional.registry.example:10443 The repository could be: - kube-apiserver - fictional/nginx The tag cloud be: - latest - v1.19.1 - @sha256:dbcc1c35ac38df41fd2f5e4130b32ffdb93ebae8b3dbe638c23575912276fc9c

          • spec.overrideRules.overriders.imageOverrider.operator (string), required

            Operator represents the operator which will apply on the image.

          • spec.overrideRules.overriders.imageOverrider.predicate (ImagePredicate)

            Predicate filters images before applying the rule.

            Defaults to nil, in that case, the system will automatically detect image fields if the resource type is Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:

            • Pod: /spec/containers/<N>/image
            • ReplicaSet: /spec/template/spec/containers/<N>/image
            • Deployment: /spec/template/spec/containers/<N>/image
            • DaemonSet: /spec/template/spec/containers/<N>/image
            • StatefulSet: /spec/template/spec/containers/<N>/image
            • Job: /spec/template/spec/containers/<N>/image In addition, all images will be processed if the resource object has more than one container.

            If not nil, only images matches the filters will be processed.

            ImagePredicate describes images filter.

            • spec.overrideRules.overriders.imageOverrider.predicate.path (string), required

              Path indicates the path of target field

          • spec.overrideRules.overriders.imageOverrider.value (string)

            Value to be applied to image. Must not be empty when operator is ‘add’ or ‘replace’. Defaults to empty and ignored when operator is ‘remove’.

        • spec.overrideRules.overriders.labelsOverrider ([]LabelAnnotationOverrider)

          LabelsOverrider represents the rules dedicated to handling workload labels

          LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations

          • spec.overrideRules.overriders.labelsOverrider.operator (string), required

            Operator represents the operator which will apply on the workload.

          • spec.overrideRules.overriders.labelsOverrider.value (map[string]string), required

            Value to be applied to annotations/labels of workload. Items in Value which will be appended after annotations/labels when Operator is ‘add’. Items in Value which match in annotations/labels will be deleted when Operator is ‘remove’. Items in Value which match in annotations/labels will be replaced when Operator is ‘replace’.

        • spec.overrideRules.overriders.plaintext ([]PlaintextOverrider)

          Plaintext represents override rules defined with plaintext overriders.

          PlaintextOverrider is a simple overrider that overrides target fields according to path, operator and value.

          • spec.overrideRules.overriders.plaintext.operator (string), required

            Operator indicates the operation on target field. Available operators are: add, replace and remove.

          • spec.overrideRules.overriders.plaintext.path (string), required

            Path indicates the path of target field

          • spec.overrideRules.overriders.plaintext.value (JSON)

            Value to be applied to target field. Must be empty when operator is Remove.

            JSON represents any valid JSON value. These types are supported: bool, int64, float64, string, []interface[], map[string]interface[] and nil.

      • spec.overrideRules.targetCluster (ClusterAffinity)

        TargetCluster defines restrictions on this override policy that only applies to resources propagated to the matching clusters. nil means matching all clusters.

        ClusterAffinity represents the filter to select clusters.

        • spec.overrideRules.targetCluster.clusterNames ([]string)

          ClusterNames is the list of clusters to be selected.

        • spec.overrideRules.targetCluster.exclude ([]string)

          ExcludedClusters is the list of clusters to be ignored.

        • spec.overrideRules.targetCluster.fieldSelector (FieldSelector)

          FieldSelector is a filter to select member clusters by fields. The key(field) of the match expression should be ‘provider’, ‘region’, or ‘zone’, and the operator of the match expression should be ‘In’ or ‘NotIn’. If non-nil and non-empty, only the clusters match this filter will be selected.

          FieldSelector is a field filter.

          • spec.overrideRules.targetCluster.fieldSelector.matchExpressions ([][NodeSelectorRequirement](../common-definitions/node-selector-requirement#nodeselectorrequirement))

            A list of field selector requirements.

        • spec.overrideRules.targetCluster.labelSelector (LabelSelector)

          LabelSelector is a filter to select member clusters by labels. If non-nil and non-empty, only the clusters match this filter will be selected.

    • spec.overriders (Overriders)

      Overriders represents the override rules that would apply on resources

      Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead.

      *Overriders offers various alternatives to represent the override rules.

      If more than one alternative exists, they will be applied with following order: - ImageOverrider - CommandOverrider - ArgsOverrider - LabelsOverrider - AnnotationsOverrider - FieldOverrider - Plaintext*

      • spec.overriders.annotationsOverrider ([]LabelAnnotationOverrider)

        AnnotationsOverrider represents the rules dedicated to handling workload annotations

        LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations

        • spec.overriders.annotationsOverrider.operator (string), required

          Operator represents the operator which will apply on the workload.

        • spec.overriders.annotationsOverrider.value (map[string]string), required

          Value to be applied to annotations/labels of workload. Items in Value which will be appended after annotations/labels when Operator is ‘add’. Items in Value which match in annotations/labels will be deleted when Operator is ‘remove’. Items in Value which match in annotations/labels will be replaced when Operator is ‘replace’.

      • spec.overriders.argsOverrider ([]CommandArgsOverrider)

        ArgsOverrider represents the rules dedicated to handling container args

        CommandArgsOverrider represents the rules dedicated to handling command/args overrides.

        • spec.overriders.argsOverrider.containerName (string), required

          The name of container

        • spec.overriders.argsOverrider.operator (string), required

          Operator represents the operator which will apply on the command/args.

        • spec.overriders.argsOverrider.value ([]string)

          Value to be applied to command/args. Items in Value which will be appended after command/args when Operator is ‘add’. Items in Value which match in command/args will be deleted when Operator is ‘remove’. If Value is empty, then the command/args will remain the same.

      • spec.overriders.commandOverrider ([]CommandArgsOverrider)

        CommandOverrider represents the rules dedicated to handling container command

        CommandArgsOverrider represents the rules dedicated to handling command/args overrides.

        • spec.overriders.commandOverrider.containerName (string), required

          The name of container

        • spec.overriders.commandOverrider.operator (string), required

          Operator represents the operator which will apply on the command/args.

        • spec.overriders.commandOverrider.value ([]string)

          Value to be applied to command/args. Items in Value which will be appended after command/args when Operator is ‘add’. Items in Value which match in command/args will be deleted when Operator is ‘remove’. If Value is empty, then the command/args will remain the same.

      • spec.overriders.fieldOverrider ([]FieldOverrider)

        FieldOverrider represents the rules dedicated to modifying a specific field in any Kubernetes resource. This allows changing a single field within the resource with multiple operations. It is designed to handle structured field values such as those found in ConfigMaps or Secrets. The current implementation supports JSON and YAML formats, but can easily be extended to support XML in the future.

        FieldOverrider represents the rules dedicated to modifying a specific field in any Kubernetes resource. This allows changing a single field within the resource with multiple operations. It is designed to handle structured field values such as those found in ConfigMaps or Secrets. The current implementation supports JSON and YAML formats, but can easily be extended to support XML in the future. Note: In any given instance, FieldOverrider processes either JSON or YAML fields, but not both simultaneously.

        • spec.overriders.fieldOverrider.fieldPath (string), required

          FieldPath specifies the initial location in the instance document where the operation should take place. The path uses RFC 6901 for navigating into nested structures. For example, the path “/data/db-config.yaml” specifies the configuration data key named “db-config.yaml” in a ConfigMap: “/data/db-config.yaml”.

        • spec.overriders.fieldOverrider.json ([]JSONPatchOperation)

          JSON represents the operations performed on the JSON document specified by the FieldPath.

          JSONPatchOperation represents a single field modification operation for JSON format.

          • spec.overriders.fieldOverrider.json.operator (string), required

            Operator indicates the operation on target field. Available operators are: “add”, “remove”, and “replace”.

          • spec.overriders.fieldOverrider.json.subPath (string), required

            SubPath specifies the relative location within the initial FieldPath where the operation should take place. The path uses RFC 6901 for navigating into nested structures.

          • spec.overriders.fieldOverrider.json.value (JSON)

            Value is the new value to set for the specified field if the operation is “add” or “replace”. For “remove” operation, this field is ignored.

            JSON represents any valid JSON value. These types are supported: bool, int64, float64, string, []interface[], map[string]interface[] and nil.

        • spec.overriders.fieldOverrider.yaml ([]YAMLPatchOperation)

          YAML represents the operations performed on the YAML document specified by the FieldPath.

          YAMLPatchOperation represents a single field modification operation for YAML format.

          • spec.overriders.fieldOverrider.yaml.operator (string), required

            Operator indicates the operation on target field. Available operators are: “add”, “remove”, and “replace”.

          • spec.overriders.fieldOverrider.yaml.subPath (string), required

            SubPath specifies the relative location within the initial FieldPath where the operation should take place. The path uses RFC 6901 for navigating into nested structures.

          • spec.overriders.fieldOverrider.yaml.value (JSON)

            Value is the new value to set for the specified field if the operation is “add” or “replace”. For “remove” operation, this field is ignored.

            JSON represents any valid JSON value. These types are supported: bool, int64, float64, string, []interface[], map[string]interface[] and nil.

      • spec.overriders.imageOverrider ([]ImageOverrider)

        ImageOverrider represents the rules dedicated to handling image overrides.

        ImageOverrider represents the rules dedicated to handling image overrides.

        • spec.overriders.imageOverrider.component (string), required

          Component is part of image name. Basically we presume an image can be made of ‘[registry/]repository[:tag]‘. The registry could be: - registry.k8s.io - fictional.registry.example:10443 The repository could be: - kube-apiserver - fictional/nginx The tag cloud be: - latest - v1.19.1 - @sha256:dbcc1c35ac38df41fd2f5e4130b32ffdb93ebae8b3dbe638c23575912276fc9c

        • spec.overriders.imageOverrider.operator (string), required

          Operator represents the operator which will apply on the image.

        • spec.overriders.imageOverrider.predicate (ImagePredicate)

          Predicate filters images before applying the rule.

          Defaults to nil, in that case, the system will automatically detect image fields if the resource type is Pod, ReplicaSet, Deployment, StatefulSet, DaemonSet or Job by following rule:

          • Pod: /spec/containers/<N>/image
          • ReplicaSet: /spec/template/spec/containers/<N>/image
          • Deployment: /spec/template/spec/containers/<N>/image
          • DaemonSet: /spec/template/spec/containers/<N>/image
          • StatefulSet: /spec/template/spec/containers/<N>/image
          • Job: /spec/template/spec/containers/<N>/image In addition, all images will be processed if the resource object has more than one container.

          If not nil, only images matches the filters will be processed.

          ImagePredicate describes images filter.

          • spec.overriders.imageOverrider.predicate.path (string), required

            Path indicates the path of target field

        • spec.overriders.imageOverrider.value (string)

          Value to be applied to image. Must not be empty when operator is ‘add’ or ‘replace’. Defaults to empty and ignored when operator is ‘remove’.

      • spec.overriders.labelsOverrider ([]LabelAnnotationOverrider)

        LabelsOverrider represents the rules dedicated to handling workload labels

        LabelAnnotationOverrider represents the rules dedicated to handling workload labels/annotations

        • spec.overriders.labelsOverrider.operator (string), required

          Operator represents the operator which will apply on the workload.

        • spec.overriders.labelsOverrider.value (map[string]string), required

          Value to be applied to annotations/labels of workload. Items in Value which will be appended after annotations/labels when Operator is ‘add’. Items in Value which match in annotations/labels will be deleted when Operator is ‘remove’. Items in Value which match in annotations/labels will be replaced when Operator is ‘replace’.

      • spec.overriders.plaintext ([]PlaintextOverrider)

        Plaintext represents override rules defined with plaintext overriders.

        PlaintextOverrider is a simple overrider that overrides target fields according to path, operator and value.

        • spec.overriders.plaintext.operator (string), required

          Operator indicates the operation on target field. Available operators are: add, replace and remove.

        • spec.overriders.plaintext.path (string), required

          Path indicates the path of target field

        • spec.overriders.plaintext.value (JSON)

          Value to be applied to target field. Must be empty when operator is Remove.

          JSON represents any valid JSON value. These types are supported: bool, int64, float64, string, []interface[], map[string]interface[] and nil.

    • spec.resourceSelectors ([]ResourceSelector)

      ResourceSelectors restricts resource types that this override policy applies to. nil means matching all resources.

      ResourceSelector the resources will be selected.

      • spec.resourceSelectors.apiVersion (string), required

        APIVersion represents the API version of the target resources.

      • spec.resourceSelectors.kind (string), required

        Kind represents the Kind of the target resources.

      • spec.resourceSelectors.labelSelector (LabelSelector)

        A label query over a set of resources. If name is not empty, labelSelector will be ignored.

      • spec.resourceSelectors.name (string)

        Name of the target resource. Default is empty, which means selecting all resources.

      • spec.resourceSelectors.namespace (string)

        Namespace of the target resource. Default is empty, which means inherit from the parent object scope.

    • spec.targetCluster (ClusterAffinity)

      TargetCluster defines restrictions on this override policy that only applies to resources propagated to the matching clusters. nil means matching all clusters.

      Deprecated: This filed is deprecated in v1.0 and please use the OverrideRules instead.

      ClusterAffinity represents the filter to select clusters.

      • spec.targetCluster.clusterNames ([]string)

        ClusterNames is the list of clusters to be selected.

      • spec.targetCluster.exclude ([]string)

        ExcludedClusters is the list of clusters to be ignored.

      • spec.targetCluster.fieldSelector (FieldSelector)

        FieldSelector is a filter to select member clusters by fields. The key(field) of the match expression should be ‘provider’, ‘region’, or ‘zone’, and the operator of the match expression should be ‘In’ or ‘NotIn’. If non-nil and non-empty, only the clusters match this filter will be selected.

        FieldSelector is a field filter.

        • spec.targetCluster.fieldSelector.matchExpressions ([][NodeSelectorRequirement](../common-definitions/node-selector-requirement#nodeselectorrequirement))

          A list of field selector requirements.

      • spec.targetCluster.labelSelector (LabelSelector)

        LabelSelector is a filter to select member clusters by labels. If non-nil and non-empty, only the clusters match this filter will be selected.

ClusterOverridePolicyList

ClusterOverridePolicyList is a collection of ClusterOverridePolicy.


  • apiVersion: policy.karmada.io/v1alpha1

  • kind: ClusterOverridePolicyList

  • metadata (ListMeta)

  • items ([][ClusterOverridePolicy](../policy-resources/cluster-override-policy-v1alpha1#clusteroverridepolicy)), required

    Items holds a list of ClusterOverridePolicy.

Operations


get read the specified ClusterOverridePolicy

HTTP Request

GET /apis/policy.karmada.io/v1alpha1/clusteroverridepolicies/{name}

Parameters

  • name (in path): string, required

    name of the ClusterOverridePolicy

  • pretty (in query): string

    pretty

Response

200 (ClusterOverridePolicy): OK

get read status of the specified ClusterOverridePolicy

HTTP Request

GET /apis/policy.karmada.io/v1alpha1/clusteroverridepolicies/{name}/status

Parameters

  • name (in path): string, required

    name of the ClusterOverridePolicy

  • pretty (in query): string

    pretty

Response

200 (ClusterOverridePolicy): OK

list list or watch objects of kind ClusterOverridePolicy

HTTP Request

GET /apis/policy.karmada.io/v1alpha1/clusteroverridepolicies

Parameters

Response

200 (ClusterOverridePolicyList): OK

create create a ClusterOverridePolicy

HTTP Request

POST /apis/policy.karmada.io/v1alpha1/clusteroverridepolicies

Parameters

Response

200 (ClusterOverridePolicy): OK

201 (ClusterOverridePolicy): Created

202 (ClusterOverridePolicy): Accepted

update replace the specified ClusterOverridePolicy

HTTP Request

PUT /apis/policy.karmada.io/v1alpha1/clusteroverridepolicies/{name}

Parameters

Response

200 (ClusterOverridePolicy): OK

201 (ClusterOverridePolicy): Created

update replace status of the specified ClusterOverridePolicy

HTTP Request

PUT /apis/policy.karmada.io/v1alpha1/clusteroverridepolicies/{name}/status

Parameters

Response

200 (ClusterOverridePolicy): OK

201 (ClusterOverridePolicy): Created

patch partially update the specified ClusterOverridePolicy

HTTP Request

PATCH /apis/policy.karmada.io/v1alpha1/clusteroverridepolicies/{name}

Parameters

  • name (in path): string, required

    name of the ClusterOverridePolicy

  • body: Patch, required

  • dryRun (in query): string

    dryRun

  • fieldManager (in query): string

    fieldManager

  • fieldValidation (in query): string

    fieldValidation

  • force (in query): boolean

    force

  • pretty (in query): string

    pretty

Response

200 (ClusterOverridePolicy): OK

201 (ClusterOverridePolicy): Created

patch partially update status of the specified ClusterOverridePolicy

HTTP Request

PATCH /apis/policy.karmada.io/v1alpha1/clusteroverridepolicies/{name}/status

Parameters

  • name (in path): string, required

    name of the ClusterOverridePolicy

  • body: Patch, required

  • dryRun (in query): string

    dryRun

  • fieldManager (in query): string

    fieldManager

  • fieldValidation (in query): string

    fieldValidation

  • force (in query): boolean

    force

  • pretty (in query): string

    pretty

Response

200 (ClusterOverridePolicy): OK

201 (ClusterOverridePolicy): Created

delete delete a ClusterOverridePolicy

HTTP Request

DELETE /apis/policy.karmada.io/v1alpha1/clusteroverridepolicies/{name}

Parameters

Response

200 (Status): OK

202 (Status): Accepted

deletecollection delete collection of ClusterOverridePolicy

HTTP Request

DELETE /apis/policy.karmada.io/v1alpha1/clusteroverridepolicies

Parameters

Response

200 (Status): OK