Admin Domain

The Admin domain manages the foundational infrastructure of the Control Plane — environments, zones, and remote organizations. These resources define where applications are deployed and how different cloud environments are connected.

This domain is typically managed by platform administrators, not application teams.

Custom Resources

Environment

Environment is the Schema for the environments API

Group: admin.cp.ei.telekom.de · Version: v1 · Scope: Namespaced

EnvironmentSpec

Appears in: Environment

EnvironmentSpec defines the desired state of Environment

Field	Type	Default	Validation
`foo`	string	—	Optional

EnvironmentStatus

Appears in: Environment

EnvironmentStatus defines the observed state of Environment

Field	Type	Default	Validation
`conditions`	Condition[]	—	Optional

Condition

Appears in: EnvironmentStatus, RemoteOrganizationStatus, ZoneStatus

Field	Type	Default	Validation
`lastTransitionTime`	string	—	Required, Format: date-time
`message`	string	—	Required, maxLength: 32768
`observedGeneration`	integer	—	Optional, Format: int64, minimum: 0
`reason`	string	—	Required, minLength: 1, maxLength: 1024, pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
`status`	string	—	Required, Enum: True \\| False \\| Unknown
`type`	string	—	Required, maxLength: 316, pattern: ^([a-z0-9]([-a-z0-9][a-z0-9])?(\.[a-z0-9]([-a-z0-9][a-z0-9])?)/)?(([A-Za-z0-9][-A-Za-z0-9_.])?[A-Za-z0-9])$

RemoteOrganization

RemoteOrganization is the Schema for the remoteorganizations API

Group: admin.cp.ei.telekom.de · Version: v1 · Scope: Namespaced

RemoteOrganizationSpec

Appears in: RemoteOrganization

RemoteOrganizationSpec defines the desired state of RemoteOrganization

Field	Type	Default	Validation
`clientId`	string	—	Required
`clientSecret`	string	—	Required
`id`	string	—	Required
`issuerUrl`	string	—	Required
`url`	string	—	Required
`zone`	ObjectRef	—	Required

ObjectRef

Appears in: RemoteOrganizationSpec, ZoneStatus

ObjectRef is a reference to a Kubernetes object It is similar to types.NamespacedName but has the required json tags for serialization

Field	Type	Default	Validation
`name`	string	—	Required
`namespace`	string	—	Required
`uid`	string	—	Optional

RemoteOrganizationStatus

Appears in: RemoteOrganization

RemoteOrganizationStatus defines the observed state of RemoteOrganization

Field	Type	Default	Validation
`conditions`	Condition[]	—	Optional
`namespace`	string	—	Required

Zone

Zone is the Schema for the zones API Group is the Schema for the groups API.

Group: admin.cp.ei.telekom.de · Version: v1 · Scope: Namespaced

ZoneSpec

Appears in: Zone

ZoneSpec defines the desired state of Zone

Field	Type	Default	Validation
`gateway`	Gateway	—	Required
`identityProvider`	IdentityProvider	—	Required
`redis`	Redis	—	Required
`teamApis`	TeamApis	—	Optional
`visibility`	string	—	Required, Enum: World \\| Enterprise

Gateway

Appears in: ZoneSpec

Field	Type	Default	Validation
`admin`	Admin	—	Required
`circuitBreaker`	boolean	—	Required
`url`	string	—	Required

Admin

Appears in: Gateway

Field	Type	Default	Validation
`clientSecret`	string	—	Required
`url`	string	—	Optional

IdentityProvider

Appears in: ZoneSpec

Field	Type	Default	Validation
`admin`	ZoneAdmin	—	Required
`url`	string	—	Required

ZoneAdmin

Appears in: IdentityProvider

Field	Type	Default	Validation
`clientId`	string	—	Required
`password`	string	—	Required
`url`	string	—	Optional
`userName`	string	—	Required

Redis

Appears in: ZoneSpec

Field	Type	Default	Validation
`enableTLS`	boolean	—	Required
`host`	string	—	Required
`password`	string	—	Required
`port`	integer	—	Required

TeamApis

Appears in: ZoneSpec

Field	Type	Default	Validation
`apis`	Api[]	—	Required

Api

Appears in: TeamApis

Field	Type	Default	Validation
`name`	string	—	Required, pattern: ^[a-z0-9]+(-?[a-z0-9]+)*$
`path`	string	—	Required, pattern: ^/.*$
`url`	string	—	Required, Format: uri

ZoneStatus

Appears in: Zone

ZoneStatus defines the observed state of Zone

Field	Type	Default	Validation
`conditions`	Condition[]	—	Optional
`gateway`	ObjectRef	—	Optional
`gatewayClient`	ObjectRef	—	Optional
`gatewayConsumer`	ObjectRef	—	Optional
`gatewayRealm`	ObjectRef	—	Optional
`identityProvider`	ObjectRef	—	Optional
`identityRealm`	ObjectRef	—	Optional
`links`	Links	—	Optional
`namespace`	string	—	Optional
`teamApiGatewayRealm`	ObjectRef	—	Optional
`teamApiIdentityRealm`	ObjectRef	—	Optional
`teamApiRoutes`	ObjectRef[]	—	Optional

Links

Appears in: ZoneStatus

Field	Type	Default	Validation
`gatewayIssuer`	string	—	Required, Format: uri
`gatewayLmsIssuer`	string	—	Optional, Format: uri
`gatewayUrl`	string	—	Required, Format: uri
`teamApiIssuer`	string	—	Optional, Format: uri

Domain Interactions

Gateway domain — Zones define which gateway instance is used. The Gateway operator reads the zone's gateway configuration when provisioning routes.
Identity domain — Zones define which identity provider is used. The Identity operator reads the zone's IDP configuration when provisioning clients and realms.
Organization domain — Teams are created within environments. Zones determine where team resources are provisioned.
Event domain — EventConfig resources reference zones for event routing and meshing.

Custom Resources​

Environment​

EnvironmentSpec​

EnvironmentStatus​

Condition​

RemoteOrganization​

RemoteOrganizationSpec​

ObjectRef​

RemoteOrganizationStatus​

Zone​

ZoneSpec​

Gateway​

Admin​

IdentityProvider​

ZoneAdmin​

Redis​

TeamApis​

Api​

ZoneStatus​

Links​

Domain Interactions​

Related Pages​

Custom Resources

Environment

EnvironmentSpec

EnvironmentStatus

Condition

RemoteOrganization

RemoteOrganizationSpec

ObjectRef

RemoteOrganizationStatus

Zone

ZoneSpec

Gateway

Admin

IdentityProvider

ZoneAdmin

Redis

TeamApis

Api

ZoneStatus

Links

Domain Interactions

Related Pages