Application Domain
The Application domain provides a Kubernetes-native abstraction for managing applications within the Control Plane. An Application logically groups together all the API exposures, subscriptions, and event configurations for a single service.
Custom Resources
Application
Application is the Schema for the applications API
Group: application.cp.ei.telekom.de · Version: v1 · Scope: Namespaced
ApplicationSpec
Appears in: Application
ApplicationSpec defines the desired state of Application
| Field | Type | Default | Validation |
|---|---|---|---|
failoverZones | FailoverZone[] | — | Optional |
needsClient | boolean | true | Required |
needsConsumer | boolean | true | Required |
secret | string | — | Required, minLength: 1 |
security | Security | — | Optional |
team | string | — | Required, minLength: 1, maxLength: 64 |
teamEmail | string | — | Required, Format: email, minLength: 1, maxLength: 64 |
zone | FailoverZone | — | Required |
FailoverZone
Appears in: ApplicationSpec, ApplicationStatus
FailoverZones are the zones which can be used by the application in case of a failure in the primary zone
| Field | Type | Default | Validation |
|---|---|---|---|
name | string | — | Required |
namespace | string | — | Required |
uid | string | — | Optional |
Security
Appears in: ApplicationSpec
Security defines the security configuration for the application
| Field | Type | Default | Validation |
|---|---|---|---|
ipRestrictions | IpRestrictions | — | Optional |
IpRestrictions
Appears in: Security
| Field | Type | Default | Validation |
|---|---|---|---|
allow | string[] | — | Optional |
deny | string[] | — | Optional |
ApplicationStatus
Appears in: Application
ApplicationStatus defines the observed state of Application
| Field | Type | Default | Validation |
|---|---|---|---|
clientId | string | — | Required |
clientSecret | string | — | Required |
clients | FailoverZone[] | — | Optional |
conditions | Condition[] | — | Optional |
consumers | FailoverZone[] | — | Optional |
Condition
Appears in: ApplicationStatus
| Field | Type | Default | Validation |
|---|---|---|---|
lastTransitionTime | string | — | Required, Format: date-time |
message | string | — | Required, maxLength: 32768 |
observedGeneration | integer | — | Optional, Format: int64, minimum: 0 |
reason | string | — | Required, minLength: 1, maxLength: 1024, pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ |
status | string | — | Required, Enum: True \| False \| Unknown |
type | string | — | Required, maxLength: 316, pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ |
Provisioning
When an Application is created with needsClient: true and needsConsumer: true, the operator:
- Creates an Identity Client with the client ID
{team}--{application-name} - Creates a Gateway Consumer so the application can be identified at the API gateway
Domain Interactions
- Rover domain — Rover files create Application resources as part of the reconciliation process.
- Identity domain — The Application operator creates identity clients.
- Gateway domain — The Application operator creates gateway consumers.
- Secret Manager — Handles credential storage for application clients.