tigera · penkeysuresh · Jan 6, 2025 · Jan 8, 2025 · Jan 8, 2025 · Jan 8, 2025
@@ -186,4 +186,12 @@ resources:
   kind: GatewayAPI
   path: github.com/tigera/operator/api/v1
   version: v1
+- api:
+    crdVersion: v1
+  controller: true
+  domain: tigera.io
+  group: operator.tigera.io
+  kind: ComplianceConfigurationSecurity
+  path: github.com/tigera/operator/api/v1
+  version: v1
 version: "3"
@@ -0,0 +1,65 @@
+// Copyright (c) 2025 Tigera, Inc. All rights reserved.
+/*
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in CCS with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	v1 "k8s.io/api/core/v1"
+)
+
+// CCSAPIDeployment is the configuration for the CCS API Deployment.
+type CCSAPIDeployment struct {
+	// Spec is the specification of the CCS API Deployment.
+	// +optional
+	Spec *CCSAPIDeploymentSpec `json:"spec,omitempty"`
+}
+
+// CCSAPIDeploymentSpec defines configuration for the CCS API Deployment.
+type CCSAPIDeploymentSpec struct {
+	// Template describes the CCS API Deployment pod that will be created.
+	// +optional
+	Template *CCSAPIDeploymentPodTemplateSpec `json:"template,omitempty"`
+}
+
+// CCSAPIDeploymentPodTemplateSpec is the CCS API Deployment's PodTemplateSpec
+type CCSAPIDeploymentPodTemplateSpec struct {
+	// Spec is the CCS API Deployment's PodSpec.
+	// +optional
+	Spec *CCSAPIDeploymentPodSpec `json:"spec,omitempty"`
+}
+
+// CCSAPIDeploymentPodSpec is the CCS API Deployment's PodSpec.
+type CCSAPIDeploymentPodSpec struct {
+	// Containers is a list of CCS API containers.
+	// If specified, this overrides the specified CCS API Deployment containers.
+	// If omitted, the CCS API Deployment will use its default values for its containers.
+	// +optional
+	Containers []CCSAPIDeploymentContainer `json:"containers,omitempty"`
+}
+
+// CCSAPIDeploymentContainer is a CCS API Deployment container.
+type CCSAPIDeploymentContainer struct {
+	// Name is an enum which identifies the CCS API Deployment container by name.
+	// Supported values are: tigera-ccs-api
+	// +kubebuilder:validation:Enum=tigera-ccs-api
+	Name string `json:"name"`
+
+	// Resources allows customization of limits and requests for compute resources such as cpu and memory.
+	// If specified, this overrides the named CCS API Deployment container's resources.
+	// If omitted, the CCS API Deployment will use its default value for this container's resources.
+	// +optional
+	Resources *v1.ResourceRequirements `json:"resources,omitempty"`
+}
@@ -0,0 +1,65 @@
+// Copyright (c) 2025 Tigera, Inc. All rights reserved.
+/*
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in CCS with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	v1 "k8s.io/api/core/v1"
+)
+
+// CCSControllerDeployment is the configuration for the CCS controller Deployment.
+type CCSControllerDeployment struct {
+	// Spec is the specification of the CCS controller Deployment.
+	// +optional
+	Spec *CCSControllerDeploymentSpec `json:"spec,omitempty"`
+}
+
+// CCSControllerDeploymentSpec defines configuration for the CCS controller Deployment.
+type CCSControllerDeploymentSpec struct {
+	// Template describes the CCS controller Deployment pod that will be created.
+	// +optional
+	Template *CCSControllerDeploymentPodTemplateSpec `json:"template,omitempty"`
+}
+
+// CCSControllerDeploymentPodTemplateSpec is the CCS controller Deployment's PodTemplateSpec
+type CCSControllerDeploymentPodTemplateSpec struct {
+	// Spec is the CCS controller Deployment's PodSpec.
+	// +optional
+	Spec *CCSControllerDeploymentPodSpec `json:"spec,omitempty"`
+}
+
+// CCSControllerDeploymentPodSpec is the CCS controller Deployment's PodSpec.
+type CCSControllerDeploymentPodSpec struct {
+	// Containers is a list of CCS controller containers.
+	// If specified, this overrides the specified CCS controller Deployment containers.
+	// If omitted, the CCS controller Deployment will use its default values for its containers.
+	// +optional
+	Containers []CCSControllerDeploymentContainer `json:"containers,omitempty"`
+}
+
+// CCSControllerDeploymentContainer is a CCS controller Deployment container.
+type CCSControllerDeploymentContainer struct {
+	// Name is an enum which identifies the CCS controller Deployment container by name.
+	// Supported values are: tigera-ccs-controller
+	// +kubebuilder:validation:Enum=tigera-ccs-controller
+	Name string `json:"name"`
+
+	// Resources allows customization of limits and requests for compute resources such as cpu and memory.
+	// If specified, this overrides the named CCS controller Deployment container's resources.
+	// If omitted, the CCS controller Deployment will use its default value for this container's resources.
+	// +optional
+	Resources *v1.ResourceRequirements `json:"resources,omitempty"`
+}
@@ -0,0 +1,72 @@
+// Copyright (c) 2025 Tigera, Inc. All rights reserved.
+/*
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// ComplianceConfigurationSecuritySpec defines the desired state of ComplianceConfigurationSecurity
+type ComplianceConfigurationSecuritySpec struct {
+	// This controls the deployment of the CCS controller.
+	CCSControllerDeployment *CCSControllerDeployment `json:"ccsControllerDeployment,omitempty"`
+
+	// This controls the deployment of the CCS API.
+	CCSAPIDeployment *CCSAPIDeployment `json:"ccsAPIDeployment,omitempty"`
+}
+
+// ComplianceConfigurationSecurityStatus defines the observed state of ComplianceConfigurationSecurity
+type ComplianceConfigurationSecurityStatus struct {
+	// State provides user-readable status.
+	State string `json:"state,omitempty"`
+
+	// Conditions represents the latest observed set of conditions for the component. A component may be one or more of
+	// Ready, Progressing, Degraded or other customer types.
+	// +optional
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:scope=Cluster
+
+// ComplianceConfigurationSecurity is the Schema for the complianceconfigurationsecurities API
+type ComplianceConfigurationSecurity struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Specification of the desired state for CCS.
+	Spec ComplianceConfigurationSecuritySpec `json:"spec,omitempty"`
+	// Most recently observed state for CCS.
+	Status ComplianceConfigurationSecurityStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// ComplianceConfigurationSecurityList contains a list of ComplianceConfigurationSecurity
+type ComplianceConfigurationSecurityList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ComplianceConfigurationSecurity `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&ComplianceConfigurationSecurity{}, &ComplianceConfigurationSecurityList{})
+}