RestateCluster.pkl

/// RestateCluster describes the configuration and status of a Restate cluster.
///
/// This module was generated from the CustomResourceDefinition at <file:./crd/restateclusters.yaml>.
module dev.restate.v1.RestateCluster

extends "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/K8sResource.pkl"

import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/apimachinery/pkg/apis/meta/v1/ObjectMeta.pkl"
import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/api/core/v1/PodSpec.pkl"
import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/api/core/v1/EnvVar.pkl"
import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/api/core/v1/LocalObjectReference.pkl"
import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/api/core/v1/ResourceRequirements.pkl"
import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/api/core/v1/Toleration.pkl"
import "package://pkg.pkl-lang.org/pkl-k8s/k8s@1.0.1#/api/networking/v1/NetworkPolicy.pkl"

fixed apiVersion: "restate.dev/v1"

fixed kind: "RestateCluster"

/// Standard object's metadata.
///
/// More info: <https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata>.
metadata: ObjectMeta?

/// Represents the configuration of a Restate Cluster
spec: Spec

/// Status of the RestateCluster. This is set and managed automatically. Read-only. More info:
/// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
status: Status?

/// Represents the configuration of a Restate Cluster
class Spec {
  /// clusterName sets the RESTATE_CLUSTER_NAME environment variable. Defaults to the object name.
  clusterName: String?

  /// Cluster-wide configuration options
  cluster: Cluster?

  /// Compute configuration
  compute: Compute

  /// TOML-encoded Restate config file
  config: String?

  /// Security configuration
  security: Security?

  /// Storage configuration
  storage: Storage
}

/// Cluster-wide configuration options
class Cluster {
  /// Whether the operator should automatically provision the cluster.
  /// When enabled, the operator will call the Restate gRPC ProvisionCluster API after pods are running.
  /// Defaults to false for backwards compatibility.
  autoProvision: Boolean?
}

/// Compute configuration
class Compute {
  /// If specified, pod affinity
  affinity: PodSpec.Affinity?

  /// Arguments to the entrypoint. The container image's CMD is used if this is not provided.
  args: Listing<String>?

  /// Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is
  /// not provided.
  command: Listing<String>?

  /// Specifies the DNS parameters of the Restate pod. Parameters specified here will be merged to the
  /// generated DNS configuration based on DNSPolicy.
  dnsConfig: PodSpec.PodDNSConfig?

  /// Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet',
  /// 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the
  /// policy selected with DNSPolicy.
  dnsPolicy: String?

  /// List of environment variables to set in the container; these may override defaults
  env: Listing<EnvVar>?

  /// Container image name. More info: https://kubernetes.io/docs/concepts/containers/images.
  image: String

  /// Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is
  /// specified, or IfNotPresent otherwise. More info:
  /// https://kubernetes.io/docs/concepts/containers/images#updating-images
  imagePullPolicy: String?

  /// Optional list of references to secrets in the same namespace to use for pulling the image. More
  /// info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
  imagePullSecrets: Listing<LocalObjectReference>?

  /// If specified, a node selector for the pod
  nodeSelector: Mapping<String, String>?

  /// replicas is the desired number of Restate nodes. If unspecified, defaults to 1.
  replicas: Int?

  /// Compute Resources for the Restate container. More info:
  /// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
  resources: ResourceRequirements?

  /// If specified, the pod's tolerations.
  tolerations: Listing<Toleration>?

  /// TopologySpreadConstraints describes how a group of pods ought to spread across topology domains.
  /// Scheduler will schedule pods in a way which abides by the constraints.
  topologySpreadConstraints: Listing<PodSpec.TopologySpreadConstraint>?

  /// If specified, the pod's priority. PriorityClassName indicates the name of the PriorityClass that
  /// should be applied to the Restate pods.
  priorityClassName: String?
}

/// Security configuration
class Security {
  /// If set to true, add a rule to the allow-admin-access NetworkPolicy allowing traffic from this
  /// operator. This is needed when using RestateDeployments which rely on the operator calling the admin
  /// API to register your service. Defaults to true.
  allowOperatorAccessToAdmin: Boolean?

  /// If set, create an AWS PodIdentityAssociation using the ACK CRD in order to give the Restate pod
  /// access to this role and allow the cluster to reach the Pod Identity agent.
  awsPodIdentityAssociationRoleArn: String?

  /// If set, create an AWS SecurityGroupPolicy CRD object to place the Restate pod into these security
  /// groups
  awsPodSecurityGroups: Listing<String>?

  /// If set, the operator will not create any network policies for this cluster. Defaults to false.
  disableNetworkPolicies: Boolean?

  /// Egress rules to allow the cluster to make outbound requests; this is in addition to the default of
  /// allowing public internet access, cluster DNS access and pods labelled with
  /// `allow.restate.dev/<cluster-name>: "true"`. Providing a single empty rule will allow all outbound
  /// traffic - not recommended
  networkEgressRules: Listing<NetworkPolicy.NetworkPolicyEgressRule>?

  /// Network peers to allow inbound access to restate ports If unset, will not allow any new traffic.
  /// Set any of these to [] to allow all traffic - not recommended.
  networkPeers: NetworkPeers?

  /// If set, configure the use of a private key to sign outbound requests from this cluster
  requestSigningPrivateKey: RequestSigningPrivateKey?

  /// Annotations to set on the ServiceAccount created for Restate
  serviceAccountAnnotations: Mapping<String, String>?

  /// Optional list of Secrets containing trusted CA certificates.
  /// Each cert is appended to the system CA bundle via an init container.
  trustedCaCerts: Listing<TrustedCACert>?

  /// Annotations to set on the Service created for Restate
  serviceAnnotations: Mapping<String, String>?
}

/// Network peers to allow inbound access to restate ports If unset, will not allow any new traffic. Set
/// any of these to [] to allow all traffic - not recommended.
class NetworkPeers {
  admin: Listing<NetworkPolicy.NetworkPolicyPeer>?

  ingress: Listing<NetworkPolicy.NetworkPolicyPeer>?

  /// Network peers to allow inbound access to the node port (5122).
  /// This is used for inter-cluster communication and operator access for provisioning.
  node: Listing<NetworkPolicy.NetworkPolicyPeer>?

  /// Deprecated: use `node` instead. If both are set, `node` takes precedence.
  metrics: Listing<NetworkPolicy.NetworkPolicyPeer>?
}

/// If set, configure the use of a private key to sign outbound requests from this cluster
class RequestSigningPrivateKey {
  /// A Kubernetes Secret source for the private key
  secret: Secret?

  /// A CSI secret provider source for the private key; will create a SecretProviderClass.
  secretProvider: SecretProvider?

  /// The version of Restate request signing that the key is for; currently only "v1" accepted.
  version: String
}

/// A Kubernetes Secret source for the private key
class Secret {
  /// The key of the secret to select from. Must be a valid secret key.
  key: String

  /// Name of the secret.
  secretName: String
}

/// A CSI secret provider source for the private key; will create a SecretProviderClass.
class SecretProvider {
  /// Configuration for specific provider
  parameters: Mapping<String, String>?

  /// The path of the private key relative to the root of the mounted volume
  path: String

  /// Configuration for provider name
  provider: String?
}

/// A reference to a Secret containing a trusted CA certificate.
class TrustedCACert {
  /// Name of the Secret containing the CA certificate
  secretName: String

  /// Key within the Secret that contains the PEM-encoded certificate
  key: String
}

/// Storage configuration
class Storage {
  /// storageClassName is the name of the StorageClass required by the claim. More info:
  /// https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1. This field is immutable
  storageClassName: String?

  /// storageRequestBytes is the amount of storage to request in volume claims. It is allowed to increase
  /// but not decrease.
  storageRequestBytes: Int(this >= 1.0)

  /// volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
  volumeAttributesClassName: String?
}

/// Status of the RestateCluster. This is set and managed automatically. Read-only. More info:
/// https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
class Status {
  conditions: Listing<Condition>?

  /// Whether the cluster has been provisioned by the operator.
  /// This is set to true after successful provisioning to avoid repeated provisioning attempts.
  provisioned: Boolean?
}

class Condition {
  /// Last time the condition transitioned from one status to another.
  lastTransitionTime: String?

  /// Human-readable message indicating details about last transition.
  message: String?

  /// Unique, one-word, CamelCase reason for the condition's last transition.
  reason: String?

  /// Status is the status of the condition. Can be True, False, Unknown.
  status: String

  /// Type of the condition, known values are (`Ready`).
  type: String
}