CRD Reference¶
All resources use the API group openvox.voxpupuli.org/v1alpha1.
Resource Hierarchy¶
graph TD
Cfg["Config"]
CA["CertificateAuthority"]
SP["SigningPolicy"]
NC["NodeClassifier"]
RP["ReportProcessor"]
Cert["Certificate"]
Srv["Server"]
Pool["Pool"]
Cfg -->|authorityRef| CA
Cfg -->|nodeClassifierRef| NC
Cfg -->|configRef| RP
CA -->|certificateAuthorityRef| SP
CA -->|authorityRef| Cert
Cert -->|certificateRef| Srv
Cfg -->|configRef| Srv
Srv -->|poolRefs| PoolEach resource references its parent. The operator reconciles them in order: a Config references a CertificateAuthority via authorityRef and optionally a NodeClassifier via nodeClassifierRef, a CertificateAuthority must be Ready before a Certificate can be signed, and a Certificate must be Signed before a Server creates its Deployment. SigningPolicies and NodeClassifiers can be created at any time and take effect within ~60 seconds.
Resources¶
| Kind | Short Name | Purpose |
|---|---|---|
| Config | cfg |
Shared config (puppet.conf, auth.conf), PuppetDB connection |
| CertificateAuthority | ca |
CA infrastructure: PVC, keys, 3 CA Secrets (cert, key, CRL) |
| SigningPolicy | sp |
Declarative CSR signing policy for a CA |
| NodeClassifier | nc |
External Node Classifier (ENC) endpoint |
| Certificate | cert |
Lifecycle of a single certificate (request, sign) |
| Server | - | OpenVox Server Deployment (CA and/or server role) |
| Pool | - | Networking resource: Service for Servers that reference this Pool |
| ReportProcessor | rp |
Webhook-based report forwarding endpoint |
Shared Types¶
These types are reused across multiple CRDs.
ImageSpec¶
| Field | Type | Default | Description |
|---|---|---|---|
repository |
string | ghcr.io/slauger/openvox-server |
Container image repository |
tag |
string | latest |
Container image tag |
pullPolicy |
string | IfNotPresent |
Image pull policy |
pullSecrets |
[]LocalObjectReference | - | Image pull secrets |
StorageSpec¶
| Field | Type | Default | Description |
|---|---|---|---|
size |
string | 1Gi |
Requested storage size |
storageClass |
string | - | Storage class name (empty = default) |
CodeSpec¶
Used by Config and Server to define the Puppet code source. Either claimName or image may be set, not both.
| Field | Type | Default | Description |
|---|---|---|---|
claimName |
string | - | Name of an existing PVC containing Puppet code |
image |
string | - | OCI image reference containing Puppet code (Kubernetes 1.35+, or 1.31+ with feature gate) |
imagePullPolicy |
string | IfNotPresent |
When to pull the code image |
imagePullSecret |
string | - | Secret name for pulling from private registries |