openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-07 00:48:01 +01:00
Code Issues Releases Activity
Files
f7a24b39697c7cf161db94de606a27e5bec2b43e
openshift-docs/modules/crd-custom-resource-definitions.adoc
Alex Dellapenta 170dbb6e92 Split Operators guide into user/admin tasks
2020-09-28 13:16:44 -06:00

49 lines
2.2 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * operators/understanding/crds/crd-managing-resources-from-crds.adoc
// * operators/understanding/crds/extending-api-with-crds.adoc
[id="crd-custom-resource-definitions_{context}"]
= Custom Resource Definitions
In the Kubernetes API, a resource is an endpoint that stores a collection of API
objects of a certain kind. For example, the built-in Pods resource contains a
collection of Pod objects.
A _Custom Resource Definition_ (CRD) object defines a new, unique object `Kind`
in the cluster and lets the Kubernetes API server handle its entire lifecycle.
_Custom Resource_ (CR) objects are created from CRDs that have been added to
the cluster by a cluster administrator, allowing all cluster users to add the
new resource type into projects.
ifeval::["{context}" == "crd-extending-api-with-crds"]
When a cluster administrator adds a new CRD to the cluster, the Kubernetes API
server reacts by creating a new RESTful resource path that can be accessed by
the entire cluster or a single project (namespace) and begins serving the
specified CR.
Cluster administrators that want to grant access to the CRD to other users can
use cluster role aggregation to grant access to users with the `admin`, `edit`,
or `view` default cluster roles. Cluster role aggregation allows the insertion
of custom policy rules into these cluster roles. This behavior integrates the
new resource into the cluster's RBAC policy as if it was a built-in resource.
endif::[]
Operators in particular make use of CRDs by packaging them with any required
RBAC policy and other software-specific logic.
ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
Cluster administrators can also add CRDs manually to the cluster outside of an
Operator's lifecycle, making them available to all users.
[NOTE]
====
While only cluster administrators can create CRDs, developers can create the CR
from an existing CRD if they have read and write permission to it.
====
endif::[]
ifdef::openshift-dedicated[]
{product-title} cluster administrators can manage RBAC to CRDs that have been
added to customer project namespaces, making them available to authorized users.
endif::[]
View Git Blame Copy Permalink