CRD Scope

Overview

This page details the various methods to control the scope of a CRD. See the operator scope doc for information on configuring operator scope, such as which namespaces to watch.

Custom Resource Definitions (CRDs) contain a scope field that determines whether the resulting Custom Resource (CR) is cluster or namespace scoped. An operator author might use a namespaced-scoped CRD to restrict access to a CR to certain namespaces, or to have different versions of CRs accessible in different namespaces. Alternatively, an operator author might want a cluster-scoped CRD so all namespaces have visibility and access to CRs.

The CRD manifests are generated by the operator-sdk create api command in config/crd/bases. A CRD’s spec.scope field controls API scope; valid values are Cluster and Namespaced. For an Operator-sdk Go project, this value is determined by the operator-sdk create api --namespaced boolean flag, which edits the types.go file for the resource. For other operator types, the command edits spec.scope in the CRD’s YAML manifest directly.

Set create api –namespaced flag

When creating a new API, the --namespaced flag controls whether the resulting CRD will be cluster or namespace scoped. By default, --namespaced is set to true which sets the scope to Namespaced. An example command to create a cluster-scoped API would be:

  1. $ operator-sdk create api --group cache --version v1alpha1 --kind Memcached --resource=true --controller=true --namespaced=false

Set Scope Marker in types.go

You can also manually set the scope in the Go types.go file by adding or changing the kubebuilder scope marker to your resource. This file is usually located in api/<version>/<kind>_types.go or apis/<group>/<version>/<kind>_types.go if you are using the [multigroup][multigroup-kubebuilder-doc] layout. Once this marker is set, the CRD files will be generated with the approriate scope. Here is an example API type with the marker set to cluster scope:

  1. //+kubebuilder:object:root=true
  2. //+kubebuilder:subresource:status
  3. //+kubebuilder:resource:scope=Cluster
  5. // Memcached is the Schema for the memcacheds API
  6. type Memcached struct {
  7.     metav1.TypeMeta   `json:",inline"`
  8.     metav1.ObjectMeta `json:"metadata,omitempty"`
  10.     Spec   MemcachedSpec   `json:"spec,omitempty"`
  11.     Status MemcachedStatus `json:"status,omitempty"`
  12. }

To set the scope to namespaced, the marker would be set to //+kubebuilder:resource:scope=Namespace instead.

Set scope in CRD YAML file

The scope can be manually set directly in the CRD’s Kind YAML file, normally located in config/crd/bases/<group>.<domain>_<kind>.yaml. An example YAML file for a namespace-scoped CRD is shown below:

  1. apiVersion: apiextensions.k8s.io/v1beta1
  2. kind: CustomResourceDefinition
  3. metadata:
  4.   annotations:
  5.     controller-gen.kubebuilder.io/version: v0.2.5
  6.   creationTimestamp: null
  7.   name: memcacheds.cache.example.com
  8. spec:
  9.   group: cache.example.com
  10.   names:
  11.     kind: Memcached
  12.     listKind: MemcachedList
  13.     plural: memcacheds
  14.     singular: memcached
  15.   scope: Namespaced
  16.   subresources:
  17.     status: {}
  18. ...

Last modified May 13, 2021: docs: s/godoc.org/pkg.go.dev/g (#4916) (983bfd12)