Alibaba Cloud Provider: introducing imageregistry types

imageregistry/v1/00_imageregistry.crd.yaml-patch

@@ -0,0 +1,13 @@
+- op: add
+  path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/storage/properties/oss/properties/encryption/anyOf
+  value:
+  - properties:
+      type:
+        not:
+          enum: ["KMS"]
+    not:
+      required: ["kms"]
+  - properties:
+      type:
+        enum: ["KMS"]
+    required: ["kms"]

imageregistry/v1/types.go

@@ -306,6 +306,81 @@ type ImageRegistryConfigStorageIBMCOS struct {
 	ServiceInstanceCRN string `json:"serviceInstanceCRN,omitempty"`
 }
 
+// EndpointAccessibility defines the Alibaba VPC endpoint for storage
+type EndpointAccessibility string
+
+// AlibabaEncryptionMethod defines an enumerable type for the encryption mode
+type AlibabaEncryptionMethod string
+
+const (
+	// InternalEndpoint sets the VPC endpoint to internal
+	InternalEndpoint EndpointAccessibility = "Internal"
+	// PublicEndpoint sets the VPC endpoint to public
+	PublicEndpoint EndpointAccessibility = "Public"
+
+	// PlainText is an AlibabaEncryptionMethod. This is the default. This means no encryption
+	PlainText AlibabaEncryptionMethod = "PlainText"
+	// AES256 is an AlibabaEncryptionMethod. This means AES256 encryption
+	AES256 AlibabaEncryptionMethod = "AES256"
+	// KMS is an AlibabaEncryptionMethod. This means KMS encryption
+	KMS AlibabaEncryptionMethod = "KMS"
+)
+
+// EncryptionAlibaba this a union type in kube parlance.  Depending on the value for the AlibabaEncryptionMethod,
+// different pointers may be used
+type EncryptionAlibaba struct {
+	// Method defines the different encrytion modes available
+	// Empty value means no opinion and the platform chooses the a default, which is subject to change over time.
+	// Currently the default is `AES256`.
+	// +kubebuilder:validation:Enum="PlainText";"KMS";"AES256"
+	// +kubebuilder:default="AES256"
+	// +optional
+	Method AlibabaEncryptionMethod `json:"method"`
+
+	// KMS (key management service) is an encryption type that holds the struct for KMS KeyID
+	// +optional
+	KMS *KMSEncryptionAlibaba `json:"kms,omitempty"`
+}
+
+type KMSEncryptionAlibaba struct {
+	// KeyID holds the KMS encryption key ID
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinLength=1
+	KeyID string `json:"keyID"`
+}
+
+// ImageRegistryConfigStorageAlibabaOSS holds Alibaba Cloud OSS configuration.
+// Configures the registry to use Alibaba Cloud Object Storage Service for backend storage.
+// More about oss, you can look at the [official documentation](https://www.alibabacloud.com/help/product/31815.htm)
+type ImageRegistryConfigStorageAlibabaOSS struct {
+	// Bucket is the bucket name in which you want to store the registry's data.
+	// About Bucket naming, more details you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/257087.htm)
+	// Empty value means no opinion and the platform chooses the a default, which is subject to change over time.
+	// Currently the default will be autogenerated in the form of <clusterid>-image-registry-<region>-<random string 27 chars>
+	// +kubebuilder:validation:MaxLength=63
+	// +kubebuilder:validation:MinLength=3
+	// +kubebuilder:validation:Pattern=`^[0-9a-z]+(-[0-9a-z]+)*$`
+	// +optional
+	Bucket string `json:"bucket,omitempty"`
+	// Region is the Alibaba Cloud Region in which your bucket exists.
+	// For a list of regions, you can look at the [official documentation](https://www.alibabacloud.com/help/doc-detail/31837.html).
+	// Empty value means no opinion and the platform chooses the a default, which is subject to change over time.
+	// Currently the default will be based on the installed Alibaba Cloud Region.
+	// +optional
+	Region string `json:"region,omitempty"`
+	// EndpointAccessibility specifies whether the registry use the OSS VPC internal endpoint
+	// Empty value means no opinion and the platform chooses the a default, which is subject to change over time.
+	// Currently the default is `Internal`.
+	// +kubebuilder:validation:Enum="Internal";"Public";""
+	// +kubebuilder:default="Internal"
+	// +optional
+	EndpointAccessibility EndpointAccessibility `json:"endpointAccessibility,omitempty"`
+	// Encryption specifies whether you would like your data encrypted on the server side.
+	// More details, you can look cat the [official documentation](https://www.alibabacloud.com/help/doc-detail/117914.htm)
+	// +optional
+	Encryption *EncryptionAlibaba `json:"encryption,omitempty"`
+}
+
 // ImageRegistryConfigStorage describes how the storage should be configured
 // for the image registry.
 type ImageRegistryConfigStorage struct {
@@ -333,6 +408,9 @@ type ImageRegistryConfigStorage struct {
 	// ibmcos represents configuration that uses IBM Cloud Object Storage.
 	// +optional
 	IBMCOS *ImageRegistryConfigStorageIBMCOS `json:"ibmcos,omitempty"`
+	// Oss represents configuration that uses Alibaba Cloud Object Storage Service.
+	// +optional
+	OSS *ImageRegistryConfigStorageAlibabaOSS `json:"oss,omitempty"`
 	// managementState indicates if the operator manages the underlying
 	// storage unit. If Managed the operator will remove the storage when
 	// this operator gets Removed.