73 lines
2.7 KiB
Text
73 lines
2.7 KiB
Text
# schemas/lib/capabilities.ncl — InfraCapabilities contract
|
|
#
|
|
# Declares what the infrastructure provides: cluster runtime, storage classes,
|
|
# ingress, TLS, volumes, networking, and registry topology.
|
|
# Source of truth for cross-validation against component requires.* fields
|
|
# and for registry resolution by integration tooling (prvng i).
|
|
#
|
|
# Usage:
|
|
# let cap = import "schemas/lib/capabilities.ncl" in
|
|
# { provides | cap.InfraCapabilities = { ... } }
|
|
|
|
{
|
|
# Registry roles — determines namespace ownership and sync direction.
|
|
# 'primary canonical store; other registries replicate FROM it
|
|
# 'build builder-local store; owns ephemeral cache namespaces
|
|
# 'dev developer workstation; on-demand mirror of primary
|
|
# 'mirror read-only replica with no own namespaces
|
|
RegistryRole = [| 'primary, 'build, 'dev, 'mirror |],
|
|
|
|
# Per-registry namespace policy.
|
|
# own — namespaces this registry is authoritative for
|
|
# replicate_to — ids of other registries that should receive sync of `prefixes`
|
|
# mirror_from — id of upstream registry to mirror `prefixes` from (on-demand)
|
|
# prefixes — which namespace prefixes are synced (cross-registry contracts)
|
|
RegistryNamespaces = {
|
|
own | Array String | default = [],
|
|
replicate_to | Array String | default = [],
|
|
mirror_from | String | optional,
|
|
prefixes | Array String | default = [],
|
|
},
|
|
|
|
RegistryEntry = {
|
|
id | String,
|
|
endpoint | String,
|
|
role | RegistryRole,
|
|
tls | Bool | default = true,
|
|
namespaces | RegistryNamespaces | default = {},
|
|
},
|
|
|
|
# Multi-registry topology for a workspace.
|
|
# registries — ordered list; first 'primary entry is the canonical store
|
|
# default — id of the registry used by integration tooling when no
|
|
# --registry flag or PROVISIONING_REGISTRY env is set
|
|
RegistriesConfig = {
|
|
registries | Array RegistryEntry | default = [],
|
|
default | String | optional,
|
|
},
|
|
|
|
InfraCapabilities = {
|
|
cluster | {
|
|
name | String,
|
|
runtime | String,
|
|
..
|
|
} | optional,
|
|
storage_classes | Array String | default = [],
|
|
ingress_class | String | optional,
|
|
container_runtime | String | optional,
|
|
volumes | { _ | { mount | String, size_gb | Number } } | default = {},
|
|
networking | {
|
|
private_network | String | optional,
|
|
subnet | String | optional,
|
|
floating_ip | String | optional,
|
|
..
|
|
} | default = {},
|
|
tls | {
|
|
cluster_issuer | String | optional,
|
|
available | Bool | default = false,
|
|
..
|
|
} | default = {},
|
|
registries | RegistriesConfig | default = {},
|
|
..
|
|
},
|
|
}
|