diff --git a/README.md b/README.md index d7d233f9..dda164d2 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,10 @@ Kubernetes Github project. The ACK service controller for Amazon ElastiCache supports the following Amazon ElastiCache API resources in `DEVELOPER PREVIEW`: - [x] Replication Group - [x] Cache Subnet Group +- [x] User Group +- [x] User +- [x] Snapshot Group +- [x] Cache Parameter Group ## Contributing diff --git a/helm/Chart.yaml b/helm/Chart.yaml index d328c603..9fcb2760 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,15 +1,17 @@ apiVersion: v1 name: ack-elasticache-controller description: A Helm chart for the ACK service controller for elasticache -version: v0.0.3 -appVersion: v0.0.3 -home: https://github.com/aws/aws-controllers-k8s +version: v0.0.4 +appVersion: v0.0.4 +home: https://github.com/aws-controllers-k8s/elasticache-controller icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png sources: - - https://github.com/aws/aws-controllers-k8s + - https://github.com/aws-controllers-k8s/elasticache-controller maintainers: - name: ACK Admins - url: https://github.com/orgs/aws/teams/aws-controllers-for-kubernetes-ack-admins + url: https://github.com/orgs/aws-controllers-k8s/teams/ack-admin + - name: elasticache Admins + url: https://github.com/orgs/aws-controllers-k8s/teams/elasticache-maintainer keywords: - aws - kubernetes diff --git a/helm/crds/elasticache.services.k8s.aws_cacheparametergroups.yaml b/helm/crds/elasticache.services.k8s.aws_cacheparametergroups.yaml index d5b6d6ca..6849215e 100644 --- a/helm/crds/elasticache.services.k8s.aws_cacheparametergroups.yaml +++ b/helm/crds/elasticache.services.k8s.aws_cacheparametergroups.yaml @@ -35,16 +35,30 @@ spec: metadata: type: object spec: - description: CacheParameterGroupSpec defines the desired state of CacheParameterGroup + description: "CacheParameterGroupSpec defines the desired state of CacheParameterGroup. + \n Represents the output of a CreateCacheParameterGroup operation." properties: cacheParameterGroupFamily: + description: "The name of the cache parameter group family that the + cache parameter group can be used with. \n Valid values are: memcached1.4 + | memcached1.5 | memcached1.6 | redis2.6 | redis2.8 | redis3.2 | + redis4.0 | redis5.0 | redis6.x |" type: string cacheParameterGroupName: + description: A user-specified name for the cache parameter group. type: string description: + description: A user-specified description for the cache parameter + group. type: string parameterNameValues: + description: An array of parameter names and values for the parameter + update. You must supply at least one parameter name and value; subsequent + arguments are optional. A maximum of 20 parameters may be modified + per request. items: + description: Describes a name-value pair that is used to update + the value of a parameter. properties: parameterName: type: string @@ -117,7 +131,12 @@ spec: type: object type: array events: + description: A list of events. Each element in the list contains detailed + information about one event. items: + description: Represents a single occurrence of something interesting + within the system. Some examples of events are creating a cluster, + adding or removing a cache node, or rebooting a node. properties: date: format: date-time @@ -129,9 +148,14 @@ spec: type: object type: array isGlobal: + description: Indicates whether the parameter group is associated with + a Global datastore type: boolean parameters: + description: A list of Parameter instances. items: + description: Describes an individual setting that controls some + aspect of ElastiCache behavior. properties: allowedValues: type: string @@ -151,9 +175,6 @@ spec: type: string type: object type: array - required: - - ackResourceMetadata - - conditions type: object type: object served: true diff --git a/helm/crds/elasticache.services.k8s.aws_cachesubnetgroups.yaml b/helm/crds/elasticache.services.k8s.aws_cachesubnetgroups.yaml index dfc1026d..5e27c8d0 100644 --- a/helm/crds/elasticache.services.k8s.aws_cachesubnetgroups.yaml +++ b/helm/crds/elasticache.services.k8s.aws_cachesubnetgroups.yaml @@ -34,13 +34,20 @@ spec: metadata: type: object spec: - description: CacheSubnetGroupSpec defines the desired state of CacheSubnetGroup + description: "CacheSubnetGroupSpec defines the desired state of CacheSubnetGroup. + \n Represents the output of one of the following operations: \n * + CreateCacheSubnetGroup \n * ModifyCacheSubnetGroup" properties: cacheSubnetGroupDescription: + description: A description for the cache subnet group. type: string cacheSubnetGroupName: + description: "A name for the cache subnet group. This value is stored + as a lowercase string. \n Constraints: Must contain no more than + 255 alphanumeric characters or hyphens. \n Example: mysubnetgroup" type: string subnetIDs: + description: A list of VPC subnet IDs for the cache subnet group. items: type: string type: array @@ -109,7 +116,12 @@ spec: type: object type: array events: + description: A list of events. Each element in the list contains detailed + information about one event. items: + description: Represents a single occurrence of something interesting + within the system. Some examples of events are creating a cluster, + adding or removing a cache node, or rebooting a node. properties: date: format: date-time @@ -121,9 +133,15 @@ spec: type: object type: array subnets: + description: A list of subnets associated with the cache subnet group. items: + description: Represents the subnet associated with a cluster. This + parameter refers to subnets defined in Amazon Virtual Private + Cloud (Amazon VPC) and used with ElastiCache. properties: subnetAvailabilityZone: + description: Describes an Availability Zone in which the cluster + is launched. properties: name: type: string @@ -131,6 +149,7 @@ spec: subnetIdentifier: type: string subnetOutpost: + description: The ID of the outpost subnet. properties: subnetOutpostARN: type: string @@ -138,10 +157,9 @@ spec: type: object type: array vpcID: + description: The Amazon Virtual Private Cloud identifier (VPC ID) + of the cache subnet group. type: string - required: - - ackResourceMetadata - - conditions type: object type: object served: true diff --git a/helm/crds/elasticache.services.k8s.aws_replicationgroups.yaml b/helm/crds/elasticache.services.k8s.aws_replicationgroups.yaml index 6199b9b4..8d95c42e 100644 --- a/helm/crds/elasticache.services.k8s.aws_replicationgroups.yaml +++ b/helm/crds/elasticache.services.k8s.aws_replicationgroups.yaml @@ -34,38 +34,189 @@ spec: metadata: type: object spec: - description: ReplicationGroupSpec defines the desired state of ReplicationGroup + description: "ReplicationGroupSpec defines the desired state of ReplicationGroup. + \n Contains all of the attributes of a specific Redis replication group." properties: atRestEncryptionEnabled: + description: "A flag that enables encryption at rest when set to true. + \n You cannot modify the value of AtRestEncryptionEnabled after + the replication group is created. To enable encryption at rest on + a replication group you must set AtRestEncryptionEnabled to true + when you create the replication group. \n Required: Only available + when creating a replication group in an Amazon VPC using redis version + 3.2.6, 4.x or later. \n Default: false" type: boolean authToken: - type: string - autoMinorVersionUpgrade: - type: boolean + description: "Reserved parameter. The password used to access a password + protected server. \n AuthToken can be specified only on replication + groups where TransitEncryptionEnabled is true. \n For HIPAA compliance, + you must specify TransitEncryptionEnabled as true, an AuthToken, + and a CacheSubnetGroup. \n Password constraints: \n * Must be + only printable ASCII characters. \n * Must be at least 16 characters + and no more than 128 characters in length. \n * The only permitted + printable special characters are !, &, #, $, ^, <, >, and -. + Other printable special characters cannot be used in the AUTH token. + \n For more information, see AUTH password (http://redis.io/commands/AUTH) + at http://redis.io/commands/AUTH." + properties: + key: + description: Key is the key within the secret + type: string + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + required: + - key + type: object automaticFailoverEnabled: + description: "Specifies whether a read-only replica is automatically + promoted to read/write primary if the existing primary fails. \n + AutomaticFailoverEnabled must be enabled for Redis (cluster mode + enabled) replication groups. \n Default: false" type: boolean cacheNodeType: + description: "The compute and memory capacity of the nodes in the + node group (shard). \n The following node types are supported by + ElastiCache. Generally speaking, the current generation types provide + more memory and computational power at lower cost when compared + to their equivalent previous generation counterparts. \n * General + purpose: Current generation: M6g node types (available only for + Redis engine version 5.0.6 onward and for Memcached engine version + \ 1.5.16 onward). cache.m6g.large, cache.m6g.xlarge, cache.m6g.2xlarge, + \ cache.m6g.4xlarge, cache.m6g.8xlarge, cache.m6g.12xlarge, cache.m6g.16xlarge + \ For region availability, see Supported Node Types (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion) + \ M5 node types: cache.m5.large, cache.m5.xlarge, cache.m5.2xlarge, + cache.m5.4xlarge, cache.m5.12xlarge, cache.m5.24xlarge M4 node + types: cache.m4.large, cache.m4.xlarge, cache.m4.2xlarge, cache.m4.4xlarge, + cache.m4.10xlarge T3 node types: cache.t3.micro, cache.t3.small, + cache.t3.medium T2 node types: cache.t2.micro, cache.t2.small, cache.t2.medium + Previous generation: (not recommended) T1 node types: cache.t1.micro + M1 node types: cache.m1.small, cache.m1.medium, cache.m1.large, + \ cache.m1.xlarge M3 node types: cache.m3.medium, cache.m3.large, + cache.m3.xlarge, cache.m3.2xlarge \n * Compute optimized: + Previous generation: (not recommended) C1 node types: cache.c1.xlarge + \n * Memory optimized: Current generation: R6g node types (available + only for Redis engine version 5.0.6 onward and for Memcached + engine version 1.5.16 onward). cache.r6g.large, cache.r6g.xlarge, + cache.r6g.2xlarge, cache.r6g.4xlarge, cache.r6g.8xlarge, cache.r6g.12xlarge, + cache.r6g.16xlarge For region availability, see Supported Node + Types (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion) + \ R5 node types: cache.r5.large, cache.r5.xlarge, cache.r5.2xlarge, + cache.r5.4xlarge, cache.r5.12xlarge, cache.r5.24xlarge R4 node + types: cache.r4.large, cache.r4.xlarge, cache.r4.2xlarge, cache.r4.4xlarge, + cache.r4.8xlarge, cache.r4.16xlarge Previous generation: (not + recommended) M2 node types: cache.m2.xlarge, cache.m2.2xlarge, + cache.m2.4xlarge R3 node types: cache.r3.large, cache.r3.xlarge, + \ cache.r3.2xlarge, cache.r3.4xlarge, cache.r3.8xlarge \n Additional + node type info \n * All current generation instance types are + created in Amazon VPC by default. \n * Redis append-only files + (AOF) are not supported for T1 or T2 instances. \n * Redis Multi-AZ + with automatic failover is not supported on T1 instances. \n * + Redis configuration variables appendonly and appendfsync are not + supported on Redis version 2.8.22 and later." type: string cacheParameterGroupName: + description: "The name of the parameter group to associate with this + replication group. If this argument is omitted, the default cache + parameter group for the specified engine is used. \n If you are + running Redis version 3.2.4 or later, only one node group (shard), + and want to use a default parameter group, we recommend that you + specify the parameter group by name. \n * To create a Redis (cluster + mode disabled) replication group, use CacheParameterGroupName=default.redis3.2. + \n * To create a Redis (cluster mode enabled) replication group, + use CacheParameterGroupName=default.redis3.2.cluster.on." type: string cacheSecurityGroupNames: + description: A list of cache security group names to associate with + this replication group. items: type: string type: array cacheSubnetGroupName: + description: "The name of the cache subnet group to be used for the + replication group. \n If you're going to launch your cluster in + an Amazon VPC, you need to create a subnet group before you start + creating a cluster. For more information, see Subnets and Subnet + Groups (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SubnetGroups.html)." type: string engine: + description: The name of the cache engine to be used for the clusters + in this replication group. Must be Redis. type: string engineVersion: - type: string - globalReplicationGroupID: + description: "The version number of the cache engine to be used for + the clusters in this replication group. To view the supported cache + engine versions, use the DescribeCacheEngineVersions operation. + \n Important: You can upgrade to a newer engine version (see Selecting + a Cache Engine and Version (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SelectEngine.html#VersionManagement)) + in the ElastiCache User Guide, but you cannot downgrade to an earlier + engine version. If you want to use an earlier engine version, you + must delete the existing cluster or replication group and create + it anew with the earlier engine version." type: string kmsKeyID: + description: The ID of the KMS key used to encrypt the disk in the + cluster. type: string + logDeliveryConfigurations: + description: Specifies the destination, format and type of the logs. + items: + description: Specifies the destination, format and type of the logs. + properties: + destinationDetails: + description: Configuration details of either a CloudWatch Logs + destination or Kinesis Data Firehose destination. + properties: + cloudWatchLogsDetails: + description: The configuration details of the CloudWatch + Logs destination. + properties: + logGroup: + type: string + type: object + kinesisFirehoseDetails: + description: The configuration details of the Kinesis Data + Firehose destination. + properties: + deliveryStream: + type: string + type: object + type: object + destinationType: + type: string + enabled: + type: boolean + logFormat: + type: string + logType: + type: string + type: object + type: array multiAZEnabled: + description: 'A flag indicating if you have Multi-AZ enabled to enhance + fault tolerance. For more information, see Minimizing Downtime: + Multi-AZ (http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/AutoFailover.html).' type: boolean nodeGroupConfiguration: + description: "A list of node group (shard) configuration options. + Each node group (shard) configuration has the following members: + PrimaryAvailabilityZone, ReplicaAvailabilityZones, ReplicaCount, + and Slots. \n If you're creating a Redis (cluster mode disabled) + or a Redis (cluster mode enabled) replication group, you can use + this parameter to individually configure each node group (shard), + or you can omit this parameter. However, it is required when seeding + a Redis (cluster mode enabled) cluster from a S3 rdb file. You must + configure each node group (shard) using this parameter because you + must specify the slots for each node group." items: + description: 'Node group (shard) configuration options. Each node + group (shard) configuration has the following: Slots, PrimaryAvailabilityZone, + ReplicaAvailabilityZones, ReplicaCount.' properties: nodeGroupID: type: string @@ -89,58 +240,124 @@ spec: type: object type: array notificationTopicARN: + description: "The Amazon Resource Name (ARN) of the Amazon Simple + Notification Service (SNS) topic to which notifications are sent. + \n The Amazon SNS topic owner must be the same as the cluster owner." type: string - numCacheClusters: - format: int64 - type: integer numNodeGroups: + description: "An optional parameter that specifies the number of node + groups (shards) for this Redis (cluster mode enabled) replication + group. For Redis (cluster mode disabled) either omit this parameter + or set it to 1. \n Default: 1" format: int64 type: integer port: + description: The port number on which each member of the replication + group accepts connections. format: int64 type: integer preferredCacheClusterAZs: + description: "A list of EC2 Availability Zones in which the replication + group's clusters are created. The order of the Availability Zones + in the list is the order in which clusters are allocated. The primary + cluster is created in the first AZ in the list. \n This parameter + is not used if there is more than one node group (shard). You should + use NodeGroupConfiguration instead. \n If you are creating your + replication group in an Amazon VPC (recommended), you can only locate + clusters in Availability Zones associated with the subnets in the + selected subnet group. \n The number of Availability Zones listed + must equal the value of NumCacheClusters. \n Default: system chosen + Availability Zones." items: type: string type: array preferredMaintenanceWindow: + description: "Specifies the weekly time range during which maintenance + on the cluster is performed. It is specified as a range in the format + ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance + window is a 60 minute period. Valid values for ddd are: \n Specifies + the weekly time range during which maintenance on the cluster is + performed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi + (24H Clock UTC). The minimum maintenance window is a 60 minute period. + \n Valid values for ddd are: \n * sun \n * mon \n * tue + \n * wed \n * thu \n * fri \n * sat \n Example: sun:23:00-mon:01:30" type: string primaryClusterID: + description: "The identifier of the cluster that serves as the primary + for this replication group. This cluster must already exist and + have a status of available. \n This parameter is not required if + NumCacheClusters, NumNodeGroups, or ReplicasPerNodeGroup is specified." type: string replicasPerNodeGroup: + description: An optional parameter that specifies the number of replica + nodes in each node group (shard). Valid values are 0 to 5. format: int64 type: integer replicationGroupDescription: + description: A user-created description for the replication group. type: string replicationGroupID: + description: "The replication group identifier. This parameter is + stored as a lowercase string. \n Constraints: \n * A name must + contain from 1 to 40 alphanumeric characters or hyphens. \n * + The first character must be a letter. \n * A name cannot end + with a hyphen or contain two consecutive hyphens." type: string securityGroupIDs: + description: "One or more Amazon VPC security groups associated with + this replication group. \n Use this parameter only when you are + creating a replication group in an Amazon Virtual Private Cloud + (Amazon VPC)." items: type: string type: array snapshotARNs: + description: "A list of Amazon Resource Names (ARN) that uniquely + identify the Redis RDB snapshot files stored in Amazon S3. The snapshot + files are used to populate the new replication group. The Amazon + S3 object name in the ARN cannot contain any commas. The new replication + group will have the number of node groups (console: shards) specified + by the parameter NumNodeGroups or the number of node groups configured + by NodeGroupConfiguration regardless of the number of ARNs specified + here. \n Example of an Amazon S3 ARN: arn:aws:s3:::my_bucket/snapshot1.rdb" items: type: string type: array snapshotName: + description: The name of a snapshot from which to restore data into + the new replication group. The snapshot status changes to restoring + while the new replication group is being created. type: string snapshotRetentionLimit: + description: "The number of days for which ElastiCache retains automatic + snapshots before deleting them. For example, if you set SnapshotRetentionLimit + to 5, a snapshot that was taken today is retained for 5 days before + being deleted. \n Default: 0 (i.e., automatic backups are disabled + for this cluster)." format: int64 type: integer snapshotWindow: + description: "The daily time range (in UTC) during which ElastiCache + begins taking a daily snapshot of your node group (shard). \n Example: + 05:00-09:00 \n If you do not specify this parameter, ElastiCache + automatically chooses an appropriate time range." type: string - tags: - items: - properties: - key: - type: string - value: - type: string - type: object - type: array transitEncryptionEnabled: + description: "A flag that enables in-transit encryption when set to + true. \n You cannot modify the value of TransitEncryptionEnabled + after the cluster is created. To enable in-transit encryption on + a cluster you must set TransitEncryptionEnabled to true when you + create a cluster. \n This parameter is valid only if the Engine + parameter is redis, the EngineVersion parameter is 3.2.6, 4.x or + later, and the cluster is being created in an Amazon VPC. \n If + you enable in-transit encryption, you must also specify a value + for CacheSubnetGroup. \n Required: Only available when creating + a replication group in an Amazon VPC using redis version 3.2.6, + 4.x or later. \n Default: false \n For HIPAA compliance, you must + specify TransitEncryptionEnabled as true, an AuthToken, and a CacheSubnetGroup." type: boolean userGroupIDs: + description: The user group to associate with the replication group. items: type: string type: array @@ -175,21 +392,40 @@ spec: - ownerAccountID type: object allowedScaleDownModifications: + description: A string list, each element of which specifies a cache + node type which you can use to scale your cluster or replication + group. When scaling down a Redis cluster or replication group using + ModifyCacheCluster or ModifyReplicationGroup, use a value from this + list for the CacheNodeType parameter. items: type: string type: array allowedScaleUpModifications: + description: "A string list, each element of which specifies a cache + node type which you can use to scale your cluster or replication + group. \n When scaling up a Redis cluster or replication group using + ModifyCacheCluster or ModifyReplicationGroup, use a value from this + list for the CacheNodeType parameter." items: type: string type: array authTokenEnabled: + description: "A flag that enables using an AuthToken (password) when + issuing Redis commands. \n Default: false" type: boolean authTokenLastModifiedDate: + description: The date the auth token was last modified format: date-time type: string automaticFailover: + description: Indicates the status of automatic failover for this Redis + replication group. type: string clusterEnabled: + description: "A flag indicating whether or not this replication group + is cluster enabled; i.e., whether its data can be partitioned across + multiple shards (API/CLI: node groups). \n Valid values: true | + false" type: boolean conditions: description: All CRS managed by ACK have a common `Status.Conditions` @@ -225,6 +461,8 @@ spec: type: object type: array configurationEndpoint: + description: The configuration endpoint for this replication group. + Use the configuration endpoint to connect to this replication group. properties: address: type: string @@ -233,9 +471,15 @@ spec: type: integer type: object description: + description: The user supplied description of the replication group. type: string events: + description: A list of events. Each element in the list contains detailed + information about one event. items: + description: Represents a single occurrence of something interesting + within the system. Some examples of events are creating a cluster, + adding or removing a cache node, or rebooting a node. properties: date: format: date-time @@ -247,29 +491,82 @@ spec: type: object type: array globalReplicationGroupInfo: + description: The name of the Global datastore and role of this replication + group in the Global datastore. properties: globalReplicationGroupID: type: string globalReplicationGroupMemberRole: type: string type: object + logDeliveryConfigurations: + description: Returns the destination, format and type of the logs. + items: + description: Returns the destination, format and type of the logs. + properties: + destinationDetails: + description: Configuration details of either a CloudWatch Logs + destination or Kinesis Data Firehose destination. + properties: + cloudWatchLogsDetails: + description: The configuration details of the CloudWatch + Logs destination. + properties: + logGroup: + type: string + type: object + kinesisFirehoseDetails: + description: The configuration details of the Kinesis Data + Firehose destination. + properties: + deliveryStream: + type: string + type: object + type: object + destinationType: + type: string + logFormat: + type: string + logType: + type: string + message: + type: string + status: + type: string + type: object + type: array memberClusters: + description: The names of all the cache clusters that are part of + this replication group. items: type: string type: array memberClustersOutpostARNs: + description: The outpost ARNs of the replication group's member clusters. items: type: string type: array multiAZ: + description: 'A flag indicating if you have Multi-AZ enabled to enhance + fault tolerance. For more information, see Minimizing Downtime: + Multi-AZ (http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/AutoFailover.html)' type: string nodeGroups: + description: A list of node groups in this replication group. For + Redis (cluster mode disabled) replication groups, this is a single-element + list. For Redis (cluster mode enabled) replication groups, the list + contains an entry for each node group (shard). items: + description: Represents a collection of cache nodes in a replication + group. One node in the node group is the read/write primary node. + All the other nodes are read-only Replica nodes. properties: nodeGroupID: type: string nodeGroupMembers: items: + description: Represents a single node within a node group + (shard). properties: cacheClusterID: type: string @@ -282,6 +579,8 @@ spec: preferredOutpostARN: type: string readEndpoint: + description: Represents the information required for client + programs to connect to a cache node. properties: address: type: string @@ -292,6 +591,8 @@ spec: type: object type: array primaryEndpoint: + description: Represents the information required for client + programs to connect to a cache node. properties: address: type: string @@ -300,6 +601,8 @@ spec: type: integer type: object readerEndpoint: + description: Represents the information required for client + programs to connect to a cache node. properties: address: type: string @@ -314,22 +617,59 @@ spec: type: object type: array pendingModifiedValues: + description: A group of settings to be applied to the replication + group, either immediately or during the next maintenance window. properties: authTokenStatus: type: string automaticFailoverStatus: type: string + logDeliveryConfigurations: + items: + description: The log delivery configurations being modified + properties: + destinationDetails: + description: Configuration details of either a CloudWatch + Logs destination or Kinesis Data Firehose destination. + properties: + cloudWatchLogsDetails: + description: The configuration details of the CloudWatch + Logs destination. + properties: + logGroup: + type: string + type: object + kinesisFirehoseDetails: + description: The configuration details of the Kinesis + Data Firehose destination. + properties: + deliveryStream: + type: string + type: object + type: object + destinationType: + type: string + logFormat: + type: string + logType: + type: string + type: object + type: array primaryClusterID: type: string resharding: + description: The status of an online resharding operation. properties: slotMigration: + description: Represents the progress of an online resharding + operation. properties: progressPercentage: type: number type: object type: object userGroups: + description: The status of the user group update. properties: userGroupIDsToAdd: items: @@ -342,12 +682,13 @@ spec: type: object type: object snapshottingClusterID: + description: The cluster ID that is used as the daily snapshot source + for the replication group. type: string status: + description: The current state of this replication group - creating, + available, modifying, deleting, create-failed, snapshotting. type: string - required: - - ackResourceMetadata - - conditions type: object type: object served: true diff --git a/helm/crds/elasticache.services.k8s.aws_snapshots.yaml b/helm/crds/elasticache.services.k8s.aws_snapshots.yaml index a8857de1..e0c9c2a0 100644 --- a/helm/crds/elasticache.services.k8s.aws_snapshots.yaml +++ b/helm/crds/elasticache.services.k8s.aws_snapshots.yaml @@ -34,17 +34,27 @@ spec: metadata: type: object spec: - description: SnapshotSpec defines the desired state of Snapshot + description: "SnapshotSpec defines the desired state of Snapshot. \n Represents + a copy of an entire Redis cluster as of the time when the snapshot was + taken." properties: cacheClusterID: + description: The identifier of an existing cluster. The snapshot is + created from this cluster. type: string kmsKeyID: + description: The ID of the KMS key used to encrypt the snapshot. type: string replicationGroupID: + description: The identifier of an existing replication group. The + snapshot is created from this replication group. type: string snapshotName: + description: A name for the snapshot being created. type: string sourceSnapshotName: + description: The name of an existing snapshot from which to make a + copy. type: string required: - snapshotName @@ -76,17 +86,64 @@ spec: - ownerAccountID type: object autoMinorVersionUpgrade: + description: This parameter is currently disabled. type: boolean automaticFailover: + description: Indicates the status of automatic failover for the source + Redis replication group. type: string cacheClusterCreateTime: + description: The date and time when the source cluster was created. format: date-time type: string cacheNodeType: + description: "The name of the compute and memory capacity node type + for the source cluster. \n The following node types are supported + by ElastiCache. Generally speaking, the current generation types + provide more memory and computational power at lower cost when compared + to their equivalent previous generation counterparts. \n * General + purpose: Current generation: M6g node types (available only for + Redis engine version 5.0.6 onward and for Memcached engine version + \ 1.5.16 onward). cache.m6g.large, cache.m6g.xlarge, cache.m6g.2xlarge, + \ cache.m6g.4xlarge, cache.m6g.8xlarge, cache.m6g.12xlarge, cache.m6g.16xlarge + \ For region availability, see Supported Node Types (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion) + \ M5 node types: cache.m5.large, cache.m5.xlarge, cache.m5.2xlarge, + cache.m5.4xlarge, cache.m5.12xlarge, cache.m5.24xlarge M4 node + types: cache.m4.large, cache.m4.xlarge, cache.m4.2xlarge, cache.m4.4xlarge, + cache.m4.10xlarge T3 node types: cache.t3.micro, cache.t3.small, + cache.t3.medium T2 node types: cache.t2.micro, cache.t2.small, cache.t2.medium + Previous generation: (not recommended) T1 node types: cache.t1.micro + M1 node types: cache.m1.small, cache.m1.medium, cache.m1.large, + \ cache.m1.xlarge M3 node types: cache.m3.medium, cache.m3.large, + cache.m3.xlarge, cache.m3.2xlarge \n * Compute optimized: + Previous generation: (not recommended) C1 node types: cache.c1.xlarge + \n * Memory optimized: Current generation: R6g node types (available + only for Redis engine version 5.0.6 onward and for Memcached + engine version 1.5.16 onward). cache.r6g.large, cache.r6g.xlarge, + cache.r6g.2xlarge, cache.r6g.4xlarge, cache.r6g.8xlarge, cache.r6g.12xlarge, + cache.r6g.16xlarge For region availability, see Supported Node + Types (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion) + \ R5 node types: cache.r5.large, cache.r5.xlarge, cache.r5.2xlarge, + cache.r5.4xlarge, cache.r5.12xlarge, cache.r5.24xlarge R4 node + types: cache.r4.large, cache.r4.xlarge, cache.r4.2xlarge, cache.r4.4xlarge, + cache.r4.8xlarge, cache.r4.16xlarge Previous generation: (not + recommended) M2 node types: cache.m2.xlarge, cache.m2.2xlarge, + cache.m2.4xlarge R3 node types: cache.r3.large, cache.r3.xlarge, + \ cache.r3.2xlarge, cache.r3.4xlarge, cache.r3.8xlarge \n Additional + node type info \n * All current generation instance types are + created in Amazon VPC by default. \n * Redis append-only files + (AOF) are not supported for T1 or T2 instances. \n * Redis Multi-AZ + with automatic failover is not supported on T1 instances. \n * + Redis configuration variables appendonly and appendfsync are not + supported on Redis version 2.8.22 and later." type: string cacheParameterGroupName: + description: The cache parameter group that is associated with the + source cluster. type: string cacheSubnetGroupName: + description: The name of the cache subnet group associated with the + source cluster. type: string conditions: description: All CRS managed by ACK have a common `Status.Conditions` @@ -122,11 +179,18 @@ spec: type: object type: array engine: + description: The name of the cache engine (memcached or redis) used + by the source cluster. type: string engineVersion: + description: The version of the cache engine version that is used + by the source cluster. type: string nodeSnapshots: + description: A list of the cache nodes in the source cluster. items: + description: Represents an individual cache node in a snapshot of + a cluster. properties: cacheClusterID: type: string @@ -138,6 +202,9 @@ spec: cacheSize: type: string nodeGroupConfiguration: + description: 'Node group (shard) configuration options. Each + node group (shard) configuration has the following: Slots, + PrimaryAvailabilityZone, ReplicaAvailabilityZones, ReplicaCount.' properties: nodeGroupID: type: string @@ -167,38 +234,71 @@ spec: type: object type: array numCacheNodes: + description: "The number of cache nodes in the source cluster. \n + For clusters running Redis, this value must be 1. For clusters running + Memcached, this value must be between 1 and 40." format: int64 type: integer numNodeGroups: + description: The number of node groups (shards) in this snapshot. + When restoring from a snapshot, the number of node groups (shards) + in the snapshot and in the restored replication group must be the + same. format: int64 type: integer port: + description: The port number used by each cache nodes in the source + cluster. format: int64 type: integer preferredAvailabilityZone: + description: The name of the Availability Zone in which the source + cluster is located. type: string preferredMaintenanceWindow: + description: "Specifies the weekly time range during which maintenance + on the cluster is performed. It is specified as a range in the format + ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance + window is a 60 minute period. \n Valid values for ddd are: \n * + sun \n * mon \n * tue \n * wed \n * thu \n * fri + \n * sat \n Example: sun:23:00-mon:01:30" type: string preferredOutpostARN: + description: The ARN (Amazon Resource Name) of the preferred outpost. type: string replicationGroupDescription: + description: A description of the source replication group. type: string snapshotRetentionLimit: + description: "For an automatic snapshot, the number of days for which + ElastiCache retains the snapshot before deleting it. \n For manual + snapshots, this field reflects the SnapshotRetentionLimit for the + source cluster when the snapshot was created. This field is otherwise + ignored: Manual snapshots do not expire, and can only be deleted + using the DeleteSnapshot operation. \n Important If the value of + SnapshotRetentionLimit is set to zero (0), backups are turned off." format: int64 type: integer snapshotSource: + description: Indicates whether the snapshot is from an automatic backup + (automated) or was created manually (manual). type: string snapshotStatus: + description: 'The status of the snapshot. Valid values: creating | + available | restoring | copying | deleting.' type: string snapshotWindow: + description: The daily time range during which ElastiCache takes daily + snapshots of the source cluster. type: string topicARN: + description: The Amazon Resource Name (ARN) for the topic used by + the source cluster for publishing notifications. type: string vpcID: + description: The Amazon Virtual Private Cloud identifier (VPC ID) + of the cache subnet group for the source cluster. type: string - required: - - ackResourceMetadata - - conditions type: object type: object served: true diff --git a/helm/crds/elasticache.services.k8s.aws_usergroups.yaml b/helm/crds/elasticache.services.k8s.aws_usergroups.yaml new file mode 100644 index 00000000..508d8074 --- /dev/null +++ b/helm/crds/elasticache.services.k8s.aws_usergroups.yaml @@ -0,0 +1,145 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: usergroups.elasticache.services.k8s.aws +spec: + group: elasticache.services.k8s.aws + names: + kind: UserGroup + listKind: UserGroupList + plural: usergroups + singular: usergroup + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: UserGroup is the Schema for the UserGroups API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + engine: + description: The current supported value is Redis. + type: string + userGroupID: + description: The ID of the user group. + type: string + userIDs: + description: The list of user IDs that belong to the user group. + items: + type: string + type: array + required: + - engine + - userGroupID + type: object + status: + description: UserGroupStatus defines the observed state of UserGroup + properties: + ackResourceMetadata: + description: All CRs managed by ACK have a common `Status.ACKResourceMetadata` + member that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: 'ARN is the Amazon Resource Name for the resource. + This is a globally-unique identifier and is set only by the + ACK service controller once the controller has orchestrated + the creation of the resource OR when it has verified that an + "adopted" resource (a resource where the ARN annotation was + set by the Kubernetes user on the CR) exists and matches the + supplied CR''s Spec field values. TODO(vijat@): Find a better + strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270' + type: string + ownerAccountID: + description: OwnerAccountID is the AWS Account ID of the account + that owns the backend AWS service API resource. + type: string + required: + - ownerAccountID + type: object + conditions: + description: All CRS managed by ACK have a common `Status.Conditions` + member that contains a collection of `ackv1alpha1.Condition` objects + that describe the various terminal states of the CR and its backend + AWS service API resource + items: + description: Condition is the common struct used by all CRDs managed + by ACK service controllers to indicate terminal states of the + CR and its backend AWS service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + pendingChanges: + description: A list of updates being applied to the user groups. + properties: + userIDsToAdd: + items: + type: string + type: array + userIDsToRemove: + items: + type: string + type: array + type: object + replicationGroups: + description: A list of replication groups that the user group can + access. + items: + type: string + type: array + status: + description: Indicates user group status. Can be "creating", "active", + "modifying", "deleting". + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/helm/crds/elasticache.services.k8s.aws_users.yaml b/helm/crds/elasticache.services.k8s.aws_users.yaml new file mode 100644 index 00000000..6d677f8a --- /dev/null +++ b/helm/crds/elasticache.services.k8s.aws_users.yaml @@ -0,0 +1,176 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: users.elasticache.services.k8s.aws +spec: + group: elasticache.services.k8s.aws + names: + kind: User + listKind: UserList + plural: users + singular: user + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: User is the Schema for the Users API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + accessString: + description: Access permissions string used for this user. + type: string + engine: + description: The current supported value is Redis. + type: string + noPasswordRequired: + description: Indicates a password is not required for this user. + type: boolean + passwords: + description: Passwords used for this user. You can create up to two + passwords for each user. + items: + description: SecretKeyReference combines a k8s corev1.SecretReference + with a specific key within the referred-to Secret + properties: + key: + description: Key is the key within the secret + type: string + name: + description: Name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + required: + - key + type: object + type: array + userID: + description: The ID of the user. + type: string + userName: + description: The username of the user. + type: string + required: + - accessString + - engine + - userID + - userName + type: object + status: + description: UserStatus defines the observed state of User + properties: + ackResourceMetadata: + description: All CRs managed by ACK have a common `Status.ACKResourceMetadata` + member that is used to contain resource sync state, account ownership, + constructed ARN for the resource + properties: + arn: + description: 'ARN is the Amazon Resource Name for the resource. + This is a globally-unique identifier and is set only by the + ACK service controller once the controller has orchestrated + the creation of the resource OR when it has verified that an + "adopted" resource (a resource where the ARN annotation was + set by the Kubernetes user on the CR) exists and matches the + supplied CR''s Spec field values. TODO(vijat@): Find a better + strategy for resources that do not have ARN in CreateOutputResponse + https://github.com/aws/aws-controllers-k8s/issues/270' + type: string + ownerAccountID: + description: OwnerAccountID is the AWS Account ID of the account + that owns the backend AWS service API resource. + type: string + required: + - ownerAccountID + type: object + authentication: + description: Denotes whether the user requires a password to authenticate. + properties: + passwordCount: + format: int64 + type: integer + type_: + type: string + type: object + conditions: + description: All CRS managed by ACK have a common `Status.Conditions` + member that contains a collection of `ackv1alpha1.Condition` objects + that describe the various terminal states of the CR and its backend + AWS service API resource + items: + description: Condition is the common struct used by all CRDs managed + by ACK service controllers to indicate terminal states of the + CR and its backend AWS service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + expandedAccessString: + description: Access permissions string used for this user. + type: string + lastRequestedAccessString: + description: Access permissions string used for this user. + type: string + status: + description: Indicates the user status. Can be "active", "modifying" + or "deleting". + type: string + userGroupIDs: + description: Returns a list of the user group IDs the user belongs + to. + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/helm/crds/services.k8s.aws_adoptedresources.yaml b/helm/crds/services.k8s.aws_adoptedresources.yaml new file mode 100644 index 00000000..a64411af --- /dev/null +++ b/helm/crds/services.k8s.aws_adoptedresources.yaml @@ -0,0 +1,233 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: adoptedresources.services.k8s.aws +spec: + group: services.k8s.aws + names: + kind: AdoptedResource + listKind: AdoptedResourceList + plural: adoptedresources + singular: adoptedresource + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AdoptedResource is the schema for the AdoptedResource API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AdoptedResourceSpec defines the desired state of the AdoptedResource. + properties: + aws: + description: AWSIdentifiers provide all unique ways to reference an + AWS resource. + properties: + additionalKeys: + additionalProperties: + type: string + description: AdditionalKeys represents any additional arbitrary + identifiers used when describing the target resource. + type: object + arn: + description: ARN is the AWS Resource Name for the resource. It + is a globally unique identifier. + type: string + nameOrID: + description: NameOrId is a user-supplied string identifier for + the resource. It may or may not be globally unique, depending + on the type of resource. + type: string + type: object + kubernetes: + description: TargetKubernetesResource provides all the values necessary + to identify a given ACK type and override any metadata values when + creating a resource of that type. + properties: + group: + type: string + kind: + type: string + metadata: + description: "ObjectMeta is metadata that all persisted resources + must have, which includes all objects users must create. It + is not possible to use `metav1.ObjectMeta` inside spec, as the + controller-gen automatically converts this to an arbitrary string-string + map. https://github.com/kubernetes-sigs/controller-tools/issues/385 + \n Active discussion about inclusion of this field in the spec + is happening in this PR: https://github.com/kubernetes-sigs/controller-tools/pull/395 + \n Until this is allowed, or if it never is, we will produce + a subset of the object meta that contains only the fields which + the user is allowed to modify in the metadata." + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + generateName: + description: "GenerateName is an optional prefix, used by + the server, to generate a unique name ONLY IF the Name field + has not been provided. If this field is used, the name returned + to the client will be different than the name passed. This + value will also be combined with a unique suffix. The provided + value has the same validation rules as the Name field, and + may be truncated by the length of the suffix required to + make the value unique on the server. \n If this field is + specified and the generated name exists, the server will + NOT return a 409 - instead, it will either return 201 Created + or 500 with Reason ServerTimeout indicating a unique name + could not be found in the time allotted, and the client + should retry (optionally after the time indicated in the + Retry-After header). \n Applied only if Name is not specified. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" + type: string + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required + when creating resources, although some resources may allow + a client to request the generation of an appropriate name + automatically. Name is primarily intended for creation idempotence + and configuration definition. Cannot be updated. More info: + http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: "Namespace defines the space within each name + must be unique. An empty namespace is equivalent to the + \"default\" namespace, but \"default\" is the canonical + representation. Not all objects are required to be scoped + to a namespace - the value of this field for those objects + will be empty. \n Must be a DNS_LABEL. Cannot be updated. + More info: http://kubernetes.io/docs/user-guide/namespaces" + type: string + ownerReferences: + description: List of objects depended by this object. If ALL + objects in the list have been deleted, this object will + be garbage collected. If this object is managed by a controller, + then an entry in this list will point to this controller, + with the controller field set to true. There cannot be more + than one managing controller. + items: + description: OwnerReference contains enough information + to let you identify an owning object. An owning object + must be in the same namespace as the dependent, or be + cluster-scoped, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" + finalizer, then the owner cannot be deleted from the + key-value store until this reference is removed. Defaults + to false. To set this field, a user needs "delete" + permission of the owner, otherwise 422 (Unprocessable + Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing + controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + type: array + type: object + required: + - group + - kind + type: object + required: + - aws + - kubernetes + type: object + status: + description: AdoptedResourceStatus defines the observed status of the + AdoptedResource. + properties: + conditions: + description: A collection of `ackv1alpha1.Condition` objects that + describe the various terminal states of the adopted resource CR + and its target custom resource + items: + description: Condition is the common struct used by all CRDs managed + by ACK service controllers to indicate terminal states of the + CR and its backend AWS service API resource + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type is the type of the Condition + type: string + required: + - status + - type + type: object + type: array + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/helm/templates/cluster-role-controller.yaml b/helm/templates/cluster-role-controller.yaml index dbb40fb9..795203ed 100644 --- a/helm/templates/cluster-role-controller.yaml +++ b/helm/templates/cluster-role-controller.yaml @@ -22,6 +22,14 @@ rules: - get - list - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch - apiGroups: - elasticache.services.k8s.aws resources: @@ -102,3 +110,63 @@ rules: - get - patch - update +- apiGroups: + - elasticache.services.k8s.aws + resources: + - usergroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - elasticache.services.k8s.aws + resources: + - usergroups/status + verbs: + - get + - patch + - update +- apiGroups: + - elasticache.services.k8s.aws + resources: + - users + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - elasticache.services.k8s.aws + resources: + - users/status + verbs: + - get + - patch + - update +- apiGroups: + - services.k8s.aws + resources: + - adoptedresources + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - services.k8s.aws + resources: + - adoptedresources/status + verbs: + - get + - patch + - update diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index e433186e..a4cc60f5 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -47,6 +47,8 @@ spec: - "$(ACK_LOG_LEVEL)" - --resource-tags - "$(ACK_RESOURCE_TAGS)" + - --watch-namespace + - "$(ACK_WATCH_NAMESPACE)" image: {{ .Values.image.repository }}:{{ .Values.image.tag }} name: controller ports: @@ -58,8 +60,16 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: AWS_ACCOUNT_ID + value: {{ .Values.aws.account_id | quote }} - name: AWS_REGION value: {{ .Values.aws.region }} + - name: ACK_WATCH_NAMESPACE + value: {{ .Values.watchNamespace }} + - name: ACK_ENABLE_DEVELOPMENT_LOGGING + value: {{ .Values.log.enable_development_logging | quote }} + - name: ACK_LOG_LEVEL + value: {{ .Values.log.level | quote }} - name: ACK_RESOURCE_TAGS value: {{ join "," .Values.resourceTags | quote }} terminationGracePeriodSeconds: 10 diff --git a/helm/templates/metrics-service.yaml b/helm/templates/metrics-service.yaml new file mode 100644 index 00000000..24cf69f3 --- /dev/null +++ b/helm/templates/metrics-service.yaml @@ -0,0 +1,30 @@ +{{- if .Values.metrics.service.create }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "app.fullname" . }}-metrics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + k8s-app: {{ include "app.name" . }} + helm.sh/chart: {{ include "chart.name-version" . }} + control-plane: controller +spec: + selector: + app.kubernetes.io/name: {{ include "app.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: Helm + k8s-app: {{ include "app.name" . }} +{{- range $key, $value := .Values.deployment.labels }} + {{ $key }}: {{ $value | quote }} +{{- end }} + type: {{ .Values.metrics.service.type }} + ports: + - name: metricsport + port: 8080 + targetPort: 8080 + protocol: TCP +{{- end }} \ No newline at end of file diff --git a/helm/templates/role-reader.yaml b/helm/templates/role-reader.yaml index b06f26de..aa520863 100644 --- a/helm/templates/role-reader.yaml +++ b/helm/templates/role-reader.yaml @@ -13,6 +13,8 @@ rules: - cachesubnetgroups - replicationgroups - snapshots + - users + - usergroups verbs: - get - list diff --git a/helm/templates/role-writer.yaml b/helm/templates/role-writer.yaml index 88dba829..8ec6e3e0 100644 --- a/helm/templates/role-writer.yaml +++ b/helm/templates/role-writer.yaml @@ -17,6 +17,10 @@ rules: - snapshots + - users + + - usergroups + verbs: - create - delete @@ -32,6 +36,8 @@ rules: - cachesubnetgroups - replicationgroups - snapshots + - users + - usergroups verbs: - get - patch diff --git a/helm/values.yaml b/helm/values.yaml index 9d3db49d..a0ff0a0a 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -4,7 +4,7 @@ image: repository: public.ecr.aws/aws-controllers-k8s/controller - tag: elasticache-v0.0.3 + tag: elasticache-v0.0.4 pullPolicy: IfNotPresent pullSecrets: [] @@ -16,6 +16,15 @@ deployment: labels: {} containerPort: 8080 +metrics: + service: + # Set to true to automatically create a Kubernetes Service resource for the + # Prometheus metrics server endpoint in controller + create: false + # Which Type to use for the Kubernetes Service? + # See: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + type: "ClusterIP" + resources: requests: memory: "64Mi" @@ -27,6 +36,15 @@ resources: aws: # If specified, use the AWS region for AWS API calls region: "" + account_id: "" + +# log level for the controller +log: + enable_development_logging: false + level: info + +# If specified, the service controller will watch for object creation only in the provided namespace +watchNamespace: "" resourceTags: # Configures the ACK service controller to always set key/value pairs tags on resources that it manages.