From 83c49240706453542d1754c49fd3aceb54fba823 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 12 Oct 2021 12:22:04 +0100 Subject: [PATCH 1/2] upgrade to helm 174.25 --- kustomize/base/operator/clusterrole.yaml | 5 +- .../base/operator/clusterrolebinding.yaml | 11 +- kustomize/base/operator/deployment.yaml | 9 +- kustomize/base/operator/licensing.yaml | 2 +- kustomize/base/operator/service.yaml | 3 +- kustomize/base/operator/serviceaccount.yaml | 3 +- .../crds/platform.confluent.io_connects.yaml | 377 ++--- .../platform.confluent.io_controlcenters.yaml | 365 ++--- ...latform.confluent.io_kafkarestclasses.yaml | 66 +- .../crds/platform.confluent.io_kafkas.yaml | 1395 ++++------------- .../platform.confluent.io_kafkatopics.yaml | 33 +- .../crds/platform.confluent.io_ksqldbs.yaml | 365 ++--- ...latform.confluent.io_schemaregistries.yaml | 376 ++--- .../platform.confluent.io_zookeepers.yaml | 112 ++ kustomize/helm/update_helm.sh | 3 +- 15 files changed, 883 insertions(+), 2242 deletions(-) diff --git a/kustomize/base/operator/clusterrole.yaml b/kustomize/base/operator/clusterrole.yaml index b98071a..8b2cae7 100644 --- a/kustomize/base/operator/clusterrole.yaml +++ b/kustomize/base/operator/clusterrole.yaml @@ -1,7 +1,7 @@ --- # Source: confluent-for-kubernetes/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: labels: app: confluent-for-kubernetes @@ -9,8 +9,9 @@ metadata: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: confluent-for-kubernetes-0.174.13 + helm.sh/chart: confluent-for-kubernetes-0.174.25 name: confluent-operator + namespace: default rules: - apiGroups: - cluster.confluent.com diff --git a/kustomize/base/operator/clusterrolebinding.yaml b/kustomize/base/operator/clusterrolebinding.yaml index b8f0db3..19a6b64 100644 --- a/kustomize/base/operator/clusterrolebinding.yaml +++ b/kustomize/base/operator/clusterrolebinding.yaml @@ -1,4 +1,6 @@ -kind: ClusterRoleBinding +--- +# Source: confluent-for-kubernetes/templates/clusterrolebinding.yaml +kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: @@ -7,13 +9,14 @@ metadata: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: confluent-for-kubernetes-0.174.13 + helm.sh/chart: confluent-for-kubernetes-0.174.25 name: confluent-operator + namespace: default subjects: - kind: ServiceAccount name: confluent-for-kubernetes - namespace: sandbox + namespace: default roleRef: - kind: ClusterRole + kind: Role name: confluent-operator apiGroup: rbac.authorization.k8s.io diff --git a/kustomize/base/operator/deployment.yaml b/kustomize/base/operator/deployment.yaml index f9aa9b2..9a0937a 100644 --- a/kustomize/base/operator/deployment.yaml +++ b/kustomize/base/operator/deployment.yaml @@ -9,9 +9,10 @@ metadata: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: confluent-for-kubernetes-0.174.13 - version: 0.174.13 + helm.sh/chart: confluent-for-kubernetes-0.174.25 + version: 0.174.25 name: confluent-operator + namespace: default spec: replicas: 1 selector: @@ -34,7 +35,7 @@ spec: app.kubernetes.io/name: "confluent-operator" app.kubernetes.io/instance: RELEASE-NAME confluent-platform: "true" - version: 0.174.13 + version: 0.174.25 spec: securityContext: fsGroup: 1001 @@ -45,7 +46,7 @@ spec: - --debug=false - --namespaces=default name: confluent-operator - image: docker.io/confluentinc/confluent-operator:0.174.13 + image: docker.io/confluentinc/confluent-operator:0.174.25 imagePullPolicy: IfNotPresent terminationMessagePath: /dev/termination-log terminationMessagePolicy: File diff --git a/kustomize/base/operator/licensing.yaml b/kustomize/base/operator/licensing.yaml index a2219a6..9a07085 100644 --- a/kustomize/base/operator/licensing.yaml +++ b/kustomize/base/operator/licensing.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: confluent-for-kubernetes-0.174.13 + helm.sh/chart: confluent-for-kubernetes-0.174.25 namespace: default name: confluent-operator-licensing type: Opaque diff --git a/kustomize/base/operator/service.yaml b/kustomize/base/operator/service.yaml index d9b0ff0..8bdc901 100644 --- a/kustomize/base/operator/service.yaml +++ b/kustomize/base/operator/service.yaml @@ -9,8 +9,9 @@ metadata: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: confluent-for-kubernetes-0.174.13 + helm.sh/chart: confluent-for-kubernetes-0.174.25 name: confluent-operator + namespace: default spec: ports: - name: http-metric diff --git a/kustomize/base/operator/serviceaccount.yaml b/kustomize/base/operator/serviceaccount.yaml index 7233437..c86edf9 100644 --- a/kustomize/base/operator/serviceaccount.yaml +++ b/kustomize/base/operator/serviceaccount.yaml @@ -11,5 +11,6 @@ metadata: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: confluent-for-kubernetes-0.174.13 + helm.sh/chart: confluent-for-kubernetes-0.174.25 name: confluent-for-kubernetes + namespace: default diff --git a/kustomize/crds/crds/platform.confluent.io_connects.yaml b/kustomize/crds/crds/platform.confluent.io_connects.yaml index e8d9cdf..42c6afb 100644 --- a/kustomize/crds/crds/platform.confluent.io_connects.yaml +++ b/kustomize/crds/crds/platform.confluent.io_connects.yaml @@ -1142,256 +1142,6 @@ spec: description: CPExternalAccess holds all external access policies for non-kafka components properties: - ingress: - description: Ingress allows to create a ingress service Not implemented - yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user wishes - to exist. - properties: - backend: - description: A default backend capable of servicing requests - that don't match any rule. At least one of 'backend' or - 'rules' must be specified. This field is optional to allow - the loadbalancer controller or defaulting logic to specify - a global default. - properties: - resource: - description: Resource is an ObjectRef to another Kubernetes - resource in the namespace of the Ingress object. If - resource is specified, serviceName and servicePort - must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the IngressClass - cluster resource. The associated IngressClass defines - which controller will implement the resource. This replaces - the deprecated `kubernetes.io/ingress.class` annotation. - For backwards compatibility, when that annotation is set, - it must be given precedence over this field. The controller - may emit a warning if the field and annotation have different - values. Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource may - be marked as default, which can be used to set a default - value for this field. For more information, refer to the - IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure the - Ingress. If unspecified, or no rule matches, all traffic - is sent to the default backend. - items: - description: IngressRule represents the rules mapping - the paths under a specified host to the related backend - services. Incoming requests are first evaluated for - a host match, then routed to the backend associated - with the matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified domain name - of a network host, as defined by RFC 3986. Note - the following deviations from the \"host\" part - of the URI as defined in RFC 3986: 1. IPs are not - allowed. Currently an IngressRuleValue can only - apply to the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected because ports - are not allowed. \t Currently the port of an Ingress - is implicitly :80 for http and \t :443 for https. - Both these may change in the future. Incoming requests - are matched against the host before the IngressRuleValue. - If the host is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a domain name - without the terminating dot of a network host (e.g. - \"foo.bar.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. - \"*.foo.com\"). The wildcard character '*' must - appear by itself as the first DNS label and matches - only a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests will - be matched against the Host field in the following - way: 1. If Host is precise, the request matches - this rule if the http host header is equal to Host. - 2. If Host is a wildcard, then the request matches - this rule if the http host header is to equal to - the suffix (removing the first label) of the wildcard - rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list of http - selectors pointing to backends. In the example: - http:///? -> backend where - where parts of the url correspond to RFC 3986, this - resource will be used to match against everything - after the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that map requests - to backends. - items: - description: HTTPIngressPath associates a path - with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: Backend defines the referenced - service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: Resource is an ObjectRef - to another Kubernetes resource in - the namespace of the Ingress object. - If resource is specified, serviceName - and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the - referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the - referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against the - path of an incoming request. Currently - it can contain characters disallowed from - the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin - with a '/'. When unspecified, all paths - from incoming requests are matched. - type: string - pathType: - description: 'PathType determines the interpretation - of the Path matching. PathType can be - one of the following values: * Exact: - Matches the URL path exactly. * Prefix: - Matches based on a URL path prefix split - by ''/''. Matching is done on a path - element by element basis. A path element - refers is the list of labels in the - path split by the ''/'' separator. A request - is a match for path p if every p is - an element-wise prefix of p of the request - path. Note that if the last element of - the path is a substring of the last - element in request path, it is not a match - (e.g. /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching is - up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix or Exact - path types. Implementations are required - to support all path types. Defaults to - ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress only - supports a single TLS port, 443. If multiple members of - this list specify different hosts, they will be multiplexed - on the same port according to the hostname specified through - the SNI TLS extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts - with the "Host" header field used by an IngressRule, - the SNI host is used for termination and value of - the Host header is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object loadBalancer: description: LoadBalancer allows to create a kubernetes load balancer service @@ -1525,7 +1275,8 @@ spec: type: integer servicePorts: description: ServicePorts allows to specify user-provided service - port(s) + port(s) For Kafka with nodePort type, it will only apply to + kafka bootstrap service items: description: ServicePort contains information on service's port. @@ -1641,6 +1392,14 @@ spec: description: Init defines init-container name pattern: .+:.+ type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string pullSecretRef: description: 'ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that @@ -2878,24 +2637,112 @@ spec: type: string type: object type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array type: object replicas: description: Replicas is the desired number of replicas of the given Template. Change will roll the cluster format: int32 type: integer - storageClass: - description: Storage class used for creating pvc's of created connect - pods - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object telemetry: description: ConfluentTelemetry defines the confluent telemetry reporter configuration @@ -3076,6 +2923,10 @@ spec: description: AuthenticationType defines authentication type configured by a listener type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string externalEndpoint: description: ExternalEndpoint defines the external endpoint to connect to the service diff --git a/kustomize/crds/crds/platform.confluent.io_controlcenters.yaml b/kustomize/crds/crds/platform.confluent.io_controlcenters.yaml index d7d7783..0f18682 100644 --- a/kustomize/crds/crds/platform.confluent.io_controlcenters.yaml +++ b/kustomize/crds/crds/platform.confluent.io_controlcenters.yaml @@ -864,256 +864,6 @@ spec: externalAccess: description: ExternalAccess defines the external access configuration properties: - ingress: - description: Ingress allows to create a ingress service Not implemented - yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user wishes - to exist. - properties: - backend: - description: A default backend capable of servicing requests - that don't match any rule. At least one of 'backend' or - 'rules' must be specified. This field is optional to allow - the loadbalancer controller or defaulting logic to specify - a global default. - properties: - resource: - description: Resource is an ObjectRef to another Kubernetes - resource in the namespace of the Ingress object. If - resource is specified, serviceName and servicePort - must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the IngressClass - cluster resource. The associated IngressClass defines - which controller will implement the resource. This replaces - the deprecated `kubernetes.io/ingress.class` annotation. - For backwards compatibility, when that annotation is set, - it must be given precedence over this field. The controller - may emit a warning if the field and annotation have different - values. Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource may - be marked as default, which can be used to set a default - value for this field. For more information, refer to the - IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure the - Ingress. If unspecified, or no rule matches, all traffic - is sent to the default backend. - items: - description: IngressRule represents the rules mapping - the paths under a specified host to the related backend - services. Incoming requests are first evaluated for - a host match, then routed to the backend associated - with the matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified domain name - of a network host, as defined by RFC 3986. Note - the following deviations from the \"host\" part - of the URI as defined in RFC 3986: 1. IPs are not - allowed. Currently an IngressRuleValue can only - apply to the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected because ports - are not allowed. \t Currently the port of an Ingress - is implicitly :80 for http and \t :443 for https. - Both these may change in the future. Incoming requests - are matched against the host before the IngressRuleValue. - If the host is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a domain name - without the terminating dot of a network host (e.g. - \"foo.bar.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. - \"*.foo.com\"). The wildcard character '*' must - appear by itself as the first DNS label and matches - only a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests will - be matched against the Host field in the following - way: 1. If Host is precise, the request matches - this rule if the http host header is equal to Host. - 2. If Host is a wildcard, then the request matches - this rule if the http host header is to equal to - the suffix (removing the first label) of the wildcard - rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list of http - selectors pointing to backends. In the example: - http:///? -> backend where - where parts of the url correspond to RFC 3986, this - resource will be used to match against everything - after the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that map requests - to backends. - items: - description: HTTPIngressPath associates a path - with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: Backend defines the referenced - service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: Resource is an ObjectRef - to another Kubernetes resource in - the namespace of the Ingress object. - If resource is specified, serviceName - and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the - referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the - referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against the - path of an incoming request. Currently - it can contain characters disallowed from - the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin - with a '/'. When unspecified, all paths - from incoming requests are matched. - type: string - pathType: - description: 'PathType determines the interpretation - of the Path matching. PathType can be - one of the following values: * Exact: - Matches the URL path exactly. * Prefix: - Matches based on a URL path prefix split - by ''/''. Matching is done on a path - element by element basis. A path element - refers is the list of labels in the - path split by the ''/'' separator. A request - is a match for path p if every p is - an element-wise prefix of p of the request - path. Note that if the last element of - the path is a substring of the last - element in request path, it is not a match - (e.g. /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching is - up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix or Exact - path types. Implementations are required - to support all path types. Defaults to - ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress only - supports a single TLS port, 443. If multiple members of - this list specify different hosts, they will be multiplexed - on the same port according to the hostname specified through - the SNI TLS extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts - with the "Host" header field used by an IngressRule, - the SNI host is used for termination and value of - the Host header is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object loadBalancer: description: LoadBalancer allows to create a kubernetes load balancer service @@ -1247,7 +997,8 @@ spec: type: integer servicePorts: description: ServicePorts allows to specify user-provided service - port(s) + port(s) For Kafka with nodePort type, it will only apply to + kafka bootstrap service items: description: ServicePort contains information on service's port. @@ -1368,6 +1119,14 @@ spec: description: Init defines init-container name pattern: .+:.+ type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string pullSecretRef: description: 'ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that @@ -2808,6 +2567,106 @@ spec: type: string type: object type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array type: object replicas: description: Replicas is the desired number of replicas of the given @@ -3003,6 +2862,10 @@ spec: description: AuthenticationType defines authentication type configured by a listener type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string externalEndpoint: description: ExternalEndpoint defines the external endpoint to connect to the service diff --git a/kustomize/crds/crds/platform.confluent.io_kafkarestclasses.yaml b/kustomize/crds/crds/platform.confluent.io_kafkarestclasses.yaml index d685a88..56f6cf4 100644 --- a/kustomize/crds/crds/platform.confluent.io_kafkarestclasses.yaml +++ b/kustomize/crds/crds/platform.confluent.io_kafkarestclasses.yaml @@ -73,48 +73,29 @@ spec: API properties: basic: - description: BasicAuthentication defines basic authentication + description: KafkaRestBasicAuthentication defines basic authentication properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic - credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on - the server side only. Changes will be only reflected in - ControlCenter (C3). This configuration is ignored on the - client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on - the server side only. This configuration is ignored on - the client side configuration - items: - type: string - type: array secretRef: description: Name of the secret reference maxLength: 30 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string + required: + - secretRef type: object bearer: - description: BearerAuthentication used by MDS clients + description: KafkaRestBearerAuthentication defines bearer authentication, + used by MDS clients when RBAC enabled properties: - directoryPathInContainer: - minLength: 1 - type: string secretRef: description: Name of the secret reference maxLength: 30 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string + required: + - secretRef type: object type: enum: @@ -200,48 +181,29 @@ spec: API properties: basic: - description: BasicAuthentication defines basic authentication + description: KafkaRestBasicAuthentication defines basic authentication properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic - credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on - the server side only. Changes will be only reflected in - ControlCenter (C3). This configuration is ignored on the - client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on - the server side only. This configuration is ignored on - the client side configuration - items: - type: string - type: array secretRef: description: Name of the secret reference maxLength: 30 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string + required: + - secretRef type: object bearer: - description: BearerAuthentication used by MDS clients + description: KafkaRestBearerAuthentication defines bearer authentication, + used by MDS clients when RBAC enabled properties: - directoryPathInContainer: - minLength: 1 - type: string secretRef: description: Name of the secret reference maxLength: 30 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string + required: + - secretRef type: object type: enum: diff --git a/kustomize/crds/crds/platform.confluent.io_kafkas.yaml b/kustomize/crds/crds/platform.confluent.io_kafkas.yaml index 3d61f2d..44f4cce 100644 --- a/kustomize/crds/crds/platform.confluent.io_kafkas.yaml +++ b/kustomize/crds/crds/platform.confluent.io_kafkas.yaml @@ -403,6 +403,109 @@ spec: - kafka - tokenKeyPair type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring CP + component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object zookeeper: description: KafkaZookeeperDependencies properties: @@ -538,6 +641,14 @@ spec: description: Init defines init-container name pattern: .+:.+ type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string pullSecretRef: description: 'ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that @@ -656,291 +767,6 @@ spec: description: KafkaExternalAccess allows to configure external access for Kafka cluster properties: - ingress: - description: Ingress allows to create a ingress service - Not implemented yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations - for the kubernetes service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the - user wishes to exist. - properties: - backend: - description: A default backend capable of servicing - requests that don't match any rule. At least - one of 'backend' or 'rules' must be specified. - This field is optional to allow the loadbalancer - controller or defaulting logic to specify a - global default. - properties: - resource: - description: Resource is an ObjectRef to another - Kubernetes resource in the namespace of - the Ingress object. If resource is specified, - serviceName and servicePort must not be - specified. - properties: - apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the - IngressClass cluster resource. The associated - IngressClass defines which controller will implement - the resource. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when - that annotation is set, it must be given precedence - over this field. The controller may emit a warning - if the field and annotation have different values. - Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource - may be marked as default, which can be used - to set a default value for this field. For more - information, refer to the IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure - the Ingress. If unspecified, or no rule matches, - all traffic is sent to the default backend. - items: - description: IngressRule represents the rules - mapping the paths under a specified host to - the related backend services. Incoming requests - are first evaluated for a host match, then - routed to the backend associated with the - matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified - domain name of a network host, as defined - by RFC 3986. Note the following deviations - from the \"host\" part of the URI as defined - in RFC 3986: 1. IPs are not allowed. Currently - an IngressRuleValue can only apply to - \ the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected - because ports are not allowed. \t Currently - the port of an Ingress is implicitly :80 - for http and \t :443 for https. Both - these may change in the future. Incoming - requests are matched against the host - before the IngressRuleValue. If the host - is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a - domain name without the terminating dot - of a network host (e.g. \"foo.bar.com\") - or \"wildcard\", which is a domain name - prefixed with a single wildcard label - (e.g. \"*.foo.com\"). The wildcard character - '*' must appear by itself as the first - DNS label and matches only a single label. - You cannot have a wildcard label by itself - (e.g. Host == \"*\"). Requests will be - matched against the Host field in the - following way: 1. If Host is precise, - the request matches this rule if the http - host header is equal to Host. 2. If Host - is a wildcard, then the request matches - this rule if the http host header is to - equal to the suffix (removing the first - label) of the wildcard rule." - type: string - http: - description: 'HTTPIngressRuleValue is a - list of http selectors pointing to backends. - In the example: http:///? - -> backend where where parts of the url - correspond to RFC 3986, this resource - will be used to match against everything - after the last ''/'' and before the first - ''?'' or ''#''.' - properties: - paths: - description: A collection of paths that - map requests to backends. - items: - description: HTTPIngressPath associates - a path with a backend. Incoming - urls matching the path are forwarded - to the backend. - properties: - backend: - description: Backend defines the - referenced service endpoint - to which the traffic will be - forwarded to. - properties: - resource: - description: Resource is an - ObjectRef to another Kubernetes - resource in the namespace - of the Ingress object. If - resource is specified, serviceName - and servicePort must not - be specified. - properties: - apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the - name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the - port of the referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against - the path of an incoming request. - Currently it can contain characters - disallowed from the conventional - "path" part of a URL as defined - by RFC 3986. Paths must begin - with a '/'. When unspecified, - all paths from incoming requests - are matched. - type: string - pathType: - description: 'PathType determines - the interpretation of the Path - matching. PathType can be one - of the following values: * Exact: - Matches the URL path exactly. - * Prefix: Matches based on a - URL path prefix split by ''/''. - Matching is done on a path - element by element basis. A - path element refers is the list - of labels in the path split - by the ''/'' separator. A request - is a match for path p if every - p is an element-wise prefix - of p of the request path. - Note that if the last element - of the path is a substring of - the last element in request - path, it is not a match (e.g. - /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). - * ImplementationSpecific: Interpretation - of the Path matching is up to the - IngressClass. Implementations - can treat this as a separate - PathType or treat it identically - to Prefix or Exact path types. - Implementations are required - to support all path types. Defaults - to ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the - Ingress only supports a single TLS port, 443. - If multiple members of this list specify different - hosts, they will be multiplexed on the same - port according to the hostname specified through - the SNI TLS extension, if the ingress controller - fulfilling the ingress supports SNI. - items: - description: IngressTLS describes the transport - layer security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included - in the TLS certificate. The values in - this list must match the name/s used in - the tlsSecret. Defaults to the wildcard - host setting for the loadbalancer controller - fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the - secret used to terminate TLS traffic on - port 443. Field is left optional to allow - TLS routing based on SNI hostname alone. - If the SNI host in a listener conflicts - with the "Host" header field used by an - IngressRule, the SNI host is used for - termination and value of the Host header - is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object loadBalancer: description: LoadBalancer allows to create a kubernetes load balancer service @@ -1085,7 +911,8 @@ spec: type: integer servicePorts: description: ServicePorts allows to specify user-provided - service port(s) + service port(s) For Kafka with nodePort type, it + will only apply to kafka bootstrap service items: description: ServicePort contains information on service's port. @@ -1383,284 +1210,6 @@ spec: description: KafkaExternalAccess allows to configure external access for Kafka cluster properties: - ingress: - description: Ingress allows to create a ingress service - Not implemented yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user - wishes to exist. - properties: - backend: - description: A default backend capable of servicing - requests that don't match any rule. At least one - of 'backend' or 'rules' must be specified. This - field is optional to allow the loadbalancer controller - or defaulting logic to specify a global default. - properties: - resource: - description: Resource is an ObjectRef to another - Kubernetes resource in the namespace of the - Ingress object. If resource is specified, - serviceName and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the - resource being referenced. If APIGroup - is not specified, the specified Kind must - be in the core API group. For any other - third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the - IngressClass cluster resource. The associated - IngressClass defines which controller will implement - the resource. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when - that annotation is set, it must be given precedence - over this field. The controller may emit a warning - if the field and annotation have different values. - Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource - may be marked as default, which can be used to - set a default value for this field. For more information, - refer to the IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure - the Ingress. If unspecified, or no rule matches, - all traffic is sent to the default backend. - items: - description: IngressRule represents the rules - mapping the paths under a specified host to - the related backend services. Incoming requests - are first evaluated for a host match, then routed - to the backend associated with the matching - IngressRuleValue. - properties: - host: - description: "Host is the fully qualified - domain name of a network host, as defined - by RFC 3986. Note the following deviations - from the \"host\" part of the URI as defined - in RFC 3986: 1. IPs are not allowed. Currently - an IngressRuleValue can only apply to the - IP in the Spec of the parent Ingress. 2. - The `:` delimiter is not respected because - ports are not allowed. \t Currently the - port of an Ingress is implicitly :80 for - http and \t :443 for https. Both these - may change in the future. Incoming requests - are matched against the host before the - IngressRuleValue. If the host is unspecified, - the Ingress routes all traffic based on - the specified IngressRuleValue. \n Host - can be \"precise\" which is a domain name - without the terminating dot of a network - host (e.g. \"foo.bar.com\") or \"wildcard\", - which is a domain name prefixed with a single - wildcard label (e.g. \"*.foo.com\"). The - wildcard character '*' must appear by itself - as the first DNS label and matches only - a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests - will be matched against the Host field in - the following way: 1. If Host is precise, - the request matches this rule if the http - host header is equal to Host. 2. If Host - is a wildcard, then the request matches - this rule if the http host header is to - equal to the suffix (removing the first - label) of the wildcard rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list - of http selectors pointing to backends. - In the example: http:///? - -> backend where where parts of the url - correspond to RFC 3986, this resource will - be used to match against everything after - the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that - map requests to backends. - items: - description: HTTPIngressPath associates - a path with a backend. Incoming urls - matching the path are forwarded to - the backend. - properties: - backend: - description: Backend defines the - referenced service endpoint to - which the traffic will be forwarded - to. - properties: - resource: - description: Resource is an - ObjectRef to another Kubernetes - resource in the namespace - of the Ingress object. If - resource is specified, serviceName - and servicePort must not be - specified. - properties: - apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name - of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port - of the referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against - the path of an incoming request. - Currently it can contain characters - disallowed from the conventional - "path" part of a URL as defined - by RFC 3986. Paths must begin - with a '/'. When unspecified, - all paths from incoming requests - are matched. - type: string - pathType: - description: 'PathType determines - the interpretation of the Path - matching. PathType can be one - of the following values: * Exact: - Matches the URL path exactly. - * Prefix: Matches based on a URL - path prefix split by ''/''. Matching - is done on a path element by - element basis. A path element - refers is the list of labels - in the path split by the ''/'' - separator. A request is a match - for path p if every p is an element-wise - prefix of p of the request path. - Note that if the last element - of the path is a substring of - the last element in request path, - it is not a match (e.g. /foo/bar matches - /foo/bar/baz, but does not match - /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching - is up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix - or Exact path types. Implementations - are required to support all path - types. Defaults to ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress - only supports a single TLS port, 443. If multiple - members of this list specify different hosts, - they will be multiplexed on the same port according - to the hostname specified through the SNI TLS - extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport - layer security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included - in the TLS certificate. The values in this - list must match the name/s used in the tlsSecret. - Defaults to the wildcard host setting for - the loadbalancer controller fulfilling this - Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the - secret used to terminate TLS traffic on - port 443. Field is left optional to allow - TLS routing based on SNI hostname alone. - If the SNI host in a listener conflicts - with the "Host" header field used by an - IngressRule, the SNI host is used for termination - and value of the Host header is used for - routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object loadBalancer: description: LoadBalancer allows to create a kubernetes load balancer service @@ -1801,7 +1350,8 @@ spec: type: integer servicePorts: description: ServicePorts allows to specify user-provided - service port(s) + service port(s) For Kafka with nodePort type, it will + only apply to kafka bootstrap service items: description: ServicePort contains information on service's port. @@ -3391,6 +2941,106 @@ spec: type: string type: object type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array type: object rackAssignment: description: RackAssignment defines the rack awareness capability for @@ -3422,288 +3072,55 @@ spec: kafkaRest: description: RestApiServer embedded rest api server properties: - externalAccess: - description: CPExternalAccess holds all external access policies - for non-kafka components + authentication: + description: RestServerAuthentication server authentication + support to the CP Component properties: - ingress: - description: Ingress allows to create a ingress service - Not implemented yet! + basic: + description: Basic defines basic authentication properties: - annotations: - additionalProperties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: type: string - description: Annotations allows to add annotations for - the kubernetes service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user - wishes to exist. - properties: - backend: - description: A default backend capable of servicing - requests that don't match any rule. At least one - of 'backend' or 'rules' must be specified. This - field is optional to allow the loadbalancer controller - or defaulting logic to specify a global default. - properties: - resource: - description: Resource is an ObjectRef to another - Kubernetes resource in the namespace of the - Ingress object. If resource is specified, - serviceName and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the - resource being referenced. If APIGroup - is not specified, the specified Kind must - be in the core API group. For any other - third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the - IngressClass cluster resource. The associated - IngressClass defines which controller will implement - the resource. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when - that annotation is set, it must be given precedence - over this field. The controller may emit a warning - if the field and annotation have different values. - Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource - may be marked as default, which can be used to - set a default value for this field. For more information, - refer to the IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure - the Ingress. If unspecified, or no rule matches, - all traffic is sent to the default backend. - items: - description: IngressRule represents the rules - mapping the paths under a specified host to - the related backend services. Incoming requests - are first evaluated for a host match, then routed - to the backend associated with the matching - IngressRuleValue. - properties: - host: - description: "Host is the fully qualified - domain name of a network host, as defined - by RFC 3986. Note the following deviations - from the \"host\" part of the URI as defined - in RFC 3986: 1. IPs are not allowed. Currently - an IngressRuleValue can only apply to the - IP in the Spec of the parent Ingress. 2. - The `:` delimiter is not respected because - ports are not allowed. \t Currently the - port of an Ingress is implicitly :80 for - http and \t :443 for https. Both these - may change in the future. Incoming requests - are matched against the host before the - IngressRuleValue. If the host is unspecified, - the Ingress routes all traffic based on - the specified IngressRuleValue. \n Host - can be \"precise\" which is a domain name - without the terminating dot of a network - host (e.g. \"foo.bar.com\") or \"wildcard\", - which is a domain name prefixed with a single - wildcard label (e.g. \"*.foo.com\"). The - wildcard character '*' must appear by itself - as the first DNS label and matches only - a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests - will be matched against the Host field in - the following way: 1. If Host is precise, - the request matches this rule if the http - host header is equal to Host. 2. If Host - is a wildcard, then the request matches - this rule if the http host header is to - equal to the suffix (removing the first - label) of the wildcard rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list - of http selectors pointing to backends. - In the example: http:///? - -> backend where where parts of the url - correspond to RFC 3986, this resource will - be used to match against everything after - the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that - map requests to backends. - items: - description: HTTPIngressPath associates - a path with a backend. Incoming urls - matching the path are forwarded to - the backend. - properties: - backend: - description: Backend defines the - referenced service endpoint to - which the traffic will be forwarded - to. - properties: - resource: - description: Resource is an - ObjectRef to another Kubernetes - resource in the namespace - of the Ingress object. If - resource is specified, serviceName - and servicePort must not be - specified. - properties: - apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name - of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port - of the referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against - the path of an incoming request. - Currently it can contain characters - disallowed from the conventional - "path" part of a URL as defined - by RFC 3986. Paths must begin - with a '/'. When unspecified, - all paths from incoming requests - are matched. - type: string - pathType: - description: 'PathType determines - the interpretation of the Path - matching. PathType can be one - of the following values: * Exact: - Matches the URL path exactly. - * Prefix: Matches based on a URL - path prefix split by ''/''. Matching - is done on a path element by - element basis. A path element - refers is the list of labels - in the path split by the ''/'' - separator. A request is a match - for path p if every p is an element-wise - prefix of p of the request path. - Note that if the last element - of the path is a substring of - the last element in request path, - it is not a match (e.g. /foo/bar matches - /foo/bar/baz, but does not match - /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching - is up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix - or Exact path types. Implementations - are required to support all path - types. Defaults to ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress - only supports a single TLS port, 443. If multiple - members of this list specify different hosts, - they will be multiplexed on the same port according - to the hostname specified through the SNI TLS - extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport - layer security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included - in the TLS certificate. The values in this - list must match the name/s used in the tlsSecret. - Defaults to the wildcard host setting for - the loadbalancer controller fulfilling this - Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the - secret used to terminate TLS traffic on - port 443. Field is left optional to allow - TLS routing based on SNI hostname alone. - If the SNI host in a listener conflicts - with the "Host" header field used by an - IngressRule, the SNI host is used for termination - and value of the Host header is used for - routing. - type: string - type: object - type: array - type: object - required: - - spec + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string type: object + type: + description: Type defines supported authentication scheme + for Rest Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: loadBalancer: description: LoadBalancer allows to create a kubernetes load balancer service @@ -3844,7 +3261,8 @@ spec: type: integer servicePorts: description: ServicePorts allows to specify user-provided - service port(s) + service port(s) For Kafka with nodePort type, it will + only apply to kafka bootstrap service items: description: ServicePort contains information on service's port. @@ -4019,284 +3437,6 @@ spec: description: CPExternalAccess holds all external access policies for non-kafka components properties: - ingress: - description: Ingress allows to create a ingress service - Not implemented yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user - wishes to exist. - properties: - backend: - description: A default backend capable of servicing - requests that don't match any rule. At least one - of 'backend' or 'rules' must be specified. This - field is optional to allow the loadbalancer controller - or defaulting logic to specify a global default. - properties: - resource: - description: Resource is an ObjectRef to another - Kubernetes resource in the namespace of the - Ingress object. If resource is specified, - serviceName and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the - resource being referenced. If APIGroup - is not specified, the specified Kind must - be in the core API group. For any other - third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the - IngressClass cluster resource. The associated - IngressClass defines which controller will implement - the resource. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when - that annotation is set, it must be given precedence - over this field. The controller may emit a warning - if the field and annotation have different values. - Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource - may be marked as default, which can be used to - set a default value for this field. For more information, - refer to the IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure - the Ingress. If unspecified, or no rule matches, - all traffic is sent to the default backend. - items: - description: IngressRule represents the rules - mapping the paths under a specified host to - the related backend services. Incoming requests - are first evaluated for a host match, then routed - to the backend associated with the matching - IngressRuleValue. - properties: - host: - description: "Host is the fully qualified - domain name of a network host, as defined - by RFC 3986. Note the following deviations - from the \"host\" part of the URI as defined - in RFC 3986: 1. IPs are not allowed. Currently - an IngressRuleValue can only apply to the - IP in the Spec of the parent Ingress. 2. - The `:` delimiter is not respected because - ports are not allowed. \t Currently the - port of an Ingress is implicitly :80 for - http and \t :443 for https. Both these - may change in the future. Incoming requests - are matched against the host before the - IngressRuleValue. If the host is unspecified, - the Ingress routes all traffic based on - the specified IngressRuleValue. \n Host - can be \"precise\" which is a domain name - without the terminating dot of a network - host (e.g. \"foo.bar.com\") or \"wildcard\", - which is a domain name prefixed with a single - wildcard label (e.g. \"*.foo.com\"). The - wildcard character '*' must appear by itself - as the first DNS label and matches only - a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests - will be matched against the Host field in - the following way: 1. If Host is precise, - the request matches this rule if the http - host header is equal to Host. 2. If Host - is a wildcard, then the request matches - this rule if the http host header is to - equal to the suffix (removing the first - label) of the wildcard rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list - of http selectors pointing to backends. - In the example: http:///? - -> backend where where parts of the url - correspond to RFC 3986, this resource will - be used to match against everything after - the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that - map requests to backends. - items: - description: HTTPIngressPath associates - a path with a backend. Incoming urls - matching the path are forwarded to - the backend. - properties: - backend: - description: Backend defines the - referenced service endpoint to - which the traffic will be forwarded - to. - properties: - resource: - description: Resource is an - ObjectRef to another Kubernetes - resource in the namespace - of the Ingress object. If - resource is specified, serviceName - and servicePort must not be - specified. - properties: - apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name - of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port - of the referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against - the path of an incoming request. - Currently it can contain characters - disallowed from the conventional - "path" part of a URL as defined - by RFC 3986. Paths must begin - with a '/'. When unspecified, - all paths from incoming requests - are matched. - type: string - pathType: - description: 'PathType determines - the interpretation of the Path - matching. PathType can be one - of the following values: * Exact: - Matches the URL path exactly. - * Prefix: Matches based on a URL - path prefix split by ''/''. Matching - is done on a path element by - element basis. A path element - refers is the list of labels - in the path split by the ''/'' - separator. A request is a match - for path p if every p is an element-wise - prefix of p of the request path. - Note that if the last element - of the path is a substring of - the last element in request path, - it is not a match (e.g. /foo/bar matches - /foo/bar/baz, but does not match - /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching - is up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix - or Exact path types. Implementations - are required to support all path - types. Defaults to ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress - only supports a single TLS port, 443. If multiple - members of this list specify different hosts, - they will be multiplexed on the same port according - to the hostname specified through the SNI TLS - extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport - layer security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included - in the TLS certificate. The values in this - list must match the name/s used in the tlsSecret. - Defaults to the wildcard host setting for - the loadbalancer controller fulfilling this - Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the - secret used to terminate TLS traffic on - port 443. Field is left optional to allow - TLS routing based on SNI hostname alone. - If the SNI host in a listener conflicts - with the "Host" header field used by an - IngressRule, the SNI host is used for termination - and value of the Host header is used for - routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object loadBalancer: description: LoadBalancer allows to create a kubernetes load balancer service @@ -4437,7 +3577,8 @@ spec: type: integer servicePorts: description: ServicePorts allows to specify user-provided - service port(s) + service port(s) For Kafka with nodePort type, it will + only apply to kafka bootstrap service items: description: ServicePort contains information on service's port. @@ -4903,6 +4044,10 @@ spec: type: string client: type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string externalEndpoint: description: ExternalEndpoint defines the external endpoint to connect to the service @@ -4951,6 +4096,10 @@ spec: description: AuthenticationType defines authentication type configured by a listener type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string externalEndpoint: description: ExternalEndpoint defines the external endpoint to connect to the service diff --git a/kustomize/crds/crds/platform.confluent.io_kafkatopics.yaml b/kustomize/crds/crds/platform.confluent.io_kafkatopics.yaml index 47ce7b4..bd6ba8c 100644 --- a/kustomize/crds/crds/platform.confluent.io_kafkatopics.yaml +++ b/kustomize/crds/crds/platform.confluent.io_kafkatopics.yaml @@ -91,48 +91,29 @@ spec: API properties: basic: - description: BasicAuthentication defines basic authentication + description: KafkaRestBasicAuthentication defines basic authentication properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic - credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on - the server side only. Changes will be only reflected in - ControlCenter (C3). This configuration is ignored on the - client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on - the server side only. This configuration is ignored on - the client side configuration - items: - type: string - type: array secretRef: description: Name of the secret reference maxLength: 30 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string + required: + - secretRef type: object bearer: - description: BearerAuthentication used by MDS clients + description: KafkaRestBearerAuthentication defines bearer authentication, + used by MDS clients when RBAC enabled properties: - directoryPathInContainer: - minLength: 1 - type: string secretRef: description: Name of the secret reference maxLength: 30 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string + required: + - secretRef type: object type: enum: diff --git a/kustomize/crds/crds/platform.confluent.io_ksqldbs.yaml b/kustomize/crds/crds/platform.confluent.io_ksqldbs.yaml index 4c773c8..8a16e2a 100644 --- a/kustomize/crds/crds/platform.confluent.io_ksqldbs.yaml +++ b/kustomize/crds/crds/platform.confluent.io_ksqldbs.yaml @@ -770,256 +770,6 @@ spec: description: Provides configuring endpoints and services to make ksqlDB accessible from outside the cluster properties: - ingress: - description: Ingress allows to create a ingress service Not implemented - yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user wishes - to exist. - properties: - backend: - description: A default backend capable of servicing requests - that don't match any rule. At least one of 'backend' or - 'rules' must be specified. This field is optional to allow - the loadbalancer controller or defaulting logic to specify - a global default. - properties: - resource: - description: Resource is an ObjectRef to another Kubernetes - resource in the namespace of the Ingress object. If - resource is specified, serviceName and servicePort - must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the IngressClass - cluster resource. The associated IngressClass defines - which controller will implement the resource. This replaces - the deprecated `kubernetes.io/ingress.class` annotation. - For backwards compatibility, when that annotation is set, - it must be given precedence over this field. The controller - may emit a warning if the field and annotation have different - values. Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource may - be marked as default, which can be used to set a default - value for this field. For more information, refer to the - IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure the - Ingress. If unspecified, or no rule matches, all traffic - is sent to the default backend. - items: - description: IngressRule represents the rules mapping - the paths under a specified host to the related backend - services. Incoming requests are first evaluated for - a host match, then routed to the backend associated - with the matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified domain name - of a network host, as defined by RFC 3986. Note - the following deviations from the \"host\" part - of the URI as defined in RFC 3986: 1. IPs are not - allowed. Currently an IngressRuleValue can only - apply to the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected because ports - are not allowed. \t Currently the port of an Ingress - is implicitly :80 for http and \t :443 for https. - Both these may change in the future. Incoming requests - are matched against the host before the IngressRuleValue. - If the host is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a domain name - without the terminating dot of a network host (e.g. - \"foo.bar.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. - \"*.foo.com\"). The wildcard character '*' must - appear by itself as the first DNS label and matches - only a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests will - be matched against the Host field in the following - way: 1. If Host is precise, the request matches - this rule if the http host header is equal to Host. - 2. If Host is a wildcard, then the request matches - this rule if the http host header is to equal to - the suffix (removing the first label) of the wildcard - rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list of http - selectors pointing to backends. In the example: - http:///? -> backend where - where parts of the url correspond to RFC 3986, this - resource will be used to match against everything - after the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that map requests - to backends. - items: - description: HTTPIngressPath associates a path - with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: Backend defines the referenced - service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: Resource is an ObjectRef - to another Kubernetes resource in - the namespace of the Ingress object. - If resource is specified, serviceName - and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the - referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the - referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against the - path of an incoming request. Currently - it can contain characters disallowed from - the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin - with a '/'. When unspecified, all paths - from incoming requests are matched. - type: string - pathType: - description: 'PathType determines the interpretation - of the Path matching. PathType can be - one of the following values: * Exact: - Matches the URL path exactly. * Prefix: - Matches based on a URL path prefix split - by ''/''. Matching is done on a path - element by element basis. A path element - refers is the list of labels in the - path split by the ''/'' separator. A request - is a match for path p if every p is - an element-wise prefix of p of the request - path. Note that if the last element of - the path is a substring of the last - element in request path, it is not a match - (e.g. /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching is - up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix or Exact - path types. Implementations are required - to support all path types. Defaults to - ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress only - supports a single TLS port, 443. If multiple members of - this list specify different hosts, they will be multiplexed - on the same port according to the hostname specified through - the SNI TLS extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts - with the "Host" header field used by an IngressRule, - the SNI host is used for termination and value of - the Host header is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object loadBalancer: description: LoadBalancer allows to create a kubernetes load balancer service @@ -1153,7 +903,8 @@ spec: type: integer servicePorts: description: ServicePorts allows to specify user-provided service - port(s) + port(s) For Kafka with nodePort type, it will only apply to + kafka bootstrap service items: description: ServicePort contains information on service's port. @@ -1269,6 +1020,14 @@ spec: description: Init defines init-container name pattern: .+:.+ type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string pullSecretRef: description: 'ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that @@ -2499,6 +2258,106 @@ spec: type: string type: object type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array type: object replicas: description: Replicas is the desired number of replicas of the given @@ -2690,6 +2549,10 @@ spec: description: AuthenticationType defines authentication type configured by a listener type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string externalEndpoint: description: ExternalEndpoint defines the external endpoint to connect to the service diff --git a/kustomize/crds/crds/platform.confluent.io_schemaregistries.yaml b/kustomize/crds/crds/platform.confluent.io_schemaregistries.yaml index 988d12e..f0822c2 100644 --- a/kustomize/crds/crds/platform.confluent.io_schemaregistries.yaml +++ b/kustomize/crds/crds/platform.confluent.io_schemaregistries.yaml @@ -384,256 +384,6 @@ spec: externalAccess: description: ExternalAccess defines the external access configuration properties: - ingress: - description: Ingress allows to create a ingress service Not implemented - yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user wishes - to exist. - properties: - backend: - description: A default backend capable of servicing requests - that don't match any rule. At least one of 'backend' or - 'rules' must be specified. This field is optional to allow - the loadbalancer controller or defaulting logic to specify - a global default. - properties: - resource: - description: Resource is an ObjectRef to another Kubernetes - resource in the namespace of the Ingress object. If - resource is specified, serviceName and servicePort - must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the IngressClass - cluster resource. The associated IngressClass defines - which controller will implement the resource. This replaces - the deprecated `kubernetes.io/ingress.class` annotation. - For backwards compatibility, when that annotation is set, - it must be given precedence over this field. The controller - may emit a warning if the field and annotation have different - values. Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource may - be marked as default, which can be used to set a default - value for this field. For more information, refer to the - IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure the - Ingress. If unspecified, or no rule matches, all traffic - is sent to the default backend. - items: - description: IngressRule represents the rules mapping - the paths under a specified host to the related backend - services. Incoming requests are first evaluated for - a host match, then routed to the backend associated - with the matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified domain name - of a network host, as defined by RFC 3986. Note - the following deviations from the \"host\" part - of the URI as defined in RFC 3986: 1. IPs are not - allowed. Currently an IngressRuleValue can only - apply to the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected because ports - are not allowed. \t Currently the port of an Ingress - is implicitly :80 for http and \t :443 for https. - Both these may change in the future. Incoming requests - are matched against the host before the IngressRuleValue. - If the host is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a domain name - without the terminating dot of a network host (e.g. - \"foo.bar.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. - \"*.foo.com\"). The wildcard character '*' must - appear by itself as the first DNS label and matches - only a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests will - be matched against the Host field in the following - way: 1. If Host is precise, the request matches - this rule if the http host header is equal to Host. - 2. If Host is a wildcard, then the request matches - this rule if the http host header is to equal to - the suffix (removing the first label) of the wildcard - rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list of http - selectors pointing to backends. In the example: - http:///? -> backend where - where parts of the url correspond to RFC 3986, this - resource will be used to match against everything - after the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that map requests - to backends. - items: - description: HTTPIngressPath associates a path - with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: Backend defines the referenced - service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: Resource is an ObjectRef - to another Kubernetes resource in - the namespace of the Ingress object. - If resource is specified, serviceName - and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the - referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the - referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against the - path of an incoming request. Currently - it can contain characters disallowed from - the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin - with a '/'. When unspecified, all paths - from incoming requests are matched. - type: string - pathType: - description: 'PathType determines the interpretation - of the Path matching. PathType can be - one of the following values: * Exact: - Matches the URL path exactly. * Prefix: - Matches based on a URL path prefix split - by ''/''. Matching is done on a path - element by element basis. A path element - refers is the list of labels in the - path split by the ''/'' separator. A request - is a match for path p if every p is - an element-wise prefix of p of the request - path. Note that if the last element of - the path is a substring of the last - element in request path, it is not a match - (e.g. /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching is - up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix or Exact - path types. Implementations are required - to support all path types. Defaults to - ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress only - supports a single TLS port, 443. If multiple members of - this list specify different hosts, they will be multiplexed - on the same port according to the hostname specified through - the SNI TLS extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts - with the "Host" header field used by an IngressRule, - the SNI host is used for termination and value of - the Host header is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object loadBalancer: description: LoadBalancer allows to create a kubernetes load balancer service @@ -767,7 +517,8 @@ spec: type: integer servicePorts: description: ServicePorts allows to specify user-provided service - port(s) + port(s) For Kafka with nodePort type, it will only apply to + kafka bootstrap service items: description: ServicePort contains information on service's port. @@ -883,6 +634,14 @@ spec: description: Init defines init-container name pattern: .+:.+ type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string pullSecretRef: description: 'ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that @@ -2113,23 +1872,112 @@ spec: type: string type: object type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array type: object replicas: description: Replicas is the desired number of replicas of the given Template. Change will roll the cluster format: int32 type: integer - storageClass: - description: Storage defines - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object telemetry: description: ConfluentTelemetry defines the confluent telemetry reporter configuration @@ -2306,6 +2154,10 @@ spec: description: AuthenticationType defines authentication type configured by a listener type: string + externalAccessType: + description: ExternalAccessType is the external access type used + for the listener + type: string externalEndpoint: description: ExternalEndpoint defines the external endpoint to connect to the service diff --git a/kustomize/crds/crds/platform.confluent.io_zookeepers.yaml b/kustomize/crds/crds/platform.confluent.io_zookeepers.yaml index 36a4461..19b661d 100644 --- a/kustomize/crds/crds/platform.confluent.io_zookeepers.yaml +++ b/kustomize/crds/crds/platform.confluent.io_zookeepers.yaml @@ -157,6 +157,14 @@ spec: description: Init defines init-container name pattern: .+:.+ type: string + pullPolicy: + description: ImagePullPolicy, One of Always, Never, IfNotPresent. + Defaults to IfNotPresent. + enum: + - Always + - Never + - IfNotPresent + type: string pullSecretRef: description: 'ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that @@ -1390,6 +1398,106 @@ spec: type: string type: object type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. It''s the maximum permitted difference + between the number of matching pods in any two topology + domains of a given topology type. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 1/1/1; scheduling it onto zone1(zone2) would + make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. It''s a required field. Default value is 1 and 0 is + not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it - ScheduleAnyway + tells the scheduler to still schedule it It''s considered + as "Unsatisfiable" if and only if placing incoming pod on + any topology violates "MaxSkew". For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod + can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array type: object replicas: description: Replicas is the desired number of replicas of the given @@ -1520,6 +1628,10 @@ spec: items: type: string type: array + myIdOffset: + description: MyIdOffset myid offset configuration + format: int32 + type: integer operatorVersion: description: OperatorVersion defines the internal version of operator type: string diff --git a/kustomize/helm/update_helm.sh b/kustomize/helm/update_helm.sh index 85f625c..14f8894 100755 --- a/kustomize/helm/update_helm.sh +++ b/kustomize/helm/update_helm.sh @@ -1,6 +1,7 @@ #!/bin/bash +export CHART_VERSION=0.174.25 #export CHART_VERSION=0.174.21 -export CHART_VERSION=0.174.13 +#export CHART_VERSION=0.174.13 helm repo add confluentinc https://packages.confluent.io/helm helm search repo confluent --versions helm template confluentinc/confluent-for-kubernetes --version $CHART_VERSION --include-crds --output-dir . From cdd2f2f6d22d397deaa17b45bde05d594807dfc8 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 12 Oct 2021 12:50:10 +0100 Subject: [PATCH 2/2] fixing upgrade script for cluster roles --- kustomize/base/operator/clusterrole.yaml | 3 +-- kustomize/base/operator/clusterrolebinding.yaml | 5 ++--- kustomize/base/operator/deployment.yaml | 1 - kustomize/helm/update_helm.sh | 2 +- 4 files changed, 4 insertions(+), 7 deletions(-) diff --git a/kustomize/base/operator/clusterrole.yaml b/kustomize/base/operator/clusterrole.yaml index 8b2cae7..d4af828 100644 --- a/kustomize/base/operator/clusterrole.yaml +++ b/kustomize/base/operator/clusterrole.yaml @@ -1,7 +1,7 @@ --- # Source: confluent-for-kubernetes/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: labels: app: confluent-for-kubernetes @@ -11,7 +11,6 @@ metadata: app.kubernetes.io/component: "confluent-operator" helm.sh/chart: confluent-for-kubernetes-0.174.25 name: confluent-operator - namespace: default rules: - apiGroups: - cluster.confluent.com diff --git a/kustomize/base/operator/clusterrolebinding.yaml b/kustomize/base/operator/clusterrolebinding.yaml index 19a6b64..6978e88 100644 --- a/kustomize/base/operator/clusterrolebinding.yaml +++ b/kustomize/base/operator/clusterrolebinding.yaml @@ -1,6 +1,6 @@ --- # Source: confluent-for-kubernetes/templates/clusterrolebinding.yaml -kind: RoleBinding +kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: labels: @@ -11,12 +11,11 @@ metadata: app.kubernetes.io/component: "confluent-operator" helm.sh/chart: confluent-for-kubernetes-0.174.25 name: confluent-operator - namespace: default subjects: - kind: ServiceAccount name: confluent-for-kubernetes namespace: default roleRef: - kind: Role + kind: ClusterRole name: confluent-operator apiGroup: rbac.authorization.k8s.io diff --git a/kustomize/base/operator/deployment.yaml b/kustomize/base/operator/deployment.yaml index 9a0937a..1e4e4bf 100644 --- a/kustomize/base/operator/deployment.yaml +++ b/kustomize/base/operator/deployment.yaml @@ -44,7 +44,6 @@ spec: containers: - args: - --debug=false - - --namespaces=default name: confluent-operator image: docker.io/confluentinc/confluent-operator:0.174.25 imagePullPolicy: IfNotPresent diff --git a/kustomize/helm/update_helm.sh b/kustomize/helm/update_helm.sh index 14f8894..555f4a1 100755 --- a/kustomize/helm/update_helm.sh +++ b/kustomize/helm/update_helm.sh @@ -4,7 +4,7 @@ export CHART_VERSION=0.174.25 #export CHART_VERSION=0.174.13 helm repo add confluentinc https://packages.confluent.io/helm helm search repo confluent --versions -helm template confluentinc/confluent-for-kubernetes --version $CHART_VERSION --include-crds --output-dir . +helm template confluentinc/confluent-for-kubernetes --version $CHART_VERSION --include-crds --set namespaced=false --output-dir . mv confluent-for-kubernetes/crds/* ../crds/crds mv confluent-for-kubernetes/templates/* ../base/operator rm -R confluent-for-kubernetes \ No newline at end of file