From 0791a3b8bcb9e33369329f9abf251af0937ae2b3 Mon Sep 17 00:00:00 2001 From: Flux <> Date: Mon, 17 May 2021 11:56:55 +0100 Subject: [PATCH 01/46] Add Flux v0.13.2 component manifests --- .../flux-system/gotk-components.yaml | 2831 +++++++++++++++++ 1 file changed, 2831 insertions(+) create mode 100644 clusters/production/flux-system/gotk-components.yaml diff --git a/clusters/production/flux-system/gotk-components.yaml b/clusters/production/flux-system/gotk-components.yaml new file mode 100644 index 0000000..376dba2 --- /dev/null +++ b/clusters/production/flux-system/gotk-components.yaml @@ -0,0 +1,2831 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: flux-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: alerts.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Alert + listKind: AlertList + plural: alerts + singular: alert + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Alert is the Schema for the alerts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AlertSpec defines an alerting rule for events involving a list of objects + properties: + eventSeverity: + default: info + description: Filter events based on severity, defaults to ('info'). If set to 'info' no events will be filtered. + enum: + - info + - error + type: string + eventSources: + description: Filter events based on the involved objects. + items: + description: CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + type: string + name: + description: Name of the referent + maxLength: 53 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 53 + minLength: 1 + type: string + required: + - name + type: object + type: array + exclusionList: + description: A list of Golang regular expressions to be used for excluding messages. + items: + type: string + type: array + providerRef: + description: Send events using this provider. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + summary: + description: Short description of the impact and affected cluster. + type: string + suspend: + description: This flag tells the controller to suspend subsequent events dispatching. Defaults to false. + type: boolean + required: + - eventSources + - providerRef + type: object + status: + description: AlertStatus defines the observed state of Alert + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: buckets.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: Bucket + listKind: BucketList + plural: buckets + singular: bucket + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Bucket is the Schema for the buckets API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BucketSpec defines the desired state of an S3 compatible bucket + properties: + bucketName: + description: The bucket name. + type: string + endpoint: + description: The bucket endpoint address. + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are. + type: string + insecure: + description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. + type: boolean + interval: + description: The interval at which to check for bucket updates. + type: string + provider: + default: generic + description: The S3 compatible storage provider name, default ('generic'). + enum: + - generic + - aws + type: string + region: + description: The bucket region. + type: string + secretRef: + description: The name of the secret containing authentication credentials for the Bucket. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation of this source. + type: boolean + timeout: + default: 20s + description: The timeout for download operations, defaults to 20s. + type: string + required: + - bucketName + - endpoint + - interval + type: object + status: + description: BucketStatus defines the observed state of a bucket + properties: + artifact: + description: Artifact represents the output of the last successful Bucket sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the Bucket. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the artifact output of the last Bucket sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: gitrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: GitRepository + listKind: GitRepositoryList + plural: gitrepositories + shortNames: + - gitrepo + singular: gitrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: GitRepository is the Schema for the gitrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GitRepositorySpec defines the desired state of a Git repository. + properties: + gitImplementation: + default: go-git + description: Determines which git client library to use. Defaults to go-git, valid values are ('go-git', 'libgit2'). + enum: + - go-git + - libgit2 + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are. + type: string + interval: + description: The interval at which to check for repository updates. + type: string + recurseSubmodules: + description: When enabled, after the clone is created, initializes all submodules within, using their default settings. This option is available only when using the 'go-git' GitImplementation. + type: boolean + ref: + description: The Git reference to checkout and monitor for changes, defaults to master branch. + properties: + branch: + default: master + description: The Git branch to checkout, defaults to master. + type: string + commit: + description: The Git commit SHA to checkout, if specified Tag filters will be ignored. + type: string + semver: + description: The Git tag semver expression, takes precedence over Tag. + type: string + tag: + description: The Git tag to checkout, takes precedence over Branch. + type: string + type: object + secretRef: + description: The secret name containing the Git credentials. For HTTPS repositories the secret must contain username and password fields. For SSH repositories the secret must contain identity, identity.pub and known_hosts fields. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation of this source. + type: boolean + timeout: + default: 20s + description: The timeout for remote Git operations like cloning, defaults to 20s. + type: string + url: + description: The repository URL, can be a HTTP/S or SSH address. + pattern: ^(http|https|ssh):// + type: string + verify: + description: Verify OpenPGP signature for the Git commit HEAD points to. + properties: + mode: + description: Mode describes what git object should be verified, currently ('head'). + enum: + - head + type: string + secretRef: + description: The secret name containing the public keys of all trusted Git authors. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + required: + - mode + type: object + required: + - interval + - url + type: object + status: + description: GitRepositoryStatus defines the observed state of a Git repository. + properties: + artifact: + description: Artifact represents the output of the last successful repository sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the GitRepository. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the artifact output of the last repository sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: helmcharts.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmChart + listKind: HelmChartList + plural: helmcharts + shortNames: + - hc + singular: helmchart + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.chart + name: Chart + type: string + - jsonPath: .spec.version + name: Version + type: string + - jsonPath: .spec.sourceRef.kind + name: Source Kind + type: string + - jsonPath: .spec.sourceRef.name + name: Source Name + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: HelmChart is the Schema for the helmcharts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmChartSpec defines the desired state of a Helm chart. + properties: + chart: + description: The name or path the Helm chart is available at in the SourceRef. + type: string + interval: + description: The interval at which to check the Source for updates. + type: string + sourceRef: + description: The reference to the Source the chart is available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket'). + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + type: string + required: + - kind + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation of this source. + type: boolean + valuesFile: + description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Deprecated in favor of ValuesFiles, for backwards compatibility the file defined here is merged before the ValuesFiles items. Ignored when omitted. + type: string + valuesFiles: + description: Alternative list of values files to use as the chart values (values.yaml is not included by default), expected to be a relative path in the SourceRef. Values files are merged in the order of this list with the last file overriding the first. Ignored when omitted. + items: + type: string + type: array + version: + default: '*' + description: The chart version semver expression, ignored for charts from GitRepository and Bucket sources. Defaults to latest when omitted. + type: string + required: + - chart + - interval + - sourceRef + type: object + status: + description: HelmChartStatus defines the observed state of the HelmChart. + properties: + artifact: + description: Artifact represents the output of the last successful chart sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmChart. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the last chart pulled. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: helmreleases.helm.toolkit.fluxcd.io +spec: + group: helm.toolkit.fluxcd.io + names: + kind: HelmRelease + listKind: HelmReleaseList + plural: helmreleases + shortNames: + - hr + singular: helmrelease + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2beta1 + schema: + openAPIV3Schema: + description: HelmRelease is the Schema for the helmreleases API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmReleaseSpec defines the desired state of a Helm release. + properties: + chart: + description: Chart defines the template of the v1beta1.HelmChart that should be created for this HelmRelease. + properties: + spec: + description: Spec holds the template for the v1beta1.HelmChartSpec for this HelmRelease. + properties: + chart: + description: The name or path the Helm chart is available at in the SourceRef. + type: string + interval: + description: Interval at which to check the v1beta1.Source for updates. Defaults to 'HelmReleaseSpec.Interval'. + type: string + sourceRef: + description: The name and namespace of the v1beta1.Source the chart is available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent. + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent. + maxLength: 63 + minLength: 1 + type: string + required: + - name + type: object + valuesFile: + description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Deprecated in favor of ValuesFiles, for backwards compatibility the file defined here is merged before the ValuesFiles items. Ignored when omitted. + type: string + valuesFiles: + description: Alternative list of values files to use as the chart values (values.yaml is not included by default), expected to be a relative path in the SourceRef. Values files are merged in the order of this list with the last file overriding the first. Ignored when omitted. + items: + type: string + type: array + version: + default: '*' + description: Version semver expression, ignored for charts from v1beta1.GitRepository and v1beta1.Bucket sources. Defaults to latest when omitted. + type: string + required: + - chart + - sourceRef + type: object + required: + - spec + type: object + dependsOn: + description: DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to HelmRelease resources that must be ready before this HelmRelease can be reconciled. + items: + description: CrossNamespaceDependencyReference holds the reference to a dependency. + properties: + name: + description: Name holds the name reference of a dependency. + type: string + namespace: + description: Namespace holds the namespace reference of a dependency. + type: string + required: + - name + type: object + type: array + install: + description: Install holds the configuration for Helm install actions for this HelmRelease. + properties: + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory according to the CRD upgrade policy provided here. Valid values are `Skip`, `Create` or `CreateReplace`. Default is `Create` and if omitted CRDs are installed but not updated. \n Skip: do neither install nor replace (update) any CRDs. \n Create: new CRDs are created, existing CRDs are neither updated nor deleted. \n CreateReplace: new CRDs are created, existing CRDs are updated (replaced) but not deleted. \n By default, CRDs are applied (installed) during Helm install action. With this option users can opt-in to CRD replace existing CRDs on Helm install actions, which is not (yet) natively supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." + enum: + - Skip + - Create + - CreateReplace + type: string + createNamespace: + description: CreateNamespace tells the Helm install action to create the HelmReleaseSpec.TargetNamespace if it does not exist yet. On uninstall, the namespace will not be garbage collected. + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the Helm install action. + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation prevents the Helm install action from validating rendered templates against the Kubernetes OpenAPI Schema. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to be ready after a Helm install has been performed. + type: boolean + remediation: + description: Remediation holds the remediation configuration for when the Helm install action for the HelmRelease fails. The default is to not perform any action. + properties: + ignoreTestFailures: + description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an install action but fail. Defaults to 'Test.IgnoreFailures'. + type: boolean + remediateLastFailure: + description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false'. + type: boolean + retries: + description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using an uninstall, is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries. + type: integer + type: object + replace: + description: Replace tells the Helm install action to re-use the 'ReleaseName', but only if that name is a deleted release which remains in the history. + type: boolean + skipCRDs: + description: "SkipCRDs tells the Helm install action to not install any CRDs. By default, CRDs are installed if not already present. \n Deprecated use CRD policy (`crds`) attribute with value `Skip` instead." + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + interval: + description: Interval at which to reconcile the Helm release. + type: string + kubeConfig: + description: KubeConfig for reconciling the HelmRelease on a remote cluster. When specified, KubeConfig takes precedence over ServiceAccountName. + properties: + secretRef: + description: SecretRef holds the name to a secret that contains a 'value' key with the kubeconfig file as the value. It must be in the same namespace as the HelmRelease. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling the HelmRelease. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + type: object + maxHistory: + description: MaxHistory is the number of revisions saved by Helm for this HelmRelease. Use '0' for an unlimited number of revisions; defaults to '10'. + type: integer + postRenderers: + description: PostRenderers holds an array of Helm PostRenderers, which will be applied in order of their definition. + items: + description: PostRenderer contains a Helm PostRenderer specification. + properties: + kustomize: + description: Kustomization to apply as PostRenderer. + properties: + images: + description: Images is a list of (image name, new name, new tag or digest) for changing image names, tags or digests. This can also be achieved with a patch, but this operator is simpler to specify. + items: + description: Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag. + properties: + digest: + description: Digest is the value used to replace the original image tag. If digest is present NewTag value is ignored. + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace the original name. + type: string + newTag: + description: NewTag is the value used to replace the original tag. + type: string + required: + - name + type: object + type: array + patchesJson6902: + description: JSON 6902 patches, defined as inline YAML objects. + items: + description: JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to. + properties: + patch: + description: Patch contains the JSON6902 patch document with an array of operation objects. + items: + description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4 + properties: + from: + type: string + op: + enum: + - test + - remove + - add + - replace + - move + - copy + type: string + path: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + target: + description: Target points to the resources that the patch document should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations. + type: string + group: + description: Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + - target + type: object + type: array + patchesStrategicMerge: + description: Strategic merge patches, defined as inline YAML objects. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + type: array + releaseName: + description: ReleaseName used for the Helm release. Defaults to a composition of '[TargetNamespace-]Name'. + maxLength: 53 + minLength: 1 + type: string + rollback: + description: Rollback holds the configuration for Helm rollback actions for this HelmRelease. + properties: + cleanupOnFail: + description: CleanupOnFail allows deletion of new resources created during the Helm rollback action when it fails. + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the Helm rollback action. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to be ready after a Helm rollback has been performed. + type: boolean + force: + description: Force forces resource updates through a replacement strategy. + type: boolean + recreate: + description: Recreate performs pod restarts for the resource if applicable. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + serviceAccountName: + description: The name of the Kubernetes service account to impersonate when reconciling this HelmRelease. + type: string + storageNamespace: + description: StorageNamespace used for the Helm storage. Defaults to the namespace of the HelmRelease. + maxLength: 63 + minLength: 1 + type: string + suspend: + description: Suspend tells the controller to suspend reconciliation for this HelmRelease, it does not apply to already started reconciliations. Defaults to false. + type: boolean + targetNamespace: + description: TargetNamespace to target when performing operations for the HelmRelease. Defaults to the namespace of the HelmRelease. + maxLength: 63 + minLength: 1 + type: string + test: + description: Test holds the configuration for Helm test actions for this HelmRelease. + properties: + enable: + description: Enable enables Helm test actions for this HelmRelease after an Helm install or upgrade action has been performed. + type: boolean + ignoreFailures: + description: IgnoreFailures tells the controller to skip remediation when the Helm tests are run but fail. Can be overwritten for tests run after install or upgrade actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation during the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm action. Defaults to '5m0s'. + type: string + uninstall: + description: Uninstall holds the configuration for Helm uninstall actions for this HelmRelease. + properties: + disableHooks: + description: DisableHooks prevents hooks from running during the Helm rollback action. + type: boolean + keepHistory: + description: KeepHistory tells Helm to remove all associated resources and mark the release as deleted, but retain the release history. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + upgrade: + description: Upgrade holds the configuration for Helm upgrade actions for this HelmRelease. + properties: + cleanupOnFail: + description: CleanupOnFail allows deletion of new resources created during the Helm upgrade action when it fails. + type: boolean + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory according to the CRD upgrade policy provided here. Valid values are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and if omitted CRDs are neither installed nor upgraded. \n Skip: do neither install nor replace (update) any CRDs. \n Create: new CRDs are created, existing CRDs are neither updated nor deleted. \n CreateReplace: new CRDs are created, existing CRDs are updated (replaced) but not deleted. \n By default, CRDs are not applied during Helm upgrade action. With this option users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." + enum: + - Skip + - Create + - CreateReplace + type: string + disableHooks: + description: DisableHooks prevents hooks from running during the Helm upgrade action. + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation prevents the Helm upgrade action from validating rendered templates against the Kubernetes OpenAPI Schema. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to be ready after a Helm upgrade has been performed. + type: boolean + force: + description: Force forces resource updates through a replacement strategy. + type: boolean + preserveValues: + description: PreserveValues will make Helm reuse the last release's values and merge in overrides from 'Values'. Setting this flag makes the HelmRelease non-declarative. + type: boolean + remediation: + description: Remediation holds the remediation configuration for when the Helm upgrade action for the HelmRelease fails. The default is to not perform any action. + properties: + ignoreTestFailures: + description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an upgrade action but fail. Defaults to 'Test.IgnoreFailures'. + type: boolean + remediateLastFailure: + description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false' unless 'Retries' is greater than 0. + type: boolean + retries: + description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using 'Strategy', is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries. + type: integer + strategy: + description: Strategy to use for failure remediation. Defaults to 'rollback'. + enum: + - rollback + - uninstall + type: string + type: object + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + values: + description: Values holds the values for this Helm release. + x-kubernetes-preserve-unknown-fields: true + valuesFrom: + description: ValuesFrom holds references to resources containing Helm values for this HelmRelease, and information about how they should be merged. + items: + description: ValuesReference contains a reference to a resource containing Helm values, and optionally the key they can be found at. + properties: + kind: + description: Kind of the values referent, valid values are ('Secret', 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values referent. Should reside in the same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + optional: + description: Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure. + type: boolean + targetPath: + description: TargetPath is the YAML dot notation path the value should be merged at. When set, the ValuesKey is expected to be a single flat value. Defaults to 'None', which results in the values getting merged at the root. + type: string + valuesKey: + description: ValuesKey is the data key where the values.yaml or a specific value can be found at. Defaults to 'values.yaml'. + type: string + required: + - kind + - name + type: object + type: array + required: + - chart + - interval + type: object + status: + description: HelmReleaseStatus defines the observed state of a HelmRelease. + properties: + conditions: + description: Conditions holds the conditions for the HelmRelease. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + failures: + description: Failures is the reconciliation failure count against the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + helmChart: + description: HelmChart is the namespaced name of the HelmChart resource created by the controller for the HelmRelease. + type: string + installFailures: + description: InstallFailures is the install failure count against the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + lastAppliedRevision: + description: LastAppliedRevision is the revision of the last successfully applied source. + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation attempt. + type: string + lastAttemptedValuesChecksum: + description: LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last reconciliation attempt. + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + lastReleaseRevision: + description: LastReleaseRevision is the revision of the last successful Helm release. + type: integer + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + upgradeFailures: + description: UpgradeFailures is the upgrade failure count against the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: helmrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmRepository + listKind: HelmRepositoryList + plural: helmrepositories + shortNames: + - helmrepo + singular: helmrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: HelmRepository is the Schema for the helmrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmRepositorySpec defines the reference to a Helm repository. + properties: + interval: + description: The interval at which to check the upstream for updates. + type: string + secretRef: + description: The name of the secret containing authentication credentials for the Helm repository. For HTTP/S basic auth the secret must contain username and password fields. For TLS the secret must contain a certFile and keyFile, and/or caCert fields. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation of this source. + type: boolean + timeout: + default: 60s + description: The timeout of index downloading, defaults to 60s. + type: string + url: + description: The Helm repository URL, a valid URL contains at least a protocol and host. + type: string + required: + - interval + - url + type: object + status: + description: HelmRepositoryStatus defines the observed state of the HelmRepository. + properties: + artifact: + description: Artifact represents the output of the last successful repository sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmRepository. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the last index fetched. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: kustomizations.kustomize.toolkit.fluxcd.io +spec: + group: kustomize.toolkit.fluxcd.io + names: + kind: Kustomization + listKind: KustomizationList + plural: kustomizations + shortNames: + - ks + singular: kustomization + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Kustomization is the Schema for the kustomizations API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KustomizationSpec defines the desired state of a kustomization. + properties: + decryption: + description: Decrypt Kubernetes secrets before applying them on the cluster. + properties: + provider: + description: Provider is the name of the decryption engine. + enum: + - sops + type: string + secretRef: + description: The secret name containing the private OpenPGP keys used for decryption. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + required: + - provider + type: object + dependsOn: + description: DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to Kustomization resources that must be ready before this Kustomization can be reconciled. + items: + description: CrossNamespaceDependencyReference holds the reference to a dependency. + properties: + name: + description: Name holds the name reference of a dependency. + type: string + namespace: + description: Namespace holds the namespace reference of a dependency. + type: string + required: + - name + type: object + type: array + force: + default: false + description: Force instructs the controller to recreate resources when patching fails due to an immutable field change. + type: boolean + healthChecks: + description: A list of resources to be included in the health assessment. + items: + description: NamespacedObjectKindReference contains enough information to let you locate the typed referenced object in any namespace + properties: + apiVersion: + description: API version of the referent, if not specified the Kubernetes preferred version will be used + type: string + kind: + description: Kind of the referent + type: string + name: + description: Name of the referent + type: string + namespace: + description: Namespace of the referent, when not specified it acts as LocalObjectReference + type: string + required: + - kind + - name + type: object + type: array + images: + description: Images is a list of (image name, new name, new tag or digest) for changing image names, tags or digests. This can also be achieved with a patch, but this operator is simpler to specify. + items: + description: Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag. + properties: + digest: + description: Digest is the value used to replace the original image tag. If digest is present NewTag value is ignored. + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace the original name. + type: string + newTag: + description: NewTag is the value used to replace the original tag. + type: string + required: + - name + type: object + type: array + interval: + description: The interval at which to reconcile the Kustomization. + type: string + kubeConfig: + description: The KubeConfig for reconciling the Kustomization on a remote cluster. When specified, KubeConfig takes precedence over ServiceAccountName. + properties: + secretRef: + description: SecretRef holds the name to a secret that contains a 'value' key with the kubeconfig file as the value. It must be in the same namespace as the Kustomization. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling the Kustomization. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + type: object + patchesJson6902: + description: JSON 6902 patches, defined as inline YAML objects. + items: + description: JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to. + properties: + patch: + description: Patch contains the JSON6902 patch document with an array of operation objects. + items: + description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4 + properties: + from: + type: string + op: + enum: + - test + - remove + - add + - replace + - move + - copy + type: string + path: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + target: + description: Target points to the resources that the patch document should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations. + type: string + group: + description: Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + - target + type: object + type: array + patchesStrategicMerge: + description: Strategic merge patches, defined as inline YAML objects. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + path: + description: Path to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to 'None', which translates to the root path of the SourceRef. + type: string + postBuild: + description: PostBuild describes which actions to perform on the YAML manifest generated by building the kustomize overlay. + properties: + substitute: + additionalProperties: + type: string + description: Substitute holds a map of key/value pairs. The variables defined in your YAML manifests that match any of the keys defined in the map will be substituted with the set value. Includes support for bash string replacement functions e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}. + type: object + substituteFrom: + description: SubstituteFrom holds references to ConfigMaps and Secrets containing the variables and their values to be substituted in the YAML manifests. The ConfigMap and the Secret data keys represent the var names and they must match the vars declared in the manifests for the substitution to happen. + items: + description: SubstituteReference contains a reference to a resource containing the variables name and value. + properties: + kind: + description: Kind of the values referent, valid values are ('Secret', 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values referent. Should reside in the same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + type: object + prune: + description: Prune enables garbage collection. + type: boolean + retryInterval: + description: The interval at which to retry a previously failed reconciliation. When not specified, the controller uses the KustomizationSpec.Interval value to retry failures. + type: string + serviceAccountName: + description: The name of the Kubernetes service account to impersonate when reconciling this Kustomization. + type: string + sourceRef: + description: Reference of the source where the kustomization file is. + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - GitRepository + - Bucket + type: string + name: + description: Name of the referent + type: string + namespace: + description: Namespace of the referent, defaults to the Kustomization namespace + type: string + required: + - kind + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent kustomize executions, it does not apply to already started executions. Defaults to false. + type: boolean + targetNamespace: + description: TargetNamespace sets or overrides the namespace in the kustomization.yaml file. + maxLength: 63 + minLength: 1 + type: string + timeout: + description: Timeout for validation, apply and health checking operations. Defaults to 'Interval' duration. + type: string + validation: + description: Validate the Kubernetes objects before applying them on the cluster. The validation strategy can be 'client' (local dry-run), 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true', validation will fallback to 'client' if set to 'server' because server-side validation is not supported in this scenario. + enum: + - none + - client + - server + type: string + required: + - interval + - prune + - sourceRef + type: object + status: + description: KustomizationStatus defines the observed state of a kustomization. + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastAppliedRevision: + description: The last successfully applied revision. The revision format for Git sources is /. + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation attempt. + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + snapshot: + description: The last successfully applied revision metadata. + properties: + checksum: + description: The manifests sha1 checksum. + type: string + entries: + description: A list of Kubernetes kinds grouped by namespace. + items: + description: Snapshot holds the metadata of namespaced Kubernetes objects + properties: + kinds: + additionalProperties: + type: string + description: The list of Kubernetes kinds. + type: object + namespace: + description: The namespace of this entry. + type: string + required: + - kinds + type: object + type: array + required: + - checksum + - entries + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: providers.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Provider + listKind: ProviderList + plural: providers + singular: provider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Provider is the Schema for the providers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProviderSpec defines the desired state of Provider + properties: + address: + description: HTTP/S webhook address of this provider + pattern: ^(http|https):// + type: string + certSecretRef: + description: CertSecretRef can be given the name of a secret containing a PEM-encoded CA certificate (`caFile`) + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + channel: + description: Alert channel for this provider + type: string + proxy: + description: HTTP/S address of the proxy + pattern: ^(http|https):// + type: string + secretRef: + description: Secret reference containing the provider webhook URL using "address" as data key + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + type: + description: Type of provider + enum: + - slack + - discord + - msteams + - rocket + - generic + - github + - gitlab + - bitbucket + - azuredevops + - googlechat + - webex + - sentry + type: string + username: + description: Bot username for this provider + type: string + required: + - type + type: object + status: + description: ProviderStatus defines the observed state of Provider + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: receivers.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Receiver + listKind: ReceiverList + plural: receivers + singular: receiver + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Receiver is the Schema for the receivers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ReceiverSpec defines the desired state of Receiver + properties: + events: + description: A list of events to handle, e.g. 'push' for GitHub or 'Push Hook' for GitLab. + items: + type: string + type: array + resources: + description: A list of resources to be notified about changes. + items: + description: CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + type: string + name: + description: Name of the referent + maxLength: 53 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 53 + minLength: 1 + type: string + required: + - name + type: object + type: array + secretRef: + description: Secret reference containing the token used to validate the payload authenticity + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent events handling. Defaults to false. + type: boolean + type: + description: Type of webhook sender, used to determine the validation procedure and payload deserialization. + enum: + - generic + - generic-hmac + - github + - gitlab + - bitbucket + - harbor + - dockerhub + - quay + - gcr + - nexus + - acr + type: string + required: + - resources + - type + type: object + status: + description: ReceiverStatus defines the observed state of Receiver + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: helm-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: kustomize-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: notification-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: source-controller + namespace: flux-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: crd-controller-flux-system +rules: +- apiGroups: + - source.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - kustomize.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - helm.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - notification.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - image.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - configmaps + - configmaps/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: cluster-reconciler-flux-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: kustomize-controller + namespace: flux-system +- kind: ServiceAccount + name: helm-controller + namespace: flux-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: crd-controller-flux-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: crd-controller-flux-system +subjects: +- kind: ServiceAccount + name: kustomize-controller + namespace: flux-system +- kind: ServiceAccount + name: helm-controller + namespace: flux-system +- kind: ServiceAccount + name: source-controller + namespace: flux-system +- kind: ServiceAccount + name: notification-controller + namespace: flux-system +- kind: ServiceAccount + name: image-reflector-controller + namespace: flux-system +- kind: ServiceAccount + name: image-automation-controller + namespace: flux-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: notification-controller + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app: notification-controller + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: source-controller + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app: source-controller + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: webhook-receiver + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http-webhook + selector: + app: notification-controller + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: helm-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: helm-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: helm-controller + spec: + containers: + - args: + - --events-addr=http://notification-controller/ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/helm-controller:v0.10.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8080 + name: http-prom + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: helm-controller + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: kustomize-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: kustomize-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: kustomize-controller + spec: + containers: + - args: + - --events-addr=http://notification-controller/ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/kustomize-controller:v0.12.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8080 + name: http-prom + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 1337 + serviceAccountName: kustomize-controller + terminationGracePeriodSeconds: 60 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: notification-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: notification-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: notification-controller + spec: + containers: + - args: + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/notification-controller:v0.13.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 9090 + name: http + - containerPort: 9292 + name: http-webhook + - containerPort: 8080 + name: http-prom + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: notification-controller + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: source-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: source-controller + strategy: + type: Recreate + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: source-controller + spec: + containers: + - args: + - --events-addr=http://notification-controller/ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + - --storage-path=/data + - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/source-controller:v0.12.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9090 + name: http + - containerPort: 8080 + name: http-prom + - containerPort: 9440 + name: healthz + readinessProbe: + httpGet: + path: / + port: http + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 50m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /data + name: data + - mountPath: /tmp + name: tmp + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 1337 + serviceAccountName: source-controller + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: data + - emptyDir: {} + name: tmp +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: allow-egress + namespace: flux-system +spec: + egress: + - {} + ingress: + - from: + - podSelector: {} + podSelector: {} + policyTypes: + - Ingress + - Egress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: allow-scraping + namespace: flux-system +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 8080 + protocol: TCP + podSelector: {} + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: allow-webhooks + namespace: flux-system +spec: + ingress: + - from: + - namespaceSelector: {} + podSelector: + matchLabels: + app: notification-controller + policyTypes: + - Ingress From 7e992471eeb186d943e303432538429cbd2c0350 Mon Sep 17 00:00:00 2001 From: Flux <> Date: Mon, 17 May 2021 11:57:02 +0100 Subject: [PATCH 02/46] Add Flux sync manifests --- .../production/flux-system/gotk-sync.yaml | 27 +++++++++++++++++++ .../production/flux-system/kustomization.yaml | 5 ++++ 2 files changed, 32 insertions(+) create mode 100644 clusters/production/flux-system/gotk-sync.yaml create mode 100644 clusters/production/flux-system/kustomization.yaml diff --git a/clusters/production/flux-system/gotk-sync.yaml b/clusters/production/flux-system/gotk-sync.yaml new file mode 100644 index 0000000..5ab7261 --- /dev/null +++ b/clusters/production/flux-system/gotk-sync.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: GitRepository +metadata: + name: flux-system + namespace: flux-system +spec: + interval: 1m0s + ref: + branch: develop + secretRef: + name: flux-system + url: ssh://git@github.com/mccullya/kafka-gitops +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: flux-system + namespace: flux-system +spec: + interval: 10m0s + path: ./clusters/production + prune: true + sourceRef: + kind: GitRepository + name: flux-system + validation: client diff --git a/clusters/production/flux-system/kustomization.yaml b/clusters/production/flux-system/kustomization.yaml new file mode 100644 index 0000000..3842229 --- /dev/null +++ b/clusters/production/flux-system/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- gotk-components.yaml +- gotk-sync.yaml From d6bd5978bc79d2acd530b608a451ad36e8acf0db Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Mon, 17 May 2021 11:59:44 +0100 Subject: [PATCH 03/46] Small update to README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b69ea80..6aa1a8f 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,7 @@ Following this example, you'll set up secure Confluent Platform clusters with SA ```sh export GITHUB_TOKEN= export GITHUB_USER= -export GITHUB_REPO= +export GITHUB_REPO= ``` 2. After forking and cloning the repository, navigate to the project root and verify that your production cluster folder satisfies the prerequisites with: From 1c51d04cdaf3bebcb86cfb7520dda2200898ec91 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Mon, 17 May 2021 13:46:33 +0100 Subject: [PATCH 04/46] Adjusting secret script to include namespace --- resources/populate_secrets.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/resources/populate_secrets.sh b/resources/populate_secrets.sh index 9adbb70..12a30a7 100755 --- a/resources/populate_secrets.sh +++ b/resources/populate_secrets.sh @@ -1,31 +1,31 @@ #!/bin/bash -kubectl create secret generic credential \ +kubectl create secret -n confluent generic credential \ --from-file=plain-users.json=./users/creds-kafka-sasl-users.json \ --from-file=digest-users.json=./users/creds-zookeeper-sasl-digest-users.json \ --from-file=digest.txt=./users/creds-kafka-zookeeper-credentials.txt \ --from-file=plain.txt=./users/creds-client-kafka-sasl-user.txt \ --from-file=basic.txt=./users/creds-control-center-users.txt \ --from-file=ldap.txt=./users/ldap.txt -kubectl create secret generic mds-token \ +kubectl create secret -n confluent generic mds-token \ --from-file=mdsPublicKey.pem=./certs/mds-publickey.txt \ --from-file=mdsTokenKeyPair.pem=./certs/mds-tokenkeypair.txt # Kafka RBAC credential -kubectl create secret generic mds-client \ +kubectl create secret -n confluent generic mds-client \ --from-file=bearer.txt=./users/bearer.txt # Control Center RBAC credential -kubectl create secret generic c3-mds-client \ +kubectl create secret -n confluent generic c3-mds-client \ --from-file=bearer.txt=./users/c3-mds-client.txt # Connect RBAC credential -kubectl create secret generic connect-mds-client \ +kubectl create secret -n confluent generic connect-mds-client \ --from-file=bearer.txt=./users/connect-mds-client.txt # Schema Registry RBAC credential -kubectl create secret generic sr-mds-client \ +kubectl create secret -n confluent generic sr-mds-client \ --from-file=bearer.txt=./users/sr-mds-client.txt # ksqlDB RBAC credential -kubectl create secret generic ksqldb-mds-client \ +kubectl create secret -n confluent generic ksqldb-mds-client \ --from-file=bearer.txt=./users/ksqldb-mds-client.txt # Kafka REST credential -kubectl create secret generic rest-credential \ +kubectl create secret -n confluent generic rest-credential \ --from-file=bearer.txt=./users/bearer.txt \ --from-file=basic.txt=./users/bearer.txt \ No newline at end of file From 3cdf219d6dd4af4d046c65136d87ae7ddbbbe60f Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 09:57:45 +0100 Subject: [PATCH 05/46] updating SR CR identifier --- apps/base/rolebindings/schemaregistry/schemaregistry-base.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/base/rolebindings/schemaregistry/schemaregistry-base.yaml b/apps/base/rolebindings/schemaregistry/schemaregistry-base.yaml index 66db945..3a9eea6 100644 --- a/apps/base/rolebindings/schemaregistry/schemaregistry-base.yaml +++ b/apps/base/rolebindings/schemaregistry/schemaregistry-base.yaml @@ -5,7 +5,7 @@ metadata: namespace: confluent spec: clustersScopeByIds: - schemaRegistryClusterId: id_schemaregistry_confluent + schemaRegistryClusterId: id_registry_confluent principal: name: registry type: user From fb025ab004600e950cec1c319011885b844be40e Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 10:02:41 +0100 Subject: [PATCH 06/46] debug by removing config overrides --- apps/base/kafka/schema-registry.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/apps/base/kafka/schema-registry.yaml b/apps/base/kafka/schema-registry.yaml index 3047bbf..3638b9b 100644 --- a/apps/base/kafka/schema-registry.yaml +++ b/apps/base/kafka/schema-registry.yaml @@ -23,20 +23,20 @@ spec: tls: enabled: true mds: + endpoint: https://kafka.confluent.svc.cluster.local:8090 + tokenKeyPair: + secretRef: mds-token authentication: type: bearer bearer: secretRef: sr-mds-client - endpoint: https://kafka.confluent.svc.cluster.local:8090 tls: enabled: true - tokenKeyPair: - secretRef: mds-token - configOverrides: - server: - - leader.eligibility=true - - inter.instance.protocol=https - # operator changes the defaults - - schema.registry.group.id=schema-registry - - kafkastore.topic=_schemas +# configOverrides: +# server: +# - leader.eligibility=true +# - inter.instance.protocol=https +# # operator changes the defaults +# - schema.registry.group.id=schema-registry +# - kafkastore.topic=_schemas --- \ No newline at end of file From 1c137cd8e72679066c4f63532c6f57b9e40e0df2 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 10:15:17 +0100 Subject: [PATCH 07/46] updating secret name --- apps/base/kafka/rest-proxy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/base/kafka/rest-proxy.yaml b/apps/base/kafka/rest-proxy.yaml index 03132f5..b722098 100644 --- a/apps/base/kafka/rest-proxy.yaml +++ b/apps/base/kafka/rest-proxy.yaml @@ -187,7 +187,7 @@ spec: - name: credentials secret: defaultMode: 420 - secretName: rest + secretName: rest-credential updateStrategy: type: RollingUpdate From 4cfef4f3be43ecd2056ecda9891ee776621e5b87 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 10:19:07 +0100 Subject: [PATCH 08/46] changing secret credential --- apps/base/kafka/rest-proxy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/base/kafka/rest-proxy.yaml b/apps/base/kafka/rest-proxy.yaml index b722098..22ded93 100644 --- a/apps/base/kafka/rest-proxy.yaml +++ b/apps/base/kafka/rest-proxy.yaml @@ -187,7 +187,7 @@ spec: - name: credentials secret: defaultMode: 420 - secretName: rest-credential + secretName: credential updateStrategy: type: RollingUpdate From 2356abb2e29c2064a3c4d0bad801df749c1a7f5b Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 11:28:22 +0100 Subject: [PATCH 09/46] working deployment with all services available --- apps/base/kafka/rest-proxy.yaml | 21 --------------------- apps/base/topics/foobar.yaml | 8 ++++++++ apps/base/topics/topic2.yaml | 8 ++++++++ clusters/production/apps.yaml | 4 ++-- resources/populate_secrets.sh | 7 +++++-- tldr.sh | 2 +- 6 files changed, 24 insertions(+), 26 deletions(-) create mode 100644 apps/base/topics/foobar.yaml create mode 100644 apps/base/topics/topic2.yaml diff --git a/apps/base/kafka/rest-proxy.yaml b/apps/base/kafka/rest-proxy.yaml index 22ded93..6bae8b2 100644 --- a/apps/base/kafka/rest-proxy.yaml +++ b/apps/base/kafka/rest-proxy.yaml @@ -44,28 +44,19 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - - name: KAFKA_REST_CONFIG_PROVIDERS value: file - name: KAFKA_REST_CONFIG_PROVIDERS_FILE_CLASS value: org.apache.kafka.common.config.provider.FileConfigProvider - # duplicated for the proper generation of /etc/kafka-rest/admin.properties - name: KAFKA_REST_CLIENT_CONFIG_PROVIDERS value: file - name: KAFKA_REST_CLIENT_CONFIG_PROVIDERS_FILE_CLASS value: org.apache.kafka.common.config.provider.FileConfigProvider - - name: KAFKA_REST_BOOTSTRAP_SERVERS value: kafka.confluent.svc.cluster.local:9071 - name: KAFKA_REST_CLIENT_SECURITY_PROTOCOL value: SASL_SSL - # - name: KAFKA_REST_CLIENT_SASL_MECHANISM - # value: OAUTHBEARER - # - name: KAFKA_REST_CLIENT_SASL_JAAS_CONFIG - # value: org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required metadataServerUrls="https://kafka.confluent.svc.cluster.local:8090" username="${file:/mnt/secrets/rest/bearer.txt:username}" password="${file:/mnt/secrets/rest/bearer.txt:password}"; - # - name: KAFKA_REST_CLIENT_SASL_LOGIN_CALLBACK_HANDLER_CLASS - # value: io.confluent.kafka.clients.plugins.auth.token.TokenUserLoginCallbackHandler - name: KAFKA_REST_CLIENT_SASL_MECHANISM value: PLAIN - name: KAFKA_REST_CLIENT_SASL_JAAS_CONFIG @@ -80,7 +71,6 @@ spec: value: /mnt/sslcerts/truststore.jks - name: KAFKA_REST_CLIENT_SSL_TRUSTSTORE_PASSWORD value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_LISTENERS value: https://0.0.0.0:8080,http://localhost:9080 - name: KAFKA_REST_SSL_ENABLED_PROTOCOLS @@ -95,7 +85,6 @@ spec: value: /mnt/sslcerts/truststore.jks - name: KAFKA_REST_SSL_TRUSTSTORE_PASSWORD value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_SCHEMA_REGISTRY_URL value: https://registry.confluent.svc.cluster.local:8081 - name: KAFKA_REST_SCHEMA_REGISTRY_HTTPS_SSL_KEY_PASSWORD @@ -108,18 +97,14 @@ spec: value: /mnt/sslcerts/truststore.jks - name: KAFKA_REST_SCHEMA_REGISTRY_HTTPS_SSL_TRUSTSTORE_PASSWORD value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_CONFLUENT_REST_AUTH_PROPAGATE_METHOD value: JETTY_AUTH - - name: KAFKA_REST_KAFKA_REST_RESOURCE_EXTENSION_CLASS value: io.confluent.kafkarest.security.KafkaRestSecurityResourceExtension - name: KAFKA_REST_REST_SERVLET_INITIALIZOR_CLASSES value: io.confluent.common.security.jetty.initializer.InstallBearerOrBasicSecurityHandler - - name: KAFKA_REST_PUBLIC_KEY_PATH value: /mnt/secrets/rest/mdsPublicKey.pem - - name: KAFKA_REST_CONFLUENT_METADATA_BOOTSTRAP_SERVER_URLS value: https://kafka.confluent.svc.cluster.local:8090 - name: KAFKA_REST_CONFLUENT_METADATA_HTTP_AUTH_CREDENTIALS_PROVIDER @@ -130,7 +115,6 @@ spec: value: /mnt/sslcerts/truststore.jks - name: KAFKA_REST_CONFLUENT_METADATA_SSL_TRUSTSTORE_PASSWORD value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - startupProbe: exec: command: @@ -141,7 +125,6 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 - livenessProbe: exec: command: @@ -152,7 +135,6 @@ spec: periodSeconds: 30 successThreshold: 1 timeoutSeconds: 5 - ports: - containerPort: 8080 name: external @@ -175,10 +157,8 @@ spec: name: sslcerts - mountPath: /mnt/secrets/rest name: credentials - dnsPolicy: ClusterFirst restartPolicy: Always - volumes: - name: sslcerts secret: @@ -188,7 +168,6 @@ spec: secret: defaultMode: 420 secretName: credential - updateStrategy: type: RollingUpdate --- diff --git a/apps/base/topics/foobar.yaml b/apps/base/topics/foobar.yaml new file mode 100644 index 0000000..4fbb598 --- /dev/null +++ b/apps/base/topics/foobar.yaml @@ -0,0 +1,8 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: foobar + namespace: confluent +spec: + replicas: 1 + partitionCount: 12 diff --git a/apps/base/topics/topic2.yaml b/apps/base/topics/topic2.yaml new file mode 100644 index 0000000..c25a3ba --- /dev/null +++ b/apps/base/topics/topic2.yaml @@ -0,0 +1,8 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: topic-rbac + namespace: operator +spec: + replicas: 1 + partitionCount: 12 \ No newline at end of file diff --git a/clusters/production/apps.yaml b/clusters/production/apps.yaml index 638de80..daab2ec 100644 --- a/clusters/production/apps.yaml +++ b/clusters/production/apps.yaml @@ -5,8 +5,8 @@ metadata: namespace: flux-system spec: interval: 1m -# dependsOn: -# - name: infrastucture + dependsOn: + - name: infrastucture sourceRef: kind: GitRepository name: flux-system diff --git a/resources/populate_secrets.sh b/resources/populate_secrets.sh index 12a30a7..b274d1d 100755 --- a/resources/populate_secrets.sh +++ b/resources/populate_secrets.sh @@ -5,7 +5,9 @@ kubectl create secret -n confluent generic credential \ --from-file=digest.txt=./users/creds-kafka-zookeeper-credentials.txt \ --from-file=plain.txt=./users/creds-client-kafka-sasl-user.txt \ --from-file=basic.txt=./users/creds-control-center-users.txt \ ---from-file=ldap.txt=./users/ldap.txt +--from-file=ldap.txt=./users/ldap.txt \ +--from-file=mdsPublicKey.pem=./certs/mds-publickey.txt \ +--from-file=mdsTokenKeyPair.pem=./certs/mds-tokenkeypair.txt kubectl create secret -n confluent generic mds-token \ --from-file=mdsPublicKey.pem=./certs/mds-publickey.txt \ --from-file=mdsTokenKeyPair.pem=./certs/mds-tokenkeypair.txt @@ -28,4 +30,5 @@ kubectl create secret -n confluent generic ksqldb-mds-client \ # Kafka REST credential kubectl create secret -n confluent generic rest-credential \ --from-file=bearer.txt=./users/bearer.txt \ ---from-file=basic.txt=./users/bearer.txt \ No newline at end of file +--from-file=basic.txt=./users/bearer.txt \ +--from-file=plain.txt=./users/bearer.txt \ No newline at end of file diff --git a/tldr.sh b/tldr.sh index 8db4c80..15eb8c7 100755 --- a/tldr.sh +++ b/tldr.sh @@ -3,7 +3,7 @@ flux bootstrap github \ --owner=${GITHUB_USER} \ --repository=${GITHUB_REPO} \ --path=clusters/production \ ---branch=main \ +--branch=develop \ --personal sleep 10 echo "Sleeping for 10 seconds to ensure namespace is created" From 74788d0085aeb9398a71e2c3091a406bc012da5c Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 12:40:18 +0100 Subject: [PATCH 10/46] rework of secrets, introducing multi-environment deployment --- clusters/production/apps.yaml | 15 - .../flux-system/gotk-components.yaml | 2831 ----------------- .../production/flux-system/gotk-sync.yaml | 27 - .../production/flux-system/kustomization.yaml | 5 - clusters/production/infrastucture.yaml | 17 - infrastructure/sources/confluent.yaml | 23 - infrastructure/sources/kustomization.yaml | 5 - .../confluent-operator.yaml | 11 +- .../confluent-operator}/kustomization.yaml | 1 - .../base/confluent}/certificates.yaml | 8 - .../base/confluent}/control-centre.yaml | 1 - .../base/confluent}/kafka-connect.yaml | 1 - .../base/confluent}/kafka.yaml | 2 - .../base/confluent}/ksqldb.yaml | 1 - .../base/confluent}/kustomization.yaml | 1 - .../base/confluent}/rest-proxy.yaml | 2 - .../base/confluent}/schema-registry.yaml | 1 - .../base/confluent}/zookeeper.yaml | 1 - {apps => kustomize}/base/kustomization.yaml | 4 +- .../rolebindings/connect/connect-base.yaml | 3 - .../rolebindings/connect/connect-groups.yaml | 1 - .../rolebindings/connect/connect-topics.yaml | 1 - .../rolebindings/connect/kustomization.yaml | 0 .../controlcenter/controlcentre-base.yaml | 1 - .../controlcenter/controlcentre-clusters.yaml | 3 - .../controlcenter/kustomization.yaml | 0 .../base/rolebindings/ksqldb/ksqldb-base.yaml | 2 - .../rolebindings/ksqldb/ksqldb-cluster.yaml | 1 - .../rolebindings/ksqldb/ksqldb-groups.yaml | 1 - .../ksqldb/ksqldb-ksqlcluster.yaml | 1 - .../rolebindings/ksqldb/ksqldb-topics.yaml | 1 - .../ksqldb/ksqldb-transaction.yaml | 1 - .../rolebindings/ksqldb/kustomization.yaml | 0 .../base/rolebindings/kustomization.yaml | 0 .../ldap/groups/kustomization.yaml | 0 .../rolebindings/ldap/groups/ldap-groups.yaml | 6 - .../base/rolebindings/ldap/kustomization.yaml | 1 - .../ldap/users/kustomization.yaml | 0 .../rolebindings/ldap/users/ldap-users.yaml | 0 .../schemaregistry/kustomization.yaml | 0 .../schemaregistry/schemaregistry-base.yaml | 0 .../schemaregistry/schemaregistry-groups.yaml | 0 .../schemaregistry/schemaregistry-topics.yaml | 0 kustomize/base/secrets/c3-mds-client.yaml | 7 + .../base/secrets/connect-mds-client.yaml | 7 + kustomize/base/secrets/credential.yaml | 14 + kustomize/base/secrets/ksqldb-mds-client.yaml | 7 + kustomize/base/secrets/kustomization.yaml | 10 + kustomize/base/secrets/mds-client.yaml | 7 + kustomize/base/secrets/mds-token.yaml | 8 + kustomize/base/secrets/rest-credential.yaml | 9 + kustomize/base/secrets/sr-mds-client.yaml | 7 + {apps => kustomize}/base/topics/foobar.yaml | 1 - {apps => kustomize}/base/topics/topic2.yaml | 1 - kustomize/environments/dev/kustomization.yaml | 5 + .../environments/dev}/namespace.yaml | 2 +- kustomize/environments/kustomization.yaml | 4 + .../production/kustomization.yaml | 5 + .../environments/production/namespace.yaml | 4 + .../environments/staging/kustomization.yaml | 5 + kustomize/environments/staging/namespace.yaml | 4 + kustomize/kustomization.yaml | 4 + .../shared}/kustomization.yaml | 2 - .../shared}/tools/kustomization.yaml | 0 .../shared}/tools/ldap.yaml | 0 .../shared}/tools/namespace.yaml | 0 .../shared}/tools/proxy.yaml | 0 resources/c3-mds-client.yaml | 7 + resources/connect-mds-client.yaml | 7 + resources/ksqldb-client.yaml | 7 + resources/mds-client.yaml | 7 + resources/mds-token.yaml | 8 + resources/populate_secrets.sh | 41 +- resources/rest-credential.yaml | 9 + resources/sr-mds-client.yaml | 7 + 75 files changed, 198 insertions(+), 2988 deletions(-) delete mode 100644 clusters/production/apps.yaml delete mode 100644 clusters/production/flux-system/gotk-components.yaml delete mode 100644 clusters/production/flux-system/gotk-sync.yaml delete mode 100644 clusters/production/flux-system/kustomization.yaml delete mode 100644 clusters/production/infrastucture.yaml delete mode 100644 infrastructure/sources/confluent.yaml delete mode 100644 infrastructure/sources/kustomization.yaml rename {infrastructure/confluent => kustomize/base/confluent-operator}/confluent-operator.yaml (60%) rename {infrastructure/confluent => kustomize/base/confluent-operator}/kustomization.yaml (86%) rename {apps/base/kafka => kustomize/base/confluent}/certificates.yaml (99%) rename {apps/base/kafka => kustomize/base/confluent}/control-centre.yaml (97%) rename {apps/base/kafka => kustomize/base/confluent}/kafka-connect.yaml (98%) rename {apps/base/kafka => kustomize/base/confluent}/kafka.yaml (99%) rename {apps/base/kafka => kustomize/base/confluent}/ksqldb.yaml (97%) rename {apps/base/kafka => kustomize/base/confluent}/kustomization.yaml (91%) rename {apps/base/kafka => kustomize/base/confluent}/rest-proxy.yaml (99%) rename {apps/base/kafka => kustomize/base/confluent}/schema-registry.yaml (97%) rename {apps/base/kafka => kustomize/base/confluent}/zookeeper.yaml (94%) rename {apps => kustomize}/base/kustomization.yaml (65%) rename {apps => kustomize}/base/rolebindings/connect/connect-base.yaml (93%) rename {apps => kustomize}/base/rolebindings/connect/connect-groups.yaml (93%) rename {apps => kustomize}/base/rolebindings/connect/connect-topics.yaml (96%) rename {apps => kustomize}/base/rolebindings/connect/kustomization.yaml (100%) rename {apps => kustomize}/base/rolebindings/controlcenter/controlcentre-base.yaml (88%) rename {apps => kustomize}/base/rolebindings/controlcenter/controlcentre-clusters.yaml (91%) rename {apps => kustomize}/base/rolebindings/controlcenter/kustomization.yaml (100%) rename {apps => kustomize}/base/rolebindings/ksqldb/ksqldb-base.yaml (93%) rename {apps => kustomize}/base/rolebindings/ksqldb/ksqldb-cluster.yaml (93%) rename {apps => kustomize}/base/rolebindings/ksqldb/ksqldb-groups.yaml (92%) rename {apps => kustomize}/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml (93%) rename {apps => kustomize}/base/rolebindings/ksqldb/ksqldb-topics.yaml (95%) rename {apps => kustomize}/base/rolebindings/ksqldb/ksqldb-transaction.yaml (92%) rename {apps => kustomize}/base/rolebindings/ksqldb/kustomization.yaml (100%) rename {apps => kustomize}/base/rolebindings/kustomization.yaml (100%) rename {apps => kustomize}/base/rolebindings/ldap/groups/kustomization.yaml (100%) rename {apps => kustomize}/base/rolebindings/ldap/groups/ldap-groups.yaml (92%) rename {apps => kustomize}/base/rolebindings/ldap/kustomization.yaml (81%) rename {apps => kustomize}/base/rolebindings/ldap/users/kustomization.yaml (100%) rename {apps => kustomize}/base/rolebindings/ldap/users/ldap-users.yaml (100%) rename {apps => kustomize}/base/rolebindings/schemaregistry/kustomization.yaml (100%) rename {apps => kustomize}/base/rolebindings/schemaregistry/schemaregistry-base.yaml (100%) rename {apps => kustomize}/base/rolebindings/schemaregistry/schemaregistry-groups.yaml (100%) rename {apps => kustomize}/base/rolebindings/schemaregistry/schemaregistry-topics.yaml (100%) create mode 100644 kustomize/base/secrets/c3-mds-client.yaml create mode 100644 kustomize/base/secrets/connect-mds-client.yaml create mode 100644 kustomize/base/secrets/credential.yaml create mode 100644 kustomize/base/secrets/ksqldb-mds-client.yaml create mode 100644 kustomize/base/secrets/kustomization.yaml create mode 100644 kustomize/base/secrets/mds-client.yaml create mode 100644 kustomize/base/secrets/mds-token.yaml create mode 100644 kustomize/base/secrets/rest-credential.yaml create mode 100644 kustomize/base/secrets/sr-mds-client.yaml rename {apps => kustomize}/base/topics/foobar.yaml (84%) rename {apps => kustomize}/base/topics/topic2.yaml (85%) create mode 100644 kustomize/environments/dev/kustomization.yaml rename {infrastructure/confluent => kustomize/environments/dev}/namespace.yaml (70%) create mode 100644 kustomize/environments/kustomization.yaml create mode 100644 kustomize/environments/production/kustomization.yaml create mode 100644 kustomize/environments/production/namespace.yaml create mode 100644 kustomize/environments/staging/kustomization.yaml create mode 100644 kustomize/environments/staging/namespace.yaml create mode 100644 kustomize/kustomization.yaml rename {infrastructure => kustomize/shared}/kustomization.yaml (76%) rename {infrastructure => kustomize/shared}/tools/kustomization.yaml (100%) rename {infrastructure => kustomize/shared}/tools/ldap.yaml (100%) rename {infrastructure => kustomize/shared}/tools/namespace.yaml (100%) rename {infrastructure => kustomize/shared}/tools/proxy.yaml (100%) create mode 100644 resources/c3-mds-client.yaml create mode 100644 resources/connect-mds-client.yaml create mode 100644 resources/ksqldb-client.yaml create mode 100644 resources/mds-client.yaml create mode 100644 resources/mds-token.yaml create mode 100644 resources/rest-credential.yaml create mode 100644 resources/sr-mds-client.yaml diff --git a/clusters/production/apps.yaml b/clusters/production/apps.yaml deleted file mode 100644 index daab2ec..0000000 --- a/clusters/production/apps.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -kind: Kustomization -metadata: - name: dev - namespace: flux-system -spec: - interval: 1m - dependsOn: - - name: infrastucture - sourceRef: - kind: GitRepository - name: flux-system - prune: true - path: ./apps/base - validation: client diff --git a/clusters/production/flux-system/gotk-components.yaml b/clusters/production/flux-system/gotk-components.yaml deleted file mode 100644 index 376dba2..0000000 --- a/clusters/production/flux-system/gotk-components.yaml +++ /dev/null @@ -1,2831 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: flux-system ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: alerts.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Alert - listKind: AlertList - plural: alerts - singular: alert - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Alert is the Schema for the alerts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AlertSpec defines an alerting rule for events involving a list of objects - properties: - eventSeverity: - default: info - description: Filter events based on severity, defaults to ('info'). If set to 'info' no events will be filtered. - enum: - - info - - error - type: string - eventSources: - description: Filter events based on the involved objects. - items: - description: CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - type: string - name: - description: Name of the referent - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - name - type: object - type: array - exclusionList: - description: A list of Golang regular expressions to be used for excluding messages. - items: - type: string - type: array - providerRef: - description: Send events using this provider. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - summary: - description: Short description of the impact and affected cluster. - type: string - suspend: - description: This flag tells the controller to suspend subsequent events dispatching. Defaults to false. - type: boolean - required: - - eventSources - - providerRef - type: object - status: - description: AlertStatus defines the observed state of Alert - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: buckets.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: Bucket - listKind: BucketList - plural: buckets - singular: bucket - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BucketSpec defines the desired state of an S3 compatible bucket - properties: - bucketName: - description: The bucket name. - type: string - endpoint: - description: The bucket endpoint address. - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. - type: boolean - interval: - description: The interval at which to check for bucket updates. - type: string - provider: - default: generic - description: The S3 compatible storage provider name, default ('generic'). - enum: - - generic - - aws - type: string - region: - description: The bucket region. - type: string - secretRef: - description: The name of the secret containing authentication credentials for the Bucket. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation of this source. - type: boolean - timeout: - default: 20s - description: The timeout for download operations, defaults to 20s. - type: string - required: - - bucketName - - endpoint - - interval - type: object - status: - description: BucketStatus defines the observed state of a bucket - properties: - artifact: - description: Artifact represents the output of the last successful Bucket sync. - properties: - checksum: - description: Checksum is the SHA1 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the last Bucket sync. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: gitrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: GitRepository - listKind: GitRepositoryList - plural: gitrepositories - shortNames: - - gitrepo - singular: gitrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec defines the desired state of a Git repository. - properties: - gitImplementation: - default: go-git - description: Determines which git client library to use. Defaults to go-git, valid values are ('go-git', 'libgit2'). - enum: - - go-git - - libgit2 - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are. - type: string - interval: - description: The interval at which to check for repository updates. - type: string - recurseSubmodules: - description: When enabled, after the clone is created, initializes all submodules within, using their default settings. This option is available only when using the 'go-git' GitImplementation. - type: boolean - ref: - description: The Git reference to checkout and monitor for changes, defaults to master branch. - properties: - branch: - default: master - description: The Git branch to checkout, defaults to master. - type: string - commit: - description: The Git commit SHA to checkout, if specified Tag filters will be ignored. - type: string - semver: - description: The Git tag semver expression, takes precedence over Tag. - type: string - tag: - description: The Git tag to checkout, takes precedence over Branch. - type: string - type: object - secretRef: - description: The secret name containing the Git credentials. For HTTPS repositories the secret must contain username and password fields. For SSH repositories the secret must contain identity, identity.pub and known_hosts fields. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation of this source. - type: boolean - timeout: - default: 20s - description: The timeout for remote Git operations like cloning, defaults to 20s. - type: string - url: - description: The repository URL, can be a HTTP/S or SSH address. - pattern: ^(http|https|ssh):// - type: string - verify: - description: Verify OpenPGP signature for the Git commit HEAD points to. - properties: - mode: - description: Mode describes what git object should be verified, currently ('head'). - enum: - - head - type: string - secretRef: - description: The secret name containing the public keys of all trusted Git authors. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - required: - - mode - type: object - required: - - interval - - url - type: object - status: - description: GitRepositoryStatus defines the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the output of the last successful repository sync. - properties: - checksum: - description: Checksum is the SHA1 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the last repository sync. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: helmcharts.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmChart - listKind: HelmChartList - plural: helmcharts - shortNames: - - hc - singular: helmchart - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmChartSpec defines the desired state of a Helm chart. - properties: - chart: - description: The name or path the Helm chart is available at in the SourceRef. - type: string - interval: - description: The interval at which to check the Source for updates. - type: string - sourceRef: - description: The reference to the Source the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation of this source. - type: boolean - valuesFile: - description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Deprecated in favor of ValuesFiles, for backwards compatibility the file defined here is merged before the ValuesFiles items. Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the chart values (values.yaml is not included by default), expected to be a relative path in the SourceRef. Values files are merged in the order of this list with the last file overriding the first. Ignored when omitted. - items: - type: string - type: array - version: - default: '*' - description: The chart version semver expression, ignored for charts from GitRepository and Bucket sources. Defaults to latest when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - description: HelmChartStatus defines the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful chart sync. - properties: - checksum: - description: Checksum is the SHA1 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last chart pulled. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: helmreleases.helm.toolkit.fluxcd.io -spec: - group: helm.toolkit.fluxcd.io - names: - kind: HelmRelease - listKind: HelmReleaseList - plural: helmreleases - shortNames: - - hr - singular: helmrelease - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v2beta1 - schema: - openAPIV3Schema: - description: HelmRelease is the Schema for the helmreleases API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmReleaseSpec defines the desired state of a Helm release. - properties: - chart: - description: Chart defines the template of the v1beta1.HelmChart that should be created for this HelmRelease. - properties: - spec: - description: Spec holds the template for the v1beta1.HelmChartSpec for this HelmRelease. - properties: - chart: - description: The name or path the Helm chart is available at in the SourceRef. - type: string - interval: - description: Interval at which to check the v1beta1.Source for updates. Defaults to 'HelmReleaseSpec.Interval'. - type: string - sourceRef: - description: The name and namespace of the v1beta1.Source the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent. - maxLength: 63 - minLength: 1 - type: string - required: - - name - type: object - valuesFile: - description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Deprecated in favor of ValuesFiles, for backwards compatibility the file defined here is merged before the ValuesFiles items. Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the chart values (values.yaml is not included by default), expected to be a relative path in the SourceRef. Values files are merged in the order of this list with the last file overriding the first. Ignored when omitted. - items: - type: string - type: array - version: - default: '*' - description: Version semver expression, ignored for charts from v1beta1.GitRepository and v1beta1.Bucket sources. Defaults to latest when omitted. - type: string - required: - - chart - - sourceRef - type: object - required: - - spec - type: object - dependsOn: - description: DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to HelmRelease resources that must be ready before this HelmRelease can be reconciled. - items: - description: CrossNamespaceDependencyReference holds the reference to a dependency. - properties: - name: - description: Name holds the name reference of a dependency. - type: string - namespace: - description: Namespace holds the namespace reference of a dependency. - type: string - required: - - name - type: object - type: array - install: - description: Install holds the configuration for Helm install actions for this HelmRelease. - properties: - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory according to the CRD upgrade policy provided here. Valid values are `Skip`, `Create` or `CreateReplace`. Default is `Create` and if omitted CRDs are installed but not updated. \n Skip: do neither install nor replace (update) any CRDs. \n Create: new CRDs are created, existing CRDs are neither updated nor deleted. \n CreateReplace: new CRDs are created, existing CRDs are updated (replaced) but not deleted. \n By default, CRDs are applied (installed) during Helm install action. With this option users can opt-in to CRD replace existing CRDs on Helm install actions, which is not (yet) natively supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - createNamespace: - description: CreateNamespace tells the Helm install action to create the HelmReleaseSpec.TargetNamespace if it does not exist yet. On uninstall, the namespace will not be garbage collected. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the Helm install action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm install action from validating rendered templates against the Kubernetes OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to be ready after a Helm install has been performed. - type: boolean - remediation: - description: Remediation holds the remediation configuration for when the Helm install action for the HelmRelease fails. The default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an install action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false'. - type: boolean - retries: - description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using an uninstall, is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries. - type: integer - type: object - replace: - description: Replace tells the Helm install action to re-use the 'ReleaseName', but only if that name is a deleted release which remains in the history. - type: boolean - skipCRDs: - description: "SkipCRDs tells the Helm install action to not install any CRDs. By default, CRDs are installed if not already present. \n Deprecated use CRD policy (`crds`) attribute with value `Skip` instead." - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - interval: - description: Interval at which to reconcile the Helm release. - type: string - kubeConfig: - description: KubeConfig for reconciling the HelmRelease on a remote cluster. When specified, KubeConfig takes precedence over ServiceAccountName. - properties: - secretRef: - description: SecretRef holds the name to a secret that contains a 'value' key with the kubeconfig file as the value. It must be in the same namespace as the HelmRelease. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling the HelmRelease. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - type: object - maxHistory: - description: MaxHistory is the number of revisions saved by Helm for this HelmRelease. Use '0' for an unlimited number of revisions; defaults to '10'. - type: integer - postRenderers: - description: PostRenderers holds an array of Helm PostRenderers, which will be applied in order of their definition. - items: - description: PostRenderer contains a Helm PostRenderer specification. - properties: - kustomize: - description: Kustomization to apply as PostRenderer. - properties: - images: - description: Images is a list of (image name, new name, new tag or digest) for changing image names, tags or digests. This can also be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original name. - type: string - newTag: - description: NewTag is the value used to replace the original tag. - type: string - required: - - name - type: object - type: array - patchesJson6902: - description: JSON 6902 patches, defined as inline YAML objects. - items: - description: JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document with an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4 - properties: - from: - type: string - op: - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - type: string - value: - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as inline YAML objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - type: object - type: object - type: array - releaseName: - description: ReleaseName used for the Helm release. Defaults to a composition of '[TargetNamespace-]Name'. - maxLength: 53 - minLength: 1 - type: string - rollback: - description: Rollback holds the configuration for Helm rollback actions for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created during the Helm rollback action when it fails. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to be ready after a Helm rollback has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement strategy. - type: boolean - recreate: - description: Recreate performs pod restarts for the resource if applicable. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - serviceAccountName: - description: The name of the Kubernetes service account to impersonate when reconciling this HelmRelease. - type: string - storageNamespace: - description: StorageNamespace used for the Helm storage. Defaults to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - suspend: - description: Suspend tells the controller to suspend reconciliation for this HelmRelease, it does not apply to already started reconciliations. Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace to target when performing operations for the HelmRelease. Defaults to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - test: - description: Test holds the configuration for Helm test actions for this HelmRelease. - properties: - enable: - description: Enable enables Helm test actions for this HelmRelease after an Helm install or upgrade action has been performed. - type: boolean - ignoreFailures: - description: IgnoreFailures tells the controller to skip remediation when the Helm tests are run but fail. Can be overwritten for tests run after install or upgrade actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes operation during the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm action. Defaults to '5m0s'. - type: string - uninstall: - description: Uninstall holds the configuration for Helm uninstall actions for this HelmRelease. - properties: - disableHooks: - description: DisableHooks prevents hooks from running during the Helm rollback action. - type: boolean - keepHistory: - description: KeepHistory tells Helm to remove all associated resources and mark the release as deleted, but retain the release history. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - upgrade: - description: Upgrade holds the configuration for Helm upgrade actions for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created during the Helm upgrade action when it fails. - type: boolean - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory according to the CRD upgrade policy provided here. Valid values are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and if omitted CRDs are neither installed nor upgraded. \n Skip: do neither install nor replace (update) any CRDs. \n Create: new CRDs are created, existing CRDs are neither updated nor deleted. \n CreateReplace: new CRDs are created, existing CRDs are updated (replaced) but not deleted. \n By default, CRDs are not applied during Helm upgrade action. With this option users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - disableHooks: - description: DisableHooks prevents hooks from running during the Helm upgrade action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm upgrade action from validating rendered templates against the Kubernetes OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to be ready after a Helm upgrade has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement strategy. - type: boolean - preserveValues: - description: PreserveValues will make Helm reuse the last release's values and merge in overrides from 'Values'. Setting this flag makes the HelmRelease non-declarative. - type: boolean - remediation: - description: Remediation holds the remediation configuration for when the Helm upgrade action for the HelmRelease fails. The default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an upgrade action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false' unless 'Retries' is greater than 0. - type: boolean - retries: - description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using 'Strategy', is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries. - type: integer - strategy: - description: Strategy to use for failure remediation. Defaults to 'rollback'. - enum: - - rollback - - uninstall - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. - type: string - type: object - values: - description: Values holds the values for this Helm release. - x-kubernetes-preserve-unknown-fields: true - valuesFrom: - description: ValuesFrom holds references to resources containing Helm values for this HelmRelease, and information about how they should be merged. - items: - description: ValuesReference contains a reference to a resource containing Helm values, and optionally the key they can be found at. - properties: - kind: - description: Kind of the values referent, valid values are ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - description: Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure. - type: boolean - targetPath: - description: TargetPath is the YAML dot notation path the value should be merged at. When set, the ValuesKey is expected to be a single flat value. Defaults to 'None', which results in the values getting merged at the root. - type: string - valuesKey: - description: ValuesKey is the data key where the values.yaml or a specific value can be found at. Defaults to 'values.yaml'. - type: string - required: - - kind - - name - type: object - type: array - required: - - chart - - interval - type: object - status: - description: HelmReleaseStatus defines the observed state of a HelmRelease. - properties: - conditions: - description: Conditions holds the conditions for the HelmRelease. - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - failures: - description: Failures is the reconciliation failure count against the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - helmChart: - description: HelmChart is the namespaced name of the HelmChart resource created by the controller for the HelmRelease. - type: string - installFailures: - description: InstallFailures is the install failure count against the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - lastAppliedRevision: - description: LastAppliedRevision is the revision of the last successfully applied source. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation attempt. - type: string - lastAttemptedValuesChecksum: - description: LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last reconciliation attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. - type: string - lastReleaseRevision: - description: LastReleaseRevision is the revision of the last successful Helm release. - type: integer - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - upgradeFailures: - description: UpgradeFailures is the upgrade failure count against the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: helmrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmRepository - listKind: HelmRepositoryList - plural: helmrepositories - shortNames: - - helmrepo - singular: helmrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmRepositorySpec defines the reference to a Helm repository. - properties: - interval: - description: The interval at which to check the upstream for updates. - type: string - secretRef: - description: The name of the secret containing authentication credentials for the Helm repository. For HTTP/S basic auth the secret must contain username and password fields. For TLS the secret must contain a certFile and keyFile, and/or caCert fields. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation of this source. - type: boolean - timeout: - default: 60s - description: The timeout of index downloading, defaults to 60s. - type: string - url: - description: The Helm repository URL, a valid URL contains at least a protocol and host. - type: string - required: - - interval - - url - type: object - status: - description: HelmRepositoryStatus defines the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the output of the last successful repository sync. - properties: - checksum: - description: Checksum is the SHA1 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last index fetched. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: kustomizations.kustomize.toolkit.fluxcd.io -spec: - group: kustomize.toolkit.fluxcd.io - names: - kind: Kustomization - listKind: KustomizationList - plural: kustomizations - shortNames: - - ks - singular: kustomization - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the desired state of a kustomization. - properties: - decryption: - description: Decrypt Kubernetes secrets before applying them on the cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys used for decryption. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to Kustomization resources that must be ready before this Kustomization can be reconciled. - items: - description: CrossNamespaceDependencyReference holds the reference to a dependency. - properties: - name: - description: Name holds the name reference of a dependency. - type: string - namespace: - description: Namespace holds the namespace reference of a dependency. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information to let you locate the typed referenced object in any namespace - properties: - apiVersion: - description: API version of the referent, if not specified the Kubernetes preferred version will be used - type: string - kind: - description: Kind of the referent - type: string - name: - description: Name of the referent - type: string - namespace: - description: Namespace of the referent, when not specified it acts as LocalObjectReference - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or digest) for changing image names, tags or digests. This can also be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original name. - type: string - newTag: - description: NewTag is the value used to replace the original tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a remote cluster. When specified, KubeConfig takes precedence over ServiceAccountName. - properties: - secretRef: - description: SecretRef holds the name to a secret that contains a 'value' key with the kubeconfig file as the value. It must be in the same namespace as the Kustomization. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling the Kustomization. - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - type: object - patchesJson6902: - description: JSON 6902 patches, defined as inline YAML objects. - items: - description: JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document with an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4 - properties: - from: - type: string - op: - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - type: string - value: - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as inline YAML objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - path: - description: Path to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to 'None', which translates to the root path of the SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables defined in your YAML manifests that match any of the keys defined in the map will be substituted with the set value. Includes support for bash string replacement functions e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and Secrets containing the variables and their values to be substituted in the YAML manifests. The ConfigMap and the Secret data keys represent the var names and they must match the vars declared in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. When not specified, the controller uses the KustomizationSpec.Interval value to retry failures. - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file is. - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - GitRepository - - Bucket - type: string - name: - description: Name of the referent - type: string - namespace: - description: Namespace of the referent, defaults to the Kustomization namespace - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent kustomize executions, it does not apply to already started executions. Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. Defaults to 'Interval' duration. - type: string - validation: - description: Validate the Kubernetes objects before applying them on the cluster. The validation strategy can be 'client' (local dry-run), 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true', validation will fallback to 'client' if set to 'server' because server-side validation is not supported in this scenario. - enum: - - none - - client - - server - type: string - required: - - interval - - prune - - sourceRef - type: object - status: - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastAppliedRevision: - description: The last successfully applied revision. The revision format for Git sources is /. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - snapshot: - description: The last successfully applied revision metadata. - properties: - checksum: - description: The manifests sha1 checksum. - type: string - entries: - description: A list of Kubernetes kinds grouped by namespace. - items: - description: Snapshot holds the metadata of namespaced Kubernetes objects - properties: - kinds: - additionalProperties: - type: string - description: The list of Kubernetes kinds. - type: object - namespace: - description: The namespace of this entry. - type: string - required: - - kinds - type: object - type: array - required: - - checksum - - entries - type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: providers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Provider - listKind: ProviderList - plural: providers - singular: provider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of Provider - properties: - address: - description: HTTP/S webhook address of this provider - pattern: ^(http|https):// - type: string - certSecretRef: - description: CertSecretRef can be given the name of a secret containing a PEM-encoded CA certificate (`caFile`) - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - channel: - description: Alert channel for this provider - type: string - proxy: - description: HTTP/S address of the proxy - pattern: ^(http|https):// - type: string - secretRef: - description: Secret reference containing the provider webhook URL using "address" as data key - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - type: - description: Type of provider - enum: - - slack - - discord - - msteams - - rocket - - generic - - github - - gitlab - - bitbucket - - azuredevops - - googlechat - - webex - - sentry - type: string - username: - description: Bot username for this provider - type: string - required: - - type - type: object - status: - description: ProviderStatus defines the observed state of Provider - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: receivers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Receiver - listKind: ReceiverList - plural: receivers - singular: receiver - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of Receiver - properties: - events: - description: A list of events to handle, e.g. 'push' for GitHub or 'Push Hook' for GitLab. - items: - type: string - type: array - resources: - description: A list of resources to be notified about changes. - items: - description: CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - type: string - name: - description: Name of the referent - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - name - type: object - type: array - secretRef: - description: Secret reference containing the token used to validate the payload authenticity - properties: - name: - description: Name of the referent - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent events handling. Defaults to false. - type: boolean - type: - description: Type of webhook sender, used to determine the validation procedure and payload deserialization. - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - type - type: object - status: - description: ReceiverStatus defines the observed state of Receiver - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: helm-controller - namespace: flux-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: kustomize-controller - namespace: flux-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: notification-controller - namespace: flux-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: source-controller - namespace: flux-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: crd-controller-flux-system -rules: -- apiGroups: - - source.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - kustomize.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - helm.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - notification.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - image.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - configmaps - - configmaps/status - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: cluster-reconciler-flux-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: flux-system -- kind: ServiceAccount - name: helm-controller - namespace: flux-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: crd-controller-flux-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: crd-controller-flux-system -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: flux-system -- kind: ServiceAccount - name: helm-controller - namespace: flux-system -- kind: ServiceAccount - name: source-controller - namespace: flux-system -- kind: ServiceAccount - name: notification-controller - namespace: flux-system -- kind: ServiceAccount - name: image-reflector-controller - namespace: flux-system -- kind: ServiceAccount - name: image-automation-controller - namespace: flux-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - control-plane: controller - name: notification-controller - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: notification-controller - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - control-plane: controller - name: source-controller - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: source-controller - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - control-plane: controller - name: webhook-receiver - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http-webhook - selector: - app: notification-controller - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - control-plane: controller - name: helm-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: helm-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: helm-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller/ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/helm-controller:v0.10.0 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9440 - name: healthz - protocol: TCP - - containerPort: 8080 - name: http-prom - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: helm-controller - terminationGracePeriodSeconds: 600 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - control-plane: controller - name: kustomize-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: kustomize-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: kustomize-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller/ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/kustomize-controller:v0.12.0 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9440 - name: healthz - protocol: TCP - - containerPort: 8080 - name: http-prom - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: kustomize-controller - terminationGracePeriodSeconds: 60 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - control-plane: controller - name: notification-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: notification-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: notification-controller - spec: - containers: - - args: - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/notification-controller:v0.13.0 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9440 - name: healthz - protocol: TCP - - containerPort: 9090 - name: http - - containerPort: 9292 - name: http-webhook - - containerPort: 8080 - name: http-prom - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - serviceAccountName: notification-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - control-plane: controller - name: source-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: source-controller - strategy: - type: Recreate - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: source-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller/ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - - --storage-path=/data - - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/source-controller:v0.12.1 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - - containerPort: 8080 - name: http-prom - - containerPort: 9440 - name: healthz - readinessProbe: - httpGet: - path: / - port: http - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 50m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /data - name: data - - mountPath: /tmp - name: tmp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: source-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: data - - emptyDir: {} - name: tmp ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: allow-egress - namespace: flux-system -spec: - egress: - - {} - ingress: - - from: - - podSelector: {} - podSelector: {} - policyTypes: - - Ingress - - Egress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: allow-scraping - namespace: flux-system -spec: - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP - podSelector: {} - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v0.13.2 - name: allow-webhooks - namespace: flux-system -spec: - ingress: - - from: - - namespaceSelector: {} - podSelector: - matchLabels: - app: notification-controller - policyTypes: - - Ingress diff --git a/clusters/production/flux-system/gotk-sync.yaml b/clusters/production/flux-system/gotk-sync.yaml deleted file mode 100644 index 5ab7261..0000000 --- a/clusters/production/flux-system/gotk-sync.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1beta1 -kind: GitRepository -metadata: - name: flux-system - namespace: flux-system -spec: - interval: 1m0s - ref: - branch: develop - secretRef: - name: flux-system - url: ssh://git@github.com/mccullya/kafka-gitops ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -kind: Kustomization -metadata: - name: flux-system - namespace: flux-system -spec: - interval: 10m0s - path: ./clusters/production - prune: true - sourceRef: - kind: GitRepository - name: flux-system - validation: client diff --git a/clusters/production/flux-system/kustomization.yaml b/clusters/production/flux-system/kustomization.yaml deleted file mode 100644 index 3842229..0000000 --- a/clusters/production/flux-system/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- gotk-components.yaml -- gotk-sync.yaml diff --git a/clusters/production/infrastucture.yaml b/clusters/production/infrastucture.yaml deleted file mode 100644 index ad290f3..0000000 --- a/clusters/production/infrastucture.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -kind: Kustomization -metadata: - name: infrastructure - namespace: flux-system -spec: - interval: 1m - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - healthChecks: - - kind: Pod - name: ldap - namespace: tools - path: ./infrastructure - prune: true diff --git a/infrastructure/sources/confluent.yaml b/infrastructure/sources/confluent.yaml deleted file mode 100644 index cdff5dd..0000000 --- a/infrastructure/sources/confluent.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta1 -kind: HelmRepository -metadata: - name: confluent-private - namespace: flux-system -spec: - url: https://confluent.jfrog.io/confluent/helm-early-access-operator-2 - secretRef: - name: https-credentials - interval: 1m ---- -#apiVersion: v1 -#kind: Secret -#metadata: -# name: https-credentials -# namespace: flux-system -#type: Opaque -#data: -# username: c2lvbkBvc29kZXZvcHMuaW8= -# password: ZXlKMlpYSWlPaUl5SWl3aWRIbHdJam9pU2xkVUlpd2lZV3huSWpvaVVsTXlOVFlpTENKcmFXUWlPaUl5VVVsdE1HOURkMHBRY0dOU2FHVjZWWGh5YTA1dWFXWnZaR2xZWVRCM1JtVm5NRXRrYjB0blVYVjNJbjAuZXlKemRXSWlPaUpxWm5KMFFEQXhZemR0WjJzeU5HdDJlR2M0TUhKd1lqbDZjSFl4Ym5aNlhDOTFjMlZ5YzF3dmMybHZia0J2YzI5a1pYWnZjSE11YVc4aUxDSnpZM0FpT2lKdFpXMWlaWEl0YjJZdFozSnZkWEJ6T205d1pYSmhkRzl5TFRJdFpXRnliSGt0WVdOalpYTnpMWEpsWVdRdGIyNXNlU0JoY0drNktpSXNJbUYxWkNJNkltcG1jblJBTURGak4yMW5hekkwYTNaNFp6Z3djbkJpT1hwd2RqRnVkbm9pTENKcGMzTWlPaUpxWm5KMFFEQXhZemR0WjJzeU5HdDJlR2M0TUhKd1lqbDZjSFl4Ym5aNlhDOTFjMlZ5YzF3dmNtRnFaWE5vUUdOdmJtWnNkV1Z1ZEM1cGJ5SXNJbVY0Y0NJNk1UWXlNVFk1T1RrMk55d2lhV0YwSWpveE5qRTVNVEEzT1RZM0xDSnFkR2tpT2lJek9XVmtZelF4WWkxaVkyRmpMVFEwTW1RdE9ETXpNQzAxTXpGa00yRTRPV0UzT1dNaWZRLmNPcG1VQmRpdG1PV2JCRjhNU1lxWW1TdktyY1U0eTNLWnZBQVhyOGJWVnR1QlhVcS1NQ1luMEQyRjR6VzJSbzlPUkFxTHFaVGZYZlRGQTBHYVN6QXpCNUVYWVRDdlhfNVUyb1c0UW9uMFdNOTNhOHdyamV2N2hzbjB0TDhNYnZSdlg3OU11NTRmZlljcjgyQ2s3c2Jtd0NCM0cyNC1ucTY1Y092Y2E0LU9wbWZyTTZYQzBjam5hQ0tPSVN3eEtpNThTMVRnZjY1SG5qWWtUdFBnM0d3V2tZdkJnN3FYM1NqeWxJNG5rR0toamtpbkI2a3Q2aEF4OWNQQlI1RXZQNTYzSFhMc25KWkU1dU90UTd1Rmc0ZGl4aXI5dmFyZ3VQOHVFZ3Q0WU1VbHhiaGplRkdDVXdrdnF5NnBBU0VTNnNkRDBKNGZKTzVUNXhCZk5Oa0dMd0ppdw== -# this is: -# "password": "eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiIyUUltMG9Dd0pQcGNSaGV6VXhya05uaWZvZGlYYTB3RmVnMEtkb0tnUXV3In0.eyJzdWIiOiJqZnJ0QDAxYzdtZ2syNGt2eGc4MHJwYjl6cHYxbnZ6XC91c2Vyc1wvc2lvbkBvc29kZXZvcHMuaW8iLCJzY3AiOiJtZW1iZXItb2YtZ3JvdXBzOm9wZXJhdG9yLTItZWFybHktYWNjZXNzLXJlYWQtb25seSBhcGk6KiIsImF1ZCI6ImpmcnRAMDFjN21nazI0a3Z4ZzgwcnBiOXpwdjFudnoiLCJpc3MiOiJqZnJ0QDAxYzdtZ2syNGt2eGc4MHJwYjl6cHYxbnZ6XC91c2Vyc1wvcmFqZXNoQGNvbmZsdWVudC5pbyIsImV4cCI6MTYyMTY5OTk2NywiaWF0IjoxNjE5MTA3OTY3LCJqdGkiOiIzOWVkYzQxYi1iY2FjLTQ0MmQtODMzMC01MzFkM2E4OWE3OWMifQ.cOpmUBditmOWbBF8MSYqYmSvKrcU4y3KZvAAXr8bVVtuBXUq-MCYn0D2F4zW2Ro9ORAqLqZTfXfTFA0GaSzAzB5EXYTCvX_5U2oW4Qon0WM93a8wrjev7hsn0tL8MbvRvX79Mu54ffYcr82Ck7sbmwCB3G24-nq65cOvca4-OpmfrM6XC0cjnaCKOISwxKi58S1Tgf65HnjYkTtPg3GwWkYvBg7qX3SjylI4nkGKhjkinB6kt6hAx9cPBR5EvP563HXLsnJZE5uOtQ7uFg4dixir9varguP8uEgt4YMUlxbhjeFGCUwkvqy6pASES6sdD0J4fJO5T5xBfNNkGLwJiw", -# "username": "sion@osodevops.io" \ No newline at end of file diff --git a/infrastructure/sources/kustomization.yaml b/infrastructure/sources/kustomization.yaml deleted file mode 100644 index e697fe7..0000000 --- a/infrastructure/sources/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: flux-system -resources: - - confluent.yaml \ No newline at end of file diff --git a/infrastructure/confluent/confluent-operator.yaml b/kustomize/base/confluent-operator/confluent-operator.yaml similarity index 60% rename from infrastructure/confluent/confluent-operator.yaml rename to kustomize/base/confluent-operator/confluent-operator.yaml index bce6a2d..e87a398 100644 --- a/infrastructure/confluent/confluent-operator.yaml +++ b/kustomize/base/confluent-operator/confluent-operator.yaml @@ -3,7 +3,6 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: confluent - namespace: confluent spec: interval: 1m chart: @@ -16,3 +15,13 @@ spec: values: image: registry: confluent-docker-internal-early-access-operator-2.jfrog.io +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: confluent-private +spec: + url: https://confluent.jfrog.io/confluent/helm-early-access-operator-2 + secretRef: + name: https-credentials + interval: 1m diff --git a/infrastructure/confluent/kustomization.yaml b/kustomize/base/confluent-operator/kustomization.yaml similarity index 86% rename from infrastructure/confluent/kustomization.yaml rename to kustomize/base/confluent-operator/kustomization.yaml index 86734a3..bcd301f 100644 --- a/infrastructure/confluent/kustomization.yaml +++ b/kustomize/base/confluent-operator/kustomization.yaml @@ -2,5 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: confluent resources: - - namespace.yaml - confluent-operator.yaml \ No newline at end of file diff --git a/apps/base/kafka/certificates.yaml b/kustomize/base/confluent/certificates.yaml similarity index 99% rename from apps/base/kafka/certificates.yaml rename to kustomize/base/confluent/certificates.yaml index e6d006b..5d34267 100644 --- a/apps/base/kafka/certificates.yaml +++ b/kustomize/base/confluent/certificates.yaml @@ -3,7 +3,6 @@ apiVersion: v1 kind: Secret metadata: name: ca-pair-sslcerts - namespace: confluent type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= @@ -13,7 +12,6 @@ apiVersion: v1 kind: Secret metadata: name: connect-generated-jks - namespace: confluent type: kubernetes.io/tls data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= @@ -28,7 +26,6 @@ apiVersion: v1 kind: Secret metadata: name: controlcenter-generated-jks - namespace: confluent type: kubernetes.io/tls data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= @@ -43,7 +40,6 @@ apiVersion: v1 kind: Secret metadata: name: kafka-generated-jks - namespace: confluent type: kubernetes.io/tls data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= @@ -58,7 +54,6 @@ apiVersion: v1 kind: Secret metadata: name: ksqldb-generated-jks - namespace: confluent type: kubernetes.io/tls data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= @@ -73,7 +68,6 @@ apiVersion: v1 kind: Secret metadata: name: registry-generated-jks - namespace: confluent type: kubernetes.io/tls data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= @@ -88,7 +82,6 @@ apiVersion: v1 kind: Secret metadata: name: rest-sslcerts - namespace: confluent type: kubernetes.io/tls data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= @@ -103,7 +96,6 @@ apiVersion: v1 kind: Secret metadata: name: zookeeper-generated-jks - namespace: confluent type: kubernetes.io/tls data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= diff --git a/apps/base/kafka/control-centre.yaml b/kustomize/base/confluent/control-centre.yaml similarity index 97% rename from apps/base/kafka/control-centre.yaml rename to kustomize/base/confluent/control-centre.yaml index 6c5e561..019eebc 100644 --- a/apps/base/kafka/control-centre.yaml +++ b/kustomize/base/confluent/control-centre.yaml @@ -3,7 +3,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ControlCenter metadata: name: controlcenter - namespace: confluent spec: replicas: 1 podTemplate: diff --git a/apps/base/kafka/kafka-connect.yaml b/kustomize/base/confluent/kafka-connect.yaml similarity index 98% rename from apps/base/kafka/kafka-connect.yaml rename to kustomize/base/confluent/kafka-connect.yaml index e43236b..4461f2a 100644 --- a/apps/base/kafka/kafka-connect.yaml +++ b/kustomize/base/confluent/kafka-connect.yaml @@ -3,7 +3,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: Connect metadata: name: connect - namespace: confluent spec: replicas: 1 image: diff --git a/apps/base/kafka/kafka.yaml b/kustomize/base/confluent/kafka.yaml similarity index 99% rename from apps/base/kafka/kafka.yaml rename to kustomize/base/confluent/kafka.yaml index 0eb6c0e..013f0e5 100644 --- a/apps/base/kafka/kafka.yaml +++ b/kustomize/base/confluent/kafka.yaml @@ -3,7 +3,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: Kafka metadata: name: kafka - namespace: confluent spec: replicas: 3 image: @@ -115,7 +114,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: KafkaRestClass metadata: name: default - namespace: confluent spec: kafkaRest: authentication: diff --git a/apps/base/kafka/ksqldb.yaml b/kustomize/base/confluent/ksqldb.yaml similarity index 97% rename from apps/base/kafka/ksqldb.yaml rename to kustomize/base/confluent/ksqldb.yaml index 3d7708e..4b8cf30 100644 --- a/apps/base/kafka/ksqldb.yaml +++ b/kustomize/base/confluent/ksqldb.yaml @@ -3,7 +3,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: KsqlDB metadata: name: ksqldb - namespace: confluent spec: replicas: 1 image: diff --git a/apps/base/kafka/kustomization.yaml b/kustomize/base/confluent/kustomization.yaml similarity index 91% rename from apps/base/kafka/kustomization.yaml rename to kustomize/base/confluent/kustomization.yaml index d54af9c..58aea4c 100644 --- a/apps/base/kafka/kustomization.yaml +++ b/kustomize/base/confluent/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: confluent resources: - certificates.yaml - zookeeper.yaml diff --git a/apps/base/kafka/rest-proxy.yaml b/kustomize/base/confluent/rest-proxy.yaml similarity index 99% rename from apps/base/kafka/rest-proxy.yaml rename to kustomize/base/confluent/rest-proxy.yaml index 6bae8b2..2ac0205 100644 --- a/apps/base/kafka/rest-proxy.yaml +++ b/kustomize/base/confluent/rest-proxy.yaml @@ -8,7 +8,6 @@ metadata: labels: type: rest name: rest - namespace: confluent spec: podManagementPolicy: Parallel replicas: 1 @@ -177,7 +176,6 @@ metadata: labels: type: rest name: rest - namespace: confluent spec: clusterIP: None ports: diff --git a/apps/base/kafka/schema-registry.yaml b/kustomize/base/confluent/schema-registry.yaml similarity index 97% rename from apps/base/kafka/schema-registry.yaml rename to kustomize/base/confluent/schema-registry.yaml index 3638b9b..89f7ab2 100644 --- a/apps/base/kafka/schema-registry.yaml +++ b/kustomize/base/confluent/schema-registry.yaml @@ -3,7 +3,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: SchemaRegistry metadata: name: registry - namespace: confluent spec: replicas: 1 image: diff --git a/apps/base/kafka/zookeeper.yaml b/kustomize/base/confluent/zookeeper.yaml similarity index 94% rename from apps/base/kafka/zookeeper.yaml rename to kustomize/base/confluent/zookeeper.yaml index 4fa5b6e..fbe052f 100644 --- a/apps/base/kafka/zookeeper.yaml +++ b/kustomize/base/confluent/zookeeper.yaml @@ -3,7 +3,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: Zookeeper metadata: name: zookeeper - namespace: confluent spec: replicas: 3 image: diff --git a/apps/base/kustomization.yaml b/kustomize/base/kustomization.yaml similarity index 65% rename from apps/base/kustomization.yaml rename to kustomize/base/kustomization.yaml index c449752..1244cba 100644 --- a/apps/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -1,5 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - secrets + - confluent-operator + - confluent - rolebindings - - kafka diff --git a/apps/base/rolebindings/connect/connect-base.yaml b/kustomize/base/rolebindings/connect/connect-base.yaml similarity index 93% rename from apps/base/rolebindings/connect/connect-base.yaml rename to kustomize/base/rolebindings/connect/connect-base.yaml index 9416914..0dfc382 100644 --- a/apps/base/rolebindings/connect/connect-base.yaml +++ b/kustomize/base/rolebindings/connect/connect-base.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: connect-cluster-base - namespace: confluent spec: clustersScopeByIds: connectClusterId: confluent.connect @@ -15,7 +14,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: connect-resources-base - namespace: confluent spec: principal: name: connect @@ -33,7 +31,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: connect-monitoring-base - namespace: confluent spec: principal: name: connect diff --git a/apps/base/rolebindings/connect/connect-groups.yaml b/kustomize/base/rolebindings/connect/connect-groups.yaml similarity index 93% rename from apps/base/rolebindings/connect/connect-groups.yaml rename to kustomize/base/rolebindings/connect/connect-groups.yaml index 5a3b584..c62b7b5 100644 --- a/apps/base/rolebindings/connect/connect-groups.yaml +++ b/kustomize/base/rolebindings/connect/connect-groups.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: connect-groups - namespace: confluent spec: principal: name: connect diff --git a/apps/base/rolebindings/connect/connect-topics.yaml b/kustomize/base/rolebindings/connect/connect-topics.yaml similarity index 96% rename from apps/base/rolebindings/connect/connect-topics.yaml rename to kustomize/base/rolebindings/connect/connect-topics.yaml index 8f5c361..316544e 100644 --- a/apps/base/rolebindings/connect/connect-topics.yaml +++ b/kustomize/base/rolebindings/connect/connect-topics.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: connect-topics - namespace: confluent spec: principal: name: connect diff --git a/apps/base/rolebindings/connect/kustomization.yaml b/kustomize/base/rolebindings/connect/kustomization.yaml similarity index 100% rename from apps/base/rolebindings/connect/kustomization.yaml rename to kustomize/base/rolebindings/connect/kustomization.yaml diff --git a/apps/base/rolebindings/controlcenter/controlcentre-base.yaml b/kustomize/base/rolebindings/controlcenter/controlcentre-base.yaml similarity index 88% rename from apps/base/rolebindings/controlcenter/controlcentre-base.yaml rename to kustomize/base/rolebindings/controlcenter/controlcentre-base.yaml index 9c25674..64a4063 100644 --- a/apps/base/rolebindings/controlcenter/controlcentre-base.yaml +++ b/kustomize/base/rolebindings/controlcenter/controlcentre-base.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: control-centre-base - namespace: confluent spec: principal: name: ccc diff --git a/apps/base/rolebindings/controlcenter/controlcentre-clusters.yaml b/kustomize/base/rolebindings/controlcenter/controlcentre-clusters.yaml similarity index 91% rename from apps/base/rolebindings/controlcenter/controlcentre-clusters.yaml rename to kustomize/base/rolebindings/controlcenter/controlcentre-clusters.yaml index e15f003..600571f 100644 --- a/apps/base/rolebindings/controlcenter/controlcentre-clusters.yaml +++ b/kustomize/base/rolebindings/controlcenter/controlcentre-clusters.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: control-centre-cluster-registry - namespace: confluent spec: clustersScopeByIds: schemaRegistryClusterId: schema-registry @@ -15,7 +14,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: control-centre-cluster-connect - namespace: confluent spec: clustersScopeByIds: connectClusterId: confluent.connect @@ -28,7 +26,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: control-centre-cluster-ksqldb - namespace: confluent spec: clustersScopeByIds: ksqlClusterId: ksqldb-cluster diff --git a/apps/base/rolebindings/controlcenter/kustomization.yaml b/kustomize/base/rolebindings/controlcenter/kustomization.yaml similarity index 100% rename from apps/base/rolebindings/controlcenter/kustomization.yaml rename to kustomize/base/rolebindings/controlcenter/kustomization.yaml diff --git a/apps/base/rolebindings/ksqldb/ksqldb-base.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-base.yaml similarity index 93% rename from apps/base/rolebindings/ksqldb/ksqldb-base.yaml rename to kustomize/base/rolebindings/ksqldb/ksqldb-base.yaml index b760ec5..bc777a6 100644 --- a/apps/base/rolebindings/ksqldb/ksqldb-base.yaml +++ b/kustomize/base/rolebindings/ksqldb/ksqldb-base.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: ksqldb-cluster-base - namespace: confluent spec: clustersScopeByIds: ksqlClusterId: confluent.ksqldb_ @@ -19,7 +18,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: ksqldb-cluster-resources-base - namespace: confluent spec: principal: name: ksql diff --git a/apps/base/rolebindings/ksqldb/ksqldb-cluster.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-cluster.yaml similarity index 93% rename from apps/base/rolebindings/ksqldb/ksqldb-cluster.yaml rename to kustomize/base/rolebindings/ksqldb/ksqldb-cluster.yaml index e33328a..ce34f3f 100644 --- a/apps/base/rolebindings/ksqldb/ksqldb-cluster.yaml +++ b/kustomize/base/rolebindings/ksqldb/ksqldb-cluster.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: ksqldb-cluster - namespace: confluent spec: clustersScopeByIds: kafkaClusterId: qrGPK1LPTaa1s9d5D4V1rw diff --git a/apps/base/rolebindings/ksqldb/ksqldb-groups.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-groups.yaml similarity index 92% rename from apps/base/rolebindings/ksqldb/ksqldb-groups.yaml rename to kustomize/base/rolebindings/ksqldb/ksqldb-groups.yaml index fc8313f..04083cd 100644 --- a/apps/base/rolebindings/ksqldb/ksqldb-groups.yaml +++ b/kustomize/base/rolebindings/ksqldb/ksqldb-groups.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: ksqldb-cluster-groups - namespace: confluent spec: principal: name: ksql diff --git a/apps/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml similarity index 93% rename from apps/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml rename to kustomize/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml index 06555b4..63e70dc 100644 --- a/apps/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml +++ b/kustomize/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: ksqldb-cluster-ksqlcluster - namespace: confluent spec: clustersScopeByIds: ksqlClusterId: confluent.ksqldb_ diff --git a/apps/base/rolebindings/ksqldb/ksqldb-topics.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-topics.yaml similarity index 95% rename from apps/base/rolebindings/ksqldb/ksqldb-topics.yaml rename to kustomize/base/rolebindings/ksqldb/ksqldb-topics.yaml index 7fa9b97..0ba6994 100644 --- a/apps/base/rolebindings/ksqldb/ksqldb-topics.yaml +++ b/kustomize/base/rolebindings/ksqldb/ksqldb-topics.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: ksqldb-cluster-topics - namespace: confluent spec: principal: name: ksql diff --git a/apps/base/rolebindings/ksqldb/ksqldb-transaction.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-transaction.yaml similarity index 92% rename from apps/base/rolebindings/ksqldb/ksqldb-transaction.yaml rename to kustomize/base/rolebindings/ksqldb/ksqldb-transaction.yaml index 7bea69a..0e7910b 100644 --- a/apps/base/rolebindings/ksqldb/ksqldb-transaction.yaml +++ b/kustomize/base/rolebindings/ksqldb/ksqldb-transaction.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: ksqldb-cluster-transaction - namespace: confluent spec: principal: name: ksql diff --git a/apps/base/rolebindings/ksqldb/kustomization.yaml b/kustomize/base/rolebindings/ksqldb/kustomization.yaml similarity index 100% rename from apps/base/rolebindings/ksqldb/kustomization.yaml rename to kustomize/base/rolebindings/ksqldb/kustomization.yaml diff --git a/apps/base/rolebindings/kustomization.yaml b/kustomize/base/rolebindings/kustomization.yaml similarity index 100% rename from apps/base/rolebindings/kustomization.yaml rename to kustomize/base/rolebindings/kustomization.yaml diff --git a/apps/base/rolebindings/ldap/groups/kustomization.yaml b/kustomize/base/rolebindings/ldap/groups/kustomization.yaml similarity index 100% rename from apps/base/rolebindings/ldap/groups/kustomization.yaml rename to kustomize/base/rolebindings/ldap/groups/kustomization.yaml diff --git a/apps/base/rolebindings/ldap/groups/ldap-groups.yaml b/kustomize/base/rolebindings/ldap/groups/ldap-groups.yaml similarity index 92% rename from apps/base/rolebindings/ldap/groups/ldap-groups.yaml rename to kustomize/base/rolebindings/ldap/groups/ldap-groups.yaml index cc56ae0..755ce6e 100644 --- a/apps/base/rolebindings/ldap/groups/ldap-groups.yaml +++ b/kustomize/base/rolebindings/ldap/groups/ldap-groups.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: admin-groups-kafka-cluster-connect - namespace: confluent spec: clustersScopeByIds: connectClusterId: confluent.connect @@ -18,7 +17,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: admin-groups-kafka-cluster-sr - namespace: confluent spec: clustersScopeByIds: schemaRegistryClusterId: schema-registry @@ -31,7 +29,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: admin-groups-kafka-cluster-ksql - namespace: confluent spec: clustersScopeByIds: ksqlClusterId: ksqldb-cluster @@ -44,7 +41,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: admin-group-topics - namespace: confluent spec: principal: name: admins @@ -58,7 +54,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: admin-group-groups - namespace: confluent spec: principal: name: admins @@ -72,7 +67,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: admin-group-transactionalid - namespace: confluent spec: principal: name: admins diff --git a/apps/base/rolebindings/ldap/kustomization.yaml b/kustomize/base/rolebindings/ldap/kustomization.yaml similarity index 81% rename from apps/base/rolebindings/ldap/kustomization.yaml rename to kustomize/base/rolebindings/ldap/kustomization.yaml index f46f4bd..c860fd8 100644 --- a/apps/base/rolebindings/ldap/kustomization.yaml +++ b/kustomize/base/rolebindings/ldap/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: confluent resources: - groups - users \ No newline at end of file diff --git a/apps/base/rolebindings/ldap/users/kustomization.yaml b/kustomize/base/rolebindings/ldap/users/kustomization.yaml similarity index 100% rename from apps/base/rolebindings/ldap/users/kustomization.yaml rename to kustomize/base/rolebindings/ldap/users/kustomization.yaml diff --git a/apps/base/rolebindings/ldap/users/ldap-users.yaml b/kustomize/base/rolebindings/ldap/users/ldap-users.yaml similarity index 100% rename from apps/base/rolebindings/ldap/users/ldap-users.yaml rename to kustomize/base/rolebindings/ldap/users/ldap-users.yaml diff --git a/apps/base/rolebindings/schemaregistry/kustomization.yaml b/kustomize/base/rolebindings/schemaregistry/kustomization.yaml similarity index 100% rename from apps/base/rolebindings/schemaregistry/kustomization.yaml rename to kustomize/base/rolebindings/schemaregistry/kustomization.yaml diff --git a/apps/base/rolebindings/schemaregistry/schemaregistry-base.yaml b/kustomize/base/rolebindings/schemaregistry/schemaregistry-base.yaml similarity index 100% rename from apps/base/rolebindings/schemaregistry/schemaregistry-base.yaml rename to kustomize/base/rolebindings/schemaregistry/schemaregistry-base.yaml diff --git a/apps/base/rolebindings/schemaregistry/schemaregistry-groups.yaml b/kustomize/base/rolebindings/schemaregistry/schemaregistry-groups.yaml similarity index 100% rename from apps/base/rolebindings/schemaregistry/schemaregistry-groups.yaml rename to kustomize/base/rolebindings/schemaregistry/schemaregistry-groups.yaml diff --git a/apps/base/rolebindings/schemaregistry/schemaregistry-topics.yaml b/kustomize/base/rolebindings/schemaregistry/schemaregistry-topics.yaml similarity index 100% rename from apps/base/rolebindings/schemaregistry/schemaregistry-topics.yaml rename to kustomize/base/rolebindings/schemaregistry/schemaregistry-topics.yaml diff --git a/kustomize/base/secrets/c3-mds-client.yaml b/kustomize/base/secrets/c3-mds-client.yaml new file mode 100644 index 0000000..3d6d429 --- /dev/null +++ b/kustomize/base/secrets/c3-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9YzMKcGFzc3dvcmQ9YzMtc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: c3-mds-client diff --git a/kustomize/base/secrets/connect-mds-client.yaml b/kustomize/base/secrets/connect-mds-client.yaml new file mode 100644 index 0000000..3adbc0b --- /dev/null +++ b/kustomize/base/secrets/connect-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9Y29ubmVjdApwYXNzd29yZD1jb25uZWN0LXNlY3JldAo= +kind: Secret +metadata: + creationTimestamp: null + name: connect-mds-client diff --git a/kustomize/base/secrets/credential.yaml b/kustomize/base/secrets/credential.yaml new file mode 100644 index 0000000..053a4d6 --- /dev/null +++ b/kustomize/base/secrets/credential.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: + basic.txt: YzM6IGMzLXNlY3JldCxBZG1pbmlzdHJhdG9ycwphZG1pbjogRGV2ZWxvcGVyMSxBZG1pbmlzdHJhdG9ycwphZG1pbjE6IERldmVsb3BlcjEsQWRtaW5pc3RyYXRvcnMK + digest-users.json: ewogICJrYWZrYSI6ICJrYWZrYS1zZWNyZXQiCn0K + digest.txt: dXNlcm5hbWU9ImthZmthIgpwYXNzd29yZD0ia2Fma2Etc2VjcmV0Ig== + ldap.txt: dXNlcm5hbWU9Y249bWRzLGRjPXRlc3QsZGM9Y29tCnBhc3N3b3JkPURldmVsb3BlciEK + mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t + mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== + plain-users.json: ewogICJrYWZrYV9jbGllbnQiOiAia2Fma2FfY2xpZW50LXNlY3JldCIsCiAgImMzIjogImMzLXNlY3JldCIsCiAgImthZmthIjogImthZmthLXNlY3JldCIKfQ== + plain.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: credential diff --git a/kustomize/base/secrets/ksqldb-mds-client.yaml b/kustomize/base/secrets/ksqldb-mds-client.yaml new file mode 100644 index 0000000..6a053fc --- /dev/null +++ b/kustomize/base/secrets/ksqldb-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9a3NxbApwYXNzd29yZD1rc3FsLXNlY3JldAo= +kind: Secret +metadata: + creationTimestamp: null + name: ksqldb-mds-client diff --git a/kustomize/base/secrets/kustomization.yaml b/kustomize/base/secrets/kustomization.yaml new file mode 100644 index 0000000..1ee46d9 --- /dev/null +++ b/kustomize/base/secrets/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - c3-mds-client.yaml + - connect-mds-client.yaml + - credential.yaml + - ksqldb-mds-client.yaml + - mds-client.yaml + - rest-credential.yaml + - sr-mds-client.yaml \ No newline at end of file diff --git a/kustomize/base/secrets/mds-client.yaml b/kustomize/base/secrets/mds-client.yaml new file mode 100644 index 0000000..24de26d --- /dev/null +++ b/kustomize/base/secrets/mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: mds-client diff --git a/kustomize/base/secrets/mds-token.yaml b/kustomize/base/secrets/mds-token.yaml new file mode 100644 index 0000000..ae87e43 --- /dev/null +++ b/kustomize/base/secrets/mds-token.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t + mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== +kind: Secret +metadata: + creationTimestamp: null + name: mds-token diff --git a/kustomize/base/secrets/rest-credential.yaml b/kustomize/base/secrets/rest-credential.yaml new file mode 100644 index 0000000..f7901ac --- /dev/null +++ b/kustomize/base/secrets/rest-credential.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + basic.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== + bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== + plain.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: rest-credential diff --git a/kustomize/base/secrets/sr-mds-client.yaml b/kustomize/base/secrets/sr-mds-client.yaml new file mode 100644 index 0000000..fb57182 --- /dev/null +++ b/kustomize/base/secrets/sr-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9c3IKcGFzc3dvcmQ9c3Itc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: sr-mds-client diff --git a/apps/base/topics/foobar.yaml b/kustomize/base/topics/foobar.yaml similarity index 84% rename from apps/base/topics/foobar.yaml rename to kustomize/base/topics/foobar.yaml index 4fbb598..b1a752d 100644 --- a/apps/base/topics/foobar.yaml +++ b/kustomize/base/topics/foobar.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: KafkaTopic metadata: name: foobar - namespace: confluent spec: replicas: 1 partitionCount: 12 diff --git a/apps/base/topics/topic2.yaml b/kustomize/base/topics/topic2.yaml similarity index 85% rename from apps/base/topics/topic2.yaml rename to kustomize/base/topics/topic2.yaml index c25a3ba..782dd6d 100644 --- a/apps/base/topics/topic2.yaml +++ b/kustomize/base/topics/topic2.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: KafkaTopic metadata: name: topic-rbac - namespace: operator spec: replicas: 1 partitionCount: 12 \ No newline at end of file diff --git a/kustomize/environments/dev/kustomization.yaml b/kustomize/environments/dev/kustomization.yaml new file mode 100644 index 0000000..445fe96 --- /dev/null +++ b/kustomize/environments/dev/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- namespace.yaml +- ../../base +namePrefix: dev- +namespace: dev diff --git a/infrastructure/confluent/namespace.yaml b/kustomize/environments/dev/namespace.yaml similarity index 70% rename from infrastructure/confluent/namespace.yaml rename to kustomize/environments/dev/namespace.yaml index 3ac163a..e3472ba 100644 --- a/infrastructure/confluent/namespace.yaml +++ b/kustomize/environments/dev/namespace.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: confluent \ No newline at end of file + name: dev \ No newline at end of file diff --git a/kustomize/environments/kustomization.yaml b/kustomize/environments/kustomization.yaml new file mode 100644 index 0000000..88bc450 --- /dev/null +++ b/kustomize/environments/kustomization.yaml @@ -0,0 +1,4 @@ +resources: +- dev +- staging +- production diff --git a/kustomize/environments/production/kustomization.yaml b/kustomize/environments/production/kustomization.yaml new file mode 100644 index 0000000..177fa1d --- /dev/null +++ b/kustomize/environments/production/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- namespace.yaml +- ../../base +namePrefix: prod- +namespace: production diff --git a/kustomize/environments/production/namespace.yaml b/kustomize/environments/production/namespace.yaml new file mode 100644 index 0000000..9b8854c --- /dev/null +++ b/kustomize/environments/production/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: production \ No newline at end of file diff --git a/kustomize/environments/staging/kustomization.yaml b/kustomize/environments/staging/kustomization.yaml new file mode 100644 index 0000000..58fd280 --- /dev/null +++ b/kustomize/environments/staging/kustomization.yaml @@ -0,0 +1,5 @@ +resources: +- namespace.yaml +- ../../base +namePrefix: staging- +namespace: staging diff --git a/kustomize/environments/staging/namespace.yaml b/kustomize/environments/staging/namespace.yaml new file mode 100644 index 0000000..c6212de --- /dev/null +++ b/kustomize/environments/staging/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: staging \ No newline at end of file diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml new file mode 100644 index 0000000..6d22db6 --- /dev/null +++ b/kustomize/kustomization.yaml @@ -0,0 +1,4 @@ +resources: + - environments + - shared +namePrefix: cluster-a- diff --git a/infrastructure/kustomization.yaml b/kustomize/shared/kustomization.yaml similarity index 76% rename from infrastructure/kustomization.yaml rename to kustomize/shared/kustomization.yaml index e02d4bd..e9ae671 100644 --- a/infrastructure/kustomization.yaml +++ b/kustomize/shared/kustomization.yaml @@ -1,6 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - sources - - confluent - tools \ No newline at end of file diff --git a/infrastructure/tools/kustomization.yaml b/kustomize/shared/tools/kustomization.yaml similarity index 100% rename from infrastructure/tools/kustomization.yaml rename to kustomize/shared/tools/kustomization.yaml diff --git a/infrastructure/tools/ldap.yaml b/kustomize/shared/tools/ldap.yaml similarity index 100% rename from infrastructure/tools/ldap.yaml rename to kustomize/shared/tools/ldap.yaml diff --git a/infrastructure/tools/namespace.yaml b/kustomize/shared/tools/namespace.yaml similarity index 100% rename from infrastructure/tools/namespace.yaml rename to kustomize/shared/tools/namespace.yaml diff --git a/infrastructure/tools/proxy.yaml b/kustomize/shared/tools/proxy.yaml similarity index 100% rename from infrastructure/tools/proxy.yaml rename to kustomize/shared/tools/proxy.yaml diff --git a/resources/c3-mds-client.yaml b/resources/c3-mds-client.yaml new file mode 100644 index 0000000..3d6d429 --- /dev/null +++ b/resources/c3-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9YzMKcGFzc3dvcmQ9YzMtc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: c3-mds-client diff --git a/resources/connect-mds-client.yaml b/resources/connect-mds-client.yaml new file mode 100644 index 0000000..3adbc0b --- /dev/null +++ b/resources/connect-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9Y29ubmVjdApwYXNzd29yZD1jb25uZWN0LXNlY3JldAo= +kind: Secret +metadata: + creationTimestamp: null + name: connect-mds-client diff --git a/resources/ksqldb-client.yaml b/resources/ksqldb-client.yaml new file mode 100644 index 0000000..6a053fc --- /dev/null +++ b/resources/ksqldb-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9a3NxbApwYXNzd29yZD1rc3FsLXNlY3JldAo= +kind: Secret +metadata: + creationTimestamp: null + name: ksqldb-mds-client diff --git a/resources/mds-client.yaml b/resources/mds-client.yaml new file mode 100644 index 0000000..24de26d --- /dev/null +++ b/resources/mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: mds-client diff --git a/resources/mds-token.yaml b/resources/mds-token.yaml new file mode 100644 index 0000000..ae87e43 --- /dev/null +++ b/resources/mds-token.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t + mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== +kind: Secret +metadata: + creationTimestamp: null + name: mds-token diff --git a/resources/populate_secrets.sh b/resources/populate_secrets.sh index b274d1d..ca411b6 100755 --- a/resources/populate_secrets.sh +++ b/resources/populate_secrets.sh @@ -1,5 +1,5 @@ #!/bin/bash -kubectl create secret -n confluent generic credential \ +kubectl create secret generic credential \ --from-file=plain-users.json=./users/creds-kafka-sasl-users.json \ --from-file=digest-users.json=./users/creds-zookeeper-sasl-digest-users.json \ --from-file=digest.txt=./users/creds-kafka-zookeeper-credentials.txt \ @@ -7,28 +7,37 @@ kubectl create secret -n confluent generic credential \ --from-file=basic.txt=./users/creds-control-center-users.txt \ --from-file=ldap.txt=./users/ldap.txt \ --from-file=mdsPublicKey.pem=./certs/mds-publickey.txt \ ---from-file=mdsTokenKeyPair.pem=./certs/mds-tokenkeypair.txt -kubectl create secret -n confluent generic mds-token \ +--from-file=mdsTokenKeyPair.pem=./certs/mds-tokenkeypair.txt \ +--dry-run=client --output=yaml > ../kustomize/base/secrets/credential.yaml + +kubectl create secret generic mds-token \ --from-file=mdsPublicKey.pem=./certs/mds-publickey.txt \ ---from-file=mdsTokenKeyPair.pem=./certs/mds-tokenkeypair.txt +--from-file=mdsTokenKeyPair.pem=./certs/mds-tokenkeypair.txt \ +--dry-run=client --output=yaml > ../kustomize/base/secrets/mds-token.yaml # Kafka RBAC credential -kubectl create secret -n confluent generic mds-client \ ---from-file=bearer.txt=./users/bearer.txt +kubectl create secret generic mds-client \ +--from-file=bearer.txt=./users/bearer.txt \ +--dry-run=client --output=yaml > ../kustomize/base/secrets/mds-client.yaml # Control Center RBAC credential -kubectl create secret -n confluent generic c3-mds-client \ ---from-file=bearer.txt=./users/c3-mds-client.txt +kubectl create secret generic c3-mds-client \ +--from-file=bearer.txt=./users/c3-mds-client.txt \ +--dry-run=client --output=yaml > ../kustomize/base/secrets/c3-mds-client.yaml # Connect RBAC credential -kubectl create secret -n confluent generic connect-mds-client \ ---from-file=bearer.txt=./users/connect-mds-client.txt +kubectl create secret generic connect-mds-client \ +--from-file=bearer.txt=./users/connect-mds-client.txt \ +--dry-run=client --output=yaml > ../kustomize/base/secrets/connect-mds-client.yaml # Schema Registry RBAC credential -kubectl create secret -n confluent generic sr-mds-client \ ---from-file=bearer.txt=./users/sr-mds-client.txt +kubectl create secret generic sr-mds-client \ +--from-file=bearer.txt=./users/sr-mds-client.txt \ +--dry-run=client --output=yaml > ../kustomize/base/secrets/sr-mds-client.yaml # ksqlDB RBAC credential -kubectl create secret -n confluent generic ksqldb-mds-client \ ---from-file=bearer.txt=./users/ksqldb-mds-client.txt +kubectl create secret generic ksqldb-mds-client \ +--from-file=bearer.txt=./users/ksqldb-mds-client.txt \ +--dry-run=client --output=yaml > ../kustomize/base/secrets/ksqldb-mds-client.yaml # Kafka REST credential -kubectl create secret -n confluent generic rest-credential \ +kubectl create secret generic rest-credential \ --from-file=bearer.txt=./users/bearer.txt \ --from-file=basic.txt=./users/bearer.txt \ ---from-file=plain.txt=./users/bearer.txt \ No newline at end of file +--from-file=plain.txt=./users/bearer.txt \ +--dry-run=client --output=yaml > ../kustomize/base/secrets/rest-credential.yaml \ No newline at end of file diff --git a/resources/rest-credential.yaml b/resources/rest-credential.yaml new file mode 100644 index 0000000..f7901ac --- /dev/null +++ b/resources/rest-credential.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + basic.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== + bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== + plain.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: rest-credential diff --git a/resources/sr-mds-client.yaml b/resources/sr-mds-client.yaml new file mode 100644 index 0000000..fb57182 --- /dev/null +++ b/resources/sr-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9c3IKcGFzc3dvcmQ9c3Itc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: sr-mds-client From dc2a4c195d5e14e87f3cf9c8b2c63194a7eeb99f Mon Sep 17 00:00:00 2001 From: Flux <> Date: Tue, 18 May 2021 12:43:17 +0100 Subject: [PATCH 11/46] Add Flux v0.13.2 component manifests --- kustomize/flux-system/gotk-components.yaml | 2831 ++++++++++++++++++++ 1 file changed, 2831 insertions(+) create mode 100644 kustomize/flux-system/gotk-components.yaml diff --git a/kustomize/flux-system/gotk-components.yaml b/kustomize/flux-system/gotk-components.yaml new file mode 100644 index 0000000..376dba2 --- /dev/null +++ b/kustomize/flux-system/gotk-components.yaml @@ -0,0 +1,2831 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: flux-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: alerts.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Alert + listKind: AlertList + plural: alerts + singular: alert + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Alert is the Schema for the alerts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AlertSpec defines an alerting rule for events involving a list of objects + properties: + eventSeverity: + default: info + description: Filter events based on severity, defaults to ('info'). If set to 'info' no events will be filtered. + enum: + - info + - error + type: string + eventSources: + description: Filter events based on the involved objects. + items: + description: CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + type: string + name: + description: Name of the referent + maxLength: 53 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 53 + minLength: 1 + type: string + required: + - name + type: object + type: array + exclusionList: + description: A list of Golang regular expressions to be used for excluding messages. + items: + type: string + type: array + providerRef: + description: Send events using this provider. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + summary: + description: Short description of the impact and affected cluster. + type: string + suspend: + description: This flag tells the controller to suspend subsequent events dispatching. Defaults to false. + type: boolean + required: + - eventSources + - providerRef + type: object + status: + description: AlertStatus defines the observed state of Alert + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: buckets.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: Bucket + listKind: BucketList + plural: buckets + singular: bucket + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Bucket is the Schema for the buckets API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BucketSpec defines the desired state of an S3 compatible bucket + properties: + bucketName: + description: The bucket name. + type: string + endpoint: + description: The bucket endpoint address. + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are. + type: string + insecure: + description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. + type: boolean + interval: + description: The interval at which to check for bucket updates. + type: string + provider: + default: generic + description: The S3 compatible storage provider name, default ('generic'). + enum: + - generic + - aws + type: string + region: + description: The bucket region. + type: string + secretRef: + description: The name of the secret containing authentication credentials for the Bucket. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation of this source. + type: boolean + timeout: + default: 20s + description: The timeout for download operations, defaults to 20s. + type: string + required: + - bucketName + - endpoint + - interval + type: object + status: + description: BucketStatus defines the observed state of a bucket + properties: + artifact: + description: Artifact represents the output of the last successful Bucket sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the Bucket. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the artifact output of the last Bucket sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: gitrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: GitRepository + listKind: GitRepositoryList + plural: gitrepositories + shortNames: + - gitrepo + singular: gitrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: GitRepository is the Schema for the gitrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GitRepositorySpec defines the desired state of a Git repository. + properties: + gitImplementation: + default: go-git + description: Determines which git client library to use. Defaults to go-git, valid values are ('go-git', 'libgit2'). + enum: + - go-git + - libgit2 + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are. + type: string + interval: + description: The interval at which to check for repository updates. + type: string + recurseSubmodules: + description: When enabled, after the clone is created, initializes all submodules within, using their default settings. This option is available only when using the 'go-git' GitImplementation. + type: boolean + ref: + description: The Git reference to checkout and monitor for changes, defaults to master branch. + properties: + branch: + default: master + description: The Git branch to checkout, defaults to master. + type: string + commit: + description: The Git commit SHA to checkout, if specified Tag filters will be ignored. + type: string + semver: + description: The Git tag semver expression, takes precedence over Tag. + type: string + tag: + description: The Git tag to checkout, takes precedence over Branch. + type: string + type: object + secretRef: + description: The secret name containing the Git credentials. For HTTPS repositories the secret must contain username and password fields. For SSH repositories the secret must contain identity, identity.pub and known_hosts fields. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation of this source. + type: boolean + timeout: + default: 20s + description: The timeout for remote Git operations like cloning, defaults to 20s. + type: string + url: + description: The repository URL, can be a HTTP/S or SSH address. + pattern: ^(http|https|ssh):// + type: string + verify: + description: Verify OpenPGP signature for the Git commit HEAD points to. + properties: + mode: + description: Mode describes what git object should be verified, currently ('head'). + enum: + - head + type: string + secretRef: + description: The secret name containing the public keys of all trusted Git authors. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + required: + - mode + type: object + required: + - interval + - url + type: object + status: + description: GitRepositoryStatus defines the observed state of a Git repository. + properties: + artifact: + description: Artifact represents the output of the last successful repository sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the GitRepository. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the artifact output of the last repository sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: helmcharts.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmChart + listKind: HelmChartList + plural: helmcharts + shortNames: + - hc + singular: helmchart + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.chart + name: Chart + type: string + - jsonPath: .spec.version + name: Version + type: string + - jsonPath: .spec.sourceRef.kind + name: Source Kind + type: string + - jsonPath: .spec.sourceRef.name + name: Source Name + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: HelmChart is the Schema for the helmcharts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmChartSpec defines the desired state of a Helm chart. + properties: + chart: + description: The name or path the Helm chart is available at in the SourceRef. + type: string + interval: + description: The interval at which to check the Source for updates. + type: string + sourceRef: + description: The reference to the Source the chart is available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket'). + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + type: string + required: + - kind + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation of this source. + type: boolean + valuesFile: + description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Deprecated in favor of ValuesFiles, for backwards compatibility the file defined here is merged before the ValuesFiles items. Ignored when omitted. + type: string + valuesFiles: + description: Alternative list of values files to use as the chart values (values.yaml is not included by default), expected to be a relative path in the SourceRef. Values files are merged in the order of this list with the last file overriding the first. Ignored when omitted. + items: + type: string + type: array + version: + default: '*' + description: The chart version semver expression, ignored for charts from GitRepository and Bucket sources. Defaults to latest when omitted. + type: string + required: + - chart + - interval + - sourceRef + type: object + status: + description: HelmChartStatus defines the observed state of the HelmChart. + properties: + artifact: + description: Artifact represents the output of the last successful chart sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmChart. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the last chart pulled. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: helmreleases.helm.toolkit.fluxcd.io +spec: + group: helm.toolkit.fluxcd.io + names: + kind: HelmRelease + listKind: HelmReleaseList + plural: helmreleases + shortNames: + - hr + singular: helmrelease + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2beta1 + schema: + openAPIV3Schema: + description: HelmRelease is the Schema for the helmreleases API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmReleaseSpec defines the desired state of a Helm release. + properties: + chart: + description: Chart defines the template of the v1beta1.HelmChart that should be created for this HelmRelease. + properties: + spec: + description: Spec holds the template for the v1beta1.HelmChartSpec for this HelmRelease. + properties: + chart: + description: The name or path the Helm chart is available at in the SourceRef. + type: string + interval: + description: Interval at which to check the v1beta1.Source for updates. Defaults to 'HelmReleaseSpec.Interval'. + type: string + sourceRef: + description: The name and namespace of the v1beta1.Source the chart is available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent. + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent. + maxLength: 63 + minLength: 1 + type: string + required: + - name + type: object + valuesFile: + description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Deprecated in favor of ValuesFiles, for backwards compatibility the file defined here is merged before the ValuesFiles items. Ignored when omitted. + type: string + valuesFiles: + description: Alternative list of values files to use as the chart values (values.yaml is not included by default), expected to be a relative path in the SourceRef. Values files are merged in the order of this list with the last file overriding the first. Ignored when omitted. + items: + type: string + type: array + version: + default: '*' + description: Version semver expression, ignored for charts from v1beta1.GitRepository and v1beta1.Bucket sources. Defaults to latest when omitted. + type: string + required: + - chart + - sourceRef + type: object + required: + - spec + type: object + dependsOn: + description: DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to HelmRelease resources that must be ready before this HelmRelease can be reconciled. + items: + description: CrossNamespaceDependencyReference holds the reference to a dependency. + properties: + name: + description: Name holds the name reference of a dependency. + type: string + namespace: + description: Namespace holds the namespace reference of a dependency. + type: string + required: + - name + type: object + type: array + install: + description: Install holds the configuration for Helm install actions for this HelmRelease. + properties: + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory according to the CRD upgrade policy provided here. Valid values are `Skip`, `Create` or `CreateReplace`. Default is `Create` and if omitted CRDs are installed but not updated. \n Skip: do neither install nor replace (update) any CRDs. \n Create: new CRDs are created, existing CRDs are neither updated nor deleted. \n CreateReplace: new CRDs are created, existing CRDs are updated (replaced) but not deleted. \n By default, CRDs are applied (installed) during Helm install action. With this option users can opt-in to CRD replace existing CRDs on Helm install actions, which is not (yet) natively supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." + enum: + - Skip + - Create + - CreateReplace + type: string + createNamespace: + description: CreateNamespace tells the Helm install action to create the HelmReleaseSpec.TargetNamespace if it does not exist yet. On uninstall, the namespace will not be garbage collected. + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the Helm install action. + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation prevents the Helm install action from validating rendered templates against the Kubernetes OpenAPI Schema. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to be ready after a Helm install has been performed. + type: boolean + remediation: + description: Remediation holds the remediation configuration for when the Helm install action for the HelmRelease fails. The default is to not perform any action. + properties: + ignoreTestFailures: + description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an install action but fail. Defaults to 'Test.IgnoreFailures'. + type: boolean + remediateLastFailure: + description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false'. + type: boolean + retries: + description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using an uninstall, is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries. + type: integer + type: object + replace: + description: Replace tells the Helm install action to re-use the 'ReleaseName', but only if that name is a deleted release which remains in the history. + type: boolean + skipCRDs: + description: "SkipCRDs tells the Helm install action to not install any CRDs. By default, CRDs are installed if not already present. \n Deprecated use CRD policy (`crds`) attribute with value `Skip` instead." + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + interval: + description: Interval at which to reconcile the Helm release. + type: string + kubeConfig: + description: KubeConfig for reconciling the HelmRelease on a remote cluster. When specified, KubeConfig takes precedence over ServiceAccountName. + properties: + secretRef: + description: SecretRef holds the name to a secret that contains a 'value' key with the kubeconfig file as the value. It must be in the same namespace as the HelmRelease. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling the HelmRelease. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + type: object + maxHistory: + description: MaxHistory is the number of revisions saved by Helm for this HelmRelease. Use '0' for an unlimited number of revisions; defaults to '10'. + type: integer + postRenderers: + description: PostRenderers holds an array of Helm PostRenderers, which will be applied in order of their definition. + items: + description: PostRenderer contains a Helm PostRenderer specification. + properties: + kustomize: + description: Kustomization to apply as PostRenderer. + properties: + images: + description: Images is a list of (image name, new name, new tag or digest) for changing image names, tags or digests. This can also be achieved with a patch, but this operator is simpler to specify. + items: + description: Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag. + properties: + digest: + description: Digest is the value used to replace the original image tag. If digest is present NewTag value is ignored. + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace the original name. + type: string + newTag: + description: NewTag is the value used to replace the original tag. + type: string + required: + - name + type: object + type: array + patchesJson6902: + description: JSON 6902 patches, defined as inline YAML objects. + items: + description: JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to. + properties: + patch: + description: Patch contains the JSON6902 patch document with an array of operation objects. + items: + description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4 + properties: + from: + type: string + op: + enum: + - test + - remove + - add + - replace + - move + - copy + type: string + path: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + target: + description: Target points to the resources that the patch document should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations. + type: string + group: + description: Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + - target + type: object + type: array + patchesStrategicMerge: + description: Strategic merge patches, defined as inline YAML objects. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + type: array + releaseName: + description: ReleaseName used for the Helm release. Defaults to a composition of '[TargetNamespace-]Name'. + maxLength: 53 + minLength: 1 + type: string + rollback: + description: Rollback holds the configuration for Helm rollback actions for this HelmRelease. + properties: + cleanupOnFail: + description: CleanupOnFail allows deletion of new resources created during the Helm rollback action when it fails. + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the Helm rollback action. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to be ready after a Helm rollback has been performed. + type: boolean + force: + description: Force forces resource updates through a replacement strategy. + type: boolean + recreate: + description: Recreate performs pod restarts for the resource if applicable. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + serviceAccountName: + description: The name of the Kubernetes service account to impersonate when reconciling this HelmRelease. + type: string + storageNamespace: + description: StorageNamespace used for the Helm storage. Defaults to the namespace of the HelmRelease. + maxLength: 63 + minLength: 1 + type: string + suspend: + description: Suspend tells the controller to suspend reconciliation for this HelmRelease, it does not apply to already started reconciliations. Defaults to false. + type: boolean + targetNamespace: + description: TargetNamespace to target when performing operations for the HelmRelease. Defaults to the namespace of the HelmRelease. + maxLength: 63 + minLength: 1 + type: string + test: + description: Test holds the configuration for Helm test actions for this HelmRelease. + properties: + enable: + description: Enable enables Helm test actions for this HelmRelease after an Helm install or upgrade action has been performed. + type: boolean + ignoreFailures: + description: IgnoreFailures tells the controller to skip remediation when the Helm tests are run but fail. Can be overwritten for tests run after install or upgrade actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation during the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm action. Defaults to '5m0s'. + type: string + uninstall: + description: Uninstall holds the configuration for Helm uninstall actions for this HelmRelease. + properties: + disableHooks: + description: DisableHooks prevents hooks from running during the Helm rollback action. + type: boolean + keepHistory: + description: KeepHistory tells Helm to remove all associated resources and mark the release as deleted, but retain the release history. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + upgrade: + description: Upgrade holds the configuration for Helm upgrade actions for this HelmRelease. + properties: + cleanupOnFail: + description: CleanupOnFail allows deletion of new resources created during the Helm upgrade action when it fails. + type: boolean + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory according to the CRD upgrade policy provided here. Valid values are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and if omitted CRDs are neither installed nor upgraded. \n Skip: do neither install nor replace (update) any CRDs. \n Create: new CRDs are created, existing CRDs are neither updated nor deleted. \n CreateReplace: new CRDs are created, existing CRDs are updated (replaced) but not deleted. \n By default, CRDs are not applied during Helm upgrade action. With this option users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." + enum: + - Skip + - Create + - CreateReplace + type: string + disableHooks: + description: DisableHooks prevents hooks from running during the Helm upgrade action. + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation prevents the Helm upgrade action from validating rendered templates against the Kubernetes OpenAPI Schema. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to be ready after a Helm upgrade has been performed. + type: boolean + force: + description: Force forces resource updates through a replacement strategy. + type: boolean + preserveValues: + description: PreserveValues will make Helm reuse the last release's values and merge in overrides from 'Values'. Setting this flag makes the HelmRelease non-declarative. + type: boolean + remediation: + description: Remediation holds the remediation configuration for when the Helm upgrade action for the HelmRelease fails. The default is to not perform any action. + properties: + ignoreTestFailures: + description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an upgrade action but fail. Defaults to 'Test.IgnoreFailures'. + type: boolean + remediateLastFailure: + description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false' unless 'Retries' is greater than 0. + type: boolean + retries: + description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using 'Strategy', is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries. + type: integer + strategy: + description: Strategy to use for failure remediation. Defaults to 'rollback'. + enum: + - rollback + - uninstall + type: string + type: object + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + values: + description: Values holds the values for this Helm release. + x-kubernetes-preserve-unknown-fields: true + valuesFrom: + description: ValuesFrom holds references to resources containing Helm values for this HelmRelease, and information about how they should be merged. + items: + description: ValuesReference contains a reference to a resource containing Helm values, and optionally the key they can be found at. + properties: + kind: + description: Kind of the values referent, valid values are ('Secret', 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values referent. Should reside in the same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + optional: + description: Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure. + type: boolean + targetPath: + description: TargetPath is the YAML dot notation path the value should be merged at. When set, the ValuesKey is expected to be a single flat value. Defaults to 'None', which results in the values getting merged at the root. + type: string + valuesKey: + description: ValuesKey is the data key where the values.yaml or a specific value can be found at. Defaults to 'values.yaml'. + type: string + required: + - kind + - name + type: object + type: array + required: + - chart + - interval + type: object + status: + description: HelmReleaseStatus defines the observed state of a HelmRelease. + properties: + conditions: + description: Conditions holds the conditions for the HelmRelease. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + failures: + description: Failures is the reconciliation failure count against the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + helmChart: + description: HelmChart is the namespaced name of the HelmChart resource created by the controller for the HelmRelease. + type: string + installFailures: + description: InstallFailures is the install failure count against the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + lastAppliedRevision: + description: LastAppliedRevision is the revision of the last successfully applied source. + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation attempt. + type: string + lastAttemptedValuesChecksum: + description: LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last reconciliation attempt. + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + lastReleaseRevision: + description: LastReleaseRevision is the revision of the last successful Helm release. + type: integer + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + upgradeFailures: + description: UpgradeFailures is the upgrade failure count against the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: helmrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmRepository + listKind: HelmRepositoryList + plural: helmrepositories + shortNames: + - helmrepo + singular: helmrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: HelmRepository is the Schema for the helmrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmRepositorySpec defines the reference to a Helm repository. + properties: + interval: + description: The interval at which to check the upstream for updates. + type: string + secretRef: + description: The name of the secret containing authentication credentials for the Helm repository. For HTTP/S basic auth the secret must contain username and password fields. For TLS the secret must contain a certFile and keyFile, and/or caCert fields. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation of this source. + type: boolean + timeout: + default: 60s + description: The timeout of index downloading, defaults to 60s. + type: string + url: + description: The Helm repository URL, a valid URL contains at least a protocol and host. + type: string + required: + - interval + - url + type: object + status: + description: HelmRepositoryStatus defines the observed state of the HelmRepository. + properties: + artifact: + description: Artifact represents the output of the last successful repository sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmRepository. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the last index fetched. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: kustomizations.kustomize.toolkit.fluxcd.io +spec: + group: kustomize.toolkit.fluxcd.io + names: + kind: Kustomization + listKind: KustomizationList + plural: kustomizations + shortNames: + - ks + singular: kustomization + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Kustomization is the Schema for the kustomizations API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KustomizationSpec defines the desired state of a kustomization. + properties: + decryption: + description: Decrypt Kubernetes secrets before applying them on the cluster. + properties: + provider: + description: Provider is the name of the decryption engine. + enum: + - sops + type: string + secretRef: + description: The secret name containing the private OpenPGP keys used for decryption. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + required: + - provider + type: object + dependsOn: + description: DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to Kustomization resources that must be ready before this Kustomization can be reconciled. + items: + description: CrossNamespaceDependencyReference holds the reference to a dependency. + properties: + name: + description: Name holds the name reference of a dependency. + type: string + namespace: + description: Namespace holds the namespace reference of a dependency. + type: string + required: + - name + type: object + type: array + force: + default: false + description: Force instructs the controller to recreate resources when patching fails due to an immutable field change. + type: boolean + healthChecks: + description: A list of resources to be included in the health assessment. + items: + description: NamespacedObjectKindReference contains enough information to let you locate the typed referenced object in any namespace + properties: + apiVersion: + description: API version of the referent, if not specified the Kubernetes preferred version will be used + type: string + kind: + description: Kind of the referent + type: string + name: + description: Name of the referent + type: string + namespace: + description: Namespace of the referent, when not specified it acts as LocalObjectReference + type: string + required: + - kind + - name + type: object + type: array + images: + description: Images is a list of (image name, new name, new tag or digest) for changing image names, tags or digests. This can also be achieved with a patch, but this operator is simpler to specify. + items: + description: Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag. + properties: + digest: + description: Digest is the value used to replace the original image tag. If digest is present NewTag value is ignored. + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace the original name. + type: string + newTag: + description: NewTag is the value used to replace the original tag. + type: string + required: + - name + type: object + type: array + interval: + description: The interval at which to reconcile the Kustomization. + type: string + kubeConfig: + description: The KubeConfig for reconciling the Kustomization on a remote cluster. When specified, KubeConfig takes precedence over ServiceAccountName. + properties: + secretRef: + description: SecretRef holds the name to a secret that contains a 'value' key with the kubeconfig file as the value. It must be in the same namespace as the Kustomization. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling the Kustomization. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + type: object + patchesJson6902: + description: JSON 6902 patches, defined as inline YAML objects. + items: + description: JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to. + properties: + patch: + description: Patch contains the JSON6902 patch document with an array of operation objects. + items: + description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4 + properties: + from: + type: string + op: + enum: + - test + - remove + - add + - replace + - move + - copy + type: string + path: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + target: + description: Target points to the resources that the patch document should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations. + type: string + group: + description: Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + - target + type: object + type: array + patchesStrategicMerge: + description: Strategic merge patches, defined as inline YAML objects. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + path: + description: Path to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to 'None', which translates to the root path of the SourceRef. + type: string + postBuild: + description: PostBuild describes which actions to perform on the YAML manifest generated by building the kustomize overlay. + properties: + substitute: + additionalProperties: + type: string + description: Substitute holds a map of key/value pairs. The variables defined in your YAML manifests that match any of the keys defined in the map will be substituted with the set value. Includes support for bash string replacement functions e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}. + type: object + substituteFrom: + description: SubstituteFrom holds references to ConfigMaps and Secrets containing the variables and their values to be substituted in the YAML manifests. The ConfigMap and the Secret data keys represent the var names and they must match the vars declared in the manifests for the substitution to happen. + items: + description: SubstituteReference contains a reference to a resource containing the variables name and value. + properties: + kind: + description: Kind of the values referent, valid values are ('Secret', 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values referent. Should reside in the same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + type: object + prune: + description: Prune enables garbage collection. + type: boolean + retryInterval: + description: The interval at which to retry a previously failed reconciliation. When not specified, the controller uses the KustomizationSpec.Interval value to retry failures. + type: string + serviceAccountName: + description: The name of the Kubernetes service account to impersonate when reconciling this Kustomization. + type: string + sourceRef: + description: Reference of the source where the kustomization file is. + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - GitRepository + - Bucket + type: string + name: + description: Name of the referent + type: string + namespace: + description: Namespace of the referent, defaults to the Kustomization namespace + type: string + required: + - kind + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent kustomize executions, it does not apply to already started executions. Defaults to false. + type: boolean + targetNamespace: + description: TargetNamespace sets or overrides the namespace in the kustomization.yaml file. + maxLength: 63 + minLength: 1 + type: string + timeout: + description: Timeout for validation, apply and health checking operations. Defaults to 'Interval' duration. + type: string + validation: + description: Validate the Kubernetes objects before applying them on the cluster. The validation strategy can be 'client' (local dry-run), 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true', validation will fallback to 'client' if set to 'server' because server-side validation is not supported in this scenario. + enum: + - none + - client + - server + type: string + required: + - interval + - prune + - sourceRef + type: object + status: + description: KustomizationStatus defines the observed state of a kustomization. + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastAppliedRevision: + description: The last successfully applied revision. The revision format for Git sources is /. + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation attempt. + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + snapshot: + description: The last successfully applied revision metadata. + properties: + checksum: + description: The manifests sha1 checksum. + type: string + entries: + description: A list of Kubernetes kinds grouped by namespace. + items: + description: Snapshot holds the metadata of namespaced Kubernetes objects + properties: + kinds: + additionalProperties: + type: string + description: The list of Kubernetes kinds. + type: object + namespace: + description: The namespace of this entry. + type: string + required: + - kinds + type: object + type: array + required: + - checksum + - entries + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: providers.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Provider + listKind: ProviderList + plural: providers + singular: provider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Provider is the Schema for the providers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProviderSpec defines the desired state of Provider + properties: + address: + description: HTTP/S webhook address of this provider + pattern: ^(http|https):// + type: string + certSecretRef: + description: CertSecretRef can be given the name of a secret containing a PEM-encoded CA certificate (`caFile`) + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + channel: + description: Alert channel for this provider + type: string + proxy: + description: HTTP/S address of the proxy + pattern: ^(http|https):// + type: string + secretRef: + description: Secret reference containing the provider webhook URL using "address" as data key + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + type: + description: Type of provider + enum: + - slack + - discord + - msteams + - rocket + - generic + - github + - gitlab + - bitbucket + - azuredevops + - googlechat + - webex + - sentry + type: string + username: + description: Bot username for this provider + type: string + required: + - type + type: object + status: + description: ProviderStatus defines the observed state of Provider + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: receivers.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Receiver + listKind: ReceiverList + plural: receivers + singular: receiver + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Receiver is the Schema for the receivers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ReceiverSpec defines the desired state of Receiver + properties: + events: + description: A list of events to handle, e.g. 'push' for GitHub or 'Push Hook' for GitLab. + items: + type: string + type: array + resources: + description: A list of resources to be notified about changes. + items: + description: CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + type: string + name: + description: Name of the referent + maxLength: 53 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 53 + minLength: 1 + type: string + required: + - name + type: object + type: array + secretRef: + description: Secret reference containing the token used to validate the payload authenticity + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent events handling. Defaults to false. + type: boolean + type: + description: Type of webhook sender, used to determine the validation procedure and payload deserialization. + enum: + - generic + - generic-hmac + - github + - gitlab + - bitbucket + - harbor + - dockerhub + - quay + - gcr + - nexus + - acr + type: string + required: + - resources + - type + type: object + status: + description: ReceiverStatus defines the observed state of Receiver + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: helm-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: kustomize-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: notification-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: source-controller + namespace: flux-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: crd-controller-flux-system +rules: +- apiGroups: + - source.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - kustomize.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - helm.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - notification.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - image.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - configmaps + - configmaps/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: cluster-reconciler-flux-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: kustomize-controller + namespace: flux-system +- kind: ServiceAccount + name: helm-controller + namespace: flux-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: crd-controller-flux-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: crd-controller-flux-system +subjects: +- kind: ServiceAccount + name: kustomize-controller + namespace: flux-system +- kind: ServiceAccount + name: helm-controller + namespace: flux-system +- kind: ServiceAccount + name: source-controller + namespace: flux-system +- kind: ServiceAccount + name: notification-controller + namespace: flux-system +- kind: ServiceAccount + name: image-reflector-controller + namespace: flux-system +- kind: ServiceAccount + name: image-automation-controller + namespace: flux-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: notification-controller + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app: notification-controller + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: source-controller + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app: source-controller + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: webhook-receiver + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http-webhook + selector: + app: notification-controller + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: helm-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: helm-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: helm-controller + spec: + containers: + - args: + - --events-addr=http://notification-controller/ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/helm-controller:v0.10.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8080 + name: http-prom + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: helm-controller + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: kustomize-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: kustomize-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: kustomize-controller + spec: + containers: + - args: + - --events-addr=http://notification-controller/ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/kustomize-controller:v0.12.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8080 + name: http-prom + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 1337 + serviceAccountName: kustomize-controller + terminationGracePeriodSeconds: 60 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: notification-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: notification-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: notification-controller + spec: + containers: + - args: + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/notification-controller:v0.13.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 9090 + name: http + - containerPort: 9292 + name: http-webhook + - containerPort: 8080 + name: http-prom + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: notification-controller + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: source-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: source-controller + strategy: + type: Recreate + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: source-controller + spec: + containers: + - args: + - --events-addr=http://notification-controller/ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + - --storage-path=/data + - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/source-controller:v0.12.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9090 + name: http + - containerPort: 8080 + name: http-prom + - containerPort: 9440 + name: healthz + readinessProbe: + httpGet: + path: / + port: http + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 50m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /data + name: data + - mountPath: /tmp + name: tmp + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 1337 + serviceAccountName: source-controller + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: data + - emptyDir: {} + name: tmp +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: allow-egress + namespace: flux-system +spec: + egress: + - {} + ingress: + - from: + - podSelector: {} + podSelector: {} + policyTypes: + - Ingress + - Egress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: allow-scraping + namespace: flux-system +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 8080 + protocol: TCP + podSelector: {} + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: allow-webhooks + namespace: flux-system +spec: + ingress: + - from: + - namespaceSelector: {} + podSelector: + matchLabels: + app: notification-controller + policyTypes: + - Ingress From 8ed7e614c739af3c3eb5e8e8188837d1b62e3873 Mon Sep 17 00:00:00 2001 From: Flux <> Date: Tue, 18 May 2021 12:43:21 +0100 Subject: [PATCH 12/46] Add Flux sync manifests --- kustomize/flux-system/gotk-sync.yaml | 27 ++++++++++++++++++++++++ kustomize/flux-system/kustomization.yaml | 5 +++++ 2 files changed, 32 insertions(+) create mode 100644 kustomize/flux-system/gotk-sync.yaml create mode 100644 kustomize/flux-system/kustomization.yaml diff --git a/kustomize/flux-system/gotk-sync.yaml b/kustomize/flux-system/gotk-sync.yaml new file mode 100644 index 0000000..3a01dc1 --- /dev/null +++ b/kustomize/flux-system/gotk-sync.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: GitRepository +metadata: + name: flux-system + namespace: flux-system +spec: + interval: 1m0s + ref: + branch: develop-andrewmccully + secretRef: + name: flux-system + url: ssh://git@github.com/mccullya/kafka-gitops +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: flux-system + namespace: flux-system +spec: + interval: 10m0s + path: ./kustomize + prune: true + sourceRef: + kind: GitRepository + name: flux-system + validation: client diff --git a/kustomize/flux-system/kustomization.yaml b/kustomize/flux-system/kustomization.yaml new file mode 100644 index 0000000..3842229 --- /dev/null +++ b/kustomize/flux-system/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- gotk-components.yaml +- gotk-sync.yaml From 6b457307a1d9d7ffdf4df3dae53c5cf767dc53d6 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 14:07:16 +0100 Subject: [PATCH 13/46] added git ignore adjusted secrets --- .gitignore | 2 + GETTINGSTARTED.md | 68 ------------------- .../confluent-operator/kustomization.yaml | 5 -- .../tools}/confluent-operator.yaml | 0 resources/c3-mds-client.yaml | 7 -- resources/connect-mds-client.yaml | 7 -- resources/ksqldb-client.yaml | 7 -- resources/mds-client.yaml | 7 -- resources/mds-token.yaml | 8 --- resources/rest-credential.yaml | 9 --- resources/sr-mds-client.yaml | 7 -- 11 files changed, 2 insertions(+), 125 deletions(-) create mode 100644 .gitignore delete mode 100644 GETTINGSTARTED.md delete mode 100644 kustomize/base/confluent-operator/kustomization.yaml rename kustomize/{base/confluent-operator => shared/tools}/confluent-operator.yaml (100%) delete mode 100644 resources/c3-mds-client.yaml delete mode 100644 resources/connect-mds-client.yaml delete mode 100644 resources/ksqldb-client.yaml delete mode 100644 resources/mds-client.yaml delete mode 100644 resources/mds-token.yaml delete mode 100644 resources/rest-credential.yaml delete mode 100644 resources/sr-mds-client.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7f257cd --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.idea +sensitive-* \ No newline at end of file diff --git a/GETTINGSTARTED.md b/GETTINGSTARTED.md deleted file mode 100644 index 8a57fb7..0000000 --- a/GETTINGSTARTED.md +++ /dev/null @@ -1,68 +0,0 @@ -### Getting Started - -#### Install secrets -To install the secrets required by RBAC/Confluent, run the script: `$./populate_secrets.sh`. This will create secrets based on the sources found in `./resources/certs` & `./resources/users` - - - -In order to access the Confluent early-access operator you must register at https://events.confluent.io/confluentoperatorearlyaccess. Once these credentials have been obtained, export them as the following environment variables: - -``` -export USER= -export APIKEY= -export EMAIL= -export GITHUB_USER= -``` - - -#### Bootstrap Flux v2 -``` -flux bootstrap github \ ---context=minikube \ ---owner=${GITHUB_USER} \ ---repository=kakfa-gitops \ ---path=clusters/dev \ ---branch=andrew \ ---personal -``` - -### Deploy secrets for Confluent Operator Early-Access Docker Regsitry - -``` -kubectl create secret -n confluent docker-registry confluent-registry \ ---docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ ---docker-username=$USER \ ---docker-password=$APIKEY \ ---docker-email=$EMAIL && \ -kubectl create secret -n flux-system generic https-credentials \ ---from-literal=username=$USER \ ---from-literal=password=$APIKEY -``` - - -To deploy the operator, ensure 'kubectl' is pointing to the correct context, and run `$ source ./install_operator.sh`. - -To verify the operator has installed successfully, run kubectl `get pods -n confluent` where you should see: - -``` -NAMESPACE NAME READY STATUS RESTARTS AGE -confluent confluent-operator-5b99cdd9d9-pcx2p 1/1 Running 0 3m44s -``` - - -#### Useful commands - -* Force Flux Reconciliation -`flux reconcile source git flux-system` - -* Decode secrets -`kubectl get secrets -n flux-system https-credentials -o json | jq '.data | map_values(@base64d)'` - -* Access Control Centre -`kubectl port-forward -n confluent controlcenter-0 9021:9021` - -Log in with: c3/c3-secret - -* Test LDAP -`kubectl exec -it -n tools ldap -- bash` -ldapsearch -LLL -x -H ldap://ldap.tools.svc.cluster.local:389 -b 'dc=test,dc=com' -D "cn=mds,dc=test,dc=com" -w 'Developer!' \ No newline at end of file diff --git a/kustomize/base/confluent-operator/kustomization.yaml b/kustomize/base/confluent-operator/kustomization.yaml deleted file mode 100644 index bcd301f..0000000 --- a/kustomize/base/confluent-operator/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - confluent-operator.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-operator/confluent-operator.yaml b/kustomize/shared/tools/confluent-operator.yaml similarity index 100% rename from kustomize/base/confluent-operator/confluent-operator.yaml rename to kustomize/shared/tools/confluent-operator.yaml diff --git a/resources/c3-mds-client.yaml b/resources/c3-mds-client.yaml deleted file mode 100644 index 3d6d429..0000000 --- a/resources/c3-mds-client.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9YzMKcGFzc3dvcmQ9YzMtc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: c3-mds-client diff --git a/resources/connect-mds-client.yaml b/resources/connect-mds-client.yaml deleted file mode 100644 index 3adbc0b..0000000 --- a/resources/connect-mds-client.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9Y29ubmVjdApwYXNzd29yZD1jb25uZWN0LXNlY3JldAo= -kind: Secret -metadata: - creationTimestamp: null - name: connect-mds-client diff --git a/resources/ksqldb-client.yaml b/resources/ksqldb-client.yaml deleted file mode 100644 index 6a053fc..0000000 --- a/resources/ksqldb-client.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9a3NxbApwYXNzd29yZD1rc3FsLXNlY3JldAo= -kind: Secret -metadata: - creationTimestamp: null - name: ksqldb-mds-client diff --git a/resources/mds-client.yaml b/resources/mds-client.yaml deleted file mode 100644 index 24de26d..0000000 --- a/resources/mds-client.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: mds-client diff --git a/resources/mds-token.yaml b/resources/mds-token.yaml deleted file mode 100644 index ae87e43..0000000 --- a/resources/mds-token.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -data: - mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t - mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== -kind: Secret -metadata: - creationTimestamp: null - name: mds-token diff --git a/resources/rest-credential.yaml b/resources/rest-credential.yaml deleted file mode 100644 index f7901ac..0000000 --- a/resources/rest-credential.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -data: - basic.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== - bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== - plain.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: rest-credential diff --git a/resources/sr-mds-client.yaml b/resources/sr-mds-client.yaml deleted file mode 100644 index fb57182..0000000 --- a/resources/sr-mds-client.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9c3IKcGFzc3dvcmQ9c3Itc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: sr-mds-client From 1daa661b633350f2eab541594ec8448a30d4f0f7 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 14:16:50 +0100 Subject: [PATCH 14/46] wip of multi-environments --- README.md | 12 +++++++++++- kustomize/base/kustomization.yaml | 1 - kustomize/shared/tools/kustomization.yaml | 3 ++- resources/sensitive_secrets.sh | 9 +++++++++ 4 files changed, 22 insertions(+), 3 deletions(-) create mode 100755 resources/sensitive_secrets.sh diff --git a/README.md b/README.md index 6aa1a8f..da77e23 100644 --- a/README.md +++ b/README.md @@ -123,6 +123,16 @@ flux bootstrap github \ --personal \ --path=clusters/production ``` + +```sh +flux bootstrap github \ + --owner=${GITHUB_USER} \ + --repository=${GITHUB_REPO} \ + --branch=main \ + --personal \ + --path=clusters/production +``` + 4. Deploy the secrets required by the application. The secrets referenced in `./resources/populate_secrets.sh` will match up to the LDAP/LDIFs located at `./infrastructure/tools/ldap.yaml` ```sh ./resources/populate_secrets.sh @@ -134,7 +144,7 @@ export USER= export APIKEY= export EMAIL= -kubectl create secret docker-registry confluent-registry -n confluent \ +kubectl create secret docker-registry confluent-registry -n dev \ --docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ --docker-username=$USER \ --docker-password=$APIKEY \ diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index 1244cba..f984546 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -2,6 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - secrets - - confluent-operator - confluent - rolebindings diff --git a/kustomize/shared/tools/kustomization.yaml b/kustomize/shared/tools/kustomization.yaml index bc93143..fe9fad1 100644 --- a/kustomize/shared/tools/kustomization.yaml +++ b/kustomize/shared/tools/kustomization.yaml @@ -4,4 +4,5 @@ namespace: tools resources: - namespace.yaml - proxy.yaml - - ldap.yaml \ No newline at end of file + - ldap.yaml + - confluent-operator.yaml \ No newline at end of file diff --git a/resources/sensitive_secrets.sh b/resources/sensitive_secrets.sh new file mode 100755 index 0000000..66b0b9c --- /dev/null +++ b/resources/sensitive_secrets.sh @@ -0,0 +1,9 @@ +kubectl create secret docker-registry confluent-registry \ + --docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ + --docker-username=$USER \ + --docker-password=$APIKEY \ + --docker-email=$EMAIL --dry-run=client --output=yaml > ./sensitive-docker-registry.yaml && \ +kubectl create secret -n flux-system generic https-credentials \ +--from-literal=username=$USER \ +--from-literal=password=$APIKEY \ +--dry-run=client --output=yaml > ./sensitive-https-credential.yaml \ No newline at end of file From fb019f7a2d59fded84002b731fe418b8265674c2 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 14:25:14 +0100 Subject: [PATCH 15/46] wip with docker secrets --- README.md | 4 ++-- .../base/confluent/confluent-operator.yaml | 16 ++++++++++++++++ kustomize/base/confluent/kustomization.yaml | 1 + .../shared/tools/confluent-operator.yaml | 19 +------------------ resources/sensitive_secrets.sh | 14 ++++++++++++-- 5 files changed, 32 insertions(+), 22 deletions(-) create mode 100644 kustomize/base/confluent/confluent-operator.yaml diff --git a/README.md b/README.md index da77e23..d2263c4 100644 --- a/README.md +++ b/README.md @@ -128,9 +128,9 @@ flux bootstrap github \ flux bootstrap github \ --owner=${GITHUB_USER} \ --repository=${GITHUB_REPO} \ - --branch=main \ + --branch=develop-andrewmccully \ --personal \ - --path=clusters/production + --path=kustomize ``` 4. Deploy the secrets required by the application. The secrets referenced in `./resources/populate_secrets.sh` will match up to the LDAP/LDIFs located at `./infrastructure/tools/ldap.yaml` diff --git a/kustomize/base/confluent/confluent-operator.yaml b/kustomize/base/confluent/confluent-operator.yaml new file mode 100644 index 0000000..204299b --- /dev/null +++ b/kustomize/base/confluent/confluent-operator.yaml @@ -0,0 +1,16 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: confluent +spec: + interval: 1m + chart: + spec: + chart: confluent-for-kubernetes + sourceRef: + kind: HelmRepository + name: confluent-private + namespace: flux-system + values: + image: + registry: confluent-docker-internal-early-access-operator-2.jfrog.io \ No newline at end of file diff --git a/kustomize/base/confluent/kustomization.yaml b/kustomize/base/confluent/kustomization.yaml index 58aea4c..5d88fdc 100644 --- a/kustomize/base/confluent/kustomization.yaml +++ b/kustomize/base/confluent/kustomization.yaml @@ -1,6 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - confluent-operator.yaml - certificates.yaml - zookeeper.yaml - kafka.yaml diff --git a/kustomize/shared/tools/confluent-operator.yaml b/kustomize/shared/tools/confluent-operator.yaml index e87a398..2ffeb32 100644 --- a/kustomize/shared/tools/confluent-operator.yaml +++ b/kustomize/shared/tools/confluent-operator.yaml @@ -1,25 +1,8 @@ ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: confluent -spec: - interval: 1m - chart: - spec: - chart: confluent-for-kubernetes - sourceRef: - kind: HelmRepository - name: confluent-private - namespace: flux-system - values: - image: - registry: confluent-docker-internal-early-access-operator-2.jfrog.io ---- apiVersion: source.toolkit.fluxcd.io/v1beta1 kind: HelmRepository metadata: name: confluent-private + namespace: flux-system spec: url: https://confluent.jfrog.io/confluent/helm-early-access-operator-2 secretRef: diff --git a/resources/sensitive_secrets.sh b/resources/sensitive_secrets.sh index 66b0b9c..edf7814 100755 --- a/resources/sensitive_secrets.sh +++ b/resources/sensitive_secrets.sh @@ -1,8 +1,18 @@ -kubectl create secret docker-registry confluent-registry \ +kubectl create secret docker-registry confluent-registry -n dev \ --docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ --docker-username=$USER \ --docker-password=$APIKEY \ - --docker-email=$EMAIL --dry-run=client --output=yaml > ./sensitive-docker-registry.yaml && \ + --docker-email=$EMAIL --dry-run=client --output=yaml > ./sensitive-docker-registry-dev.yaml && \ +kubectl create secret docker-registry confluent-registry -n staging \ + --docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ + --docker-username=$USER \ + --docker-password=$APIKEY \ + --docker-email=$EMAIL --dry-run=client --output=yaml > ./sensitive-docker-registry-staging.yaml && \ +kubectl create secret docker-registry confluent-registry -n staging \ + --docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ + --docker-username=$USER \ + --docker-password=$APIKEY \ + --docker-email=$EMAIL --dry-run=client --output=yaml > ./sensitive-docker-registry-production.yaml && \ kubectl create secret -n flux-system generic https-credentials \ --from-literal=username=$USER \ --from-literal=password=$APIKEY \ From d3ba3b8f06abf0e998e04912b43c5339d334e233 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 14:28:32 +0100 Subject: [PATCH 16/46] correcting order of kustomize --- kustomize/kustomization.yaml | 2 +- resources/sensitive_secrets.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml index 6d22db6..0e78dab 100644 --- a/kustomize/kustomization.yaml +++ b/kustomize/kustomization.yaml @@ -1,4 +1,4 @@ resources: - - environments - shared + - environments namePrefix: cluster-a- diff --git a/resources/sensitive_secrets.sh b/resources/sensitive_secrets.sh index edf7814..b804338 100755 --- a/resources/sensitive_secrets.sh +++ b/resources/sensitive_secrets.sh @@ -8,7 +8,7 @@ kubectl create secret docker-registry confluent-registry -n staging \ --docker-username=$USER \ --docker-password=$APIKEY \ --docker-email=$EMAIL --dry-run=client --output=yaml > ./sensitive-docker-registry-staging.yaml && \ -kubectl create secret docker-registry confluent-registry -n staging \ +kubectl create secret docker-registry confluent-registry -n production \ --docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ --docker-username=$USER \ --docker-password=$APIKEY \ From 91effdbfe17954a2183742ffac15549cf5e90a07 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 14:38:04 +0100 Subject: [PATCH 17/46] wip --- kustomize/environments/dev/kustomization.yaml | 1 + kustomize/environments/production/kustomization.yaml | 1 + kustomize/environments/staging/kustomization.yaml | 1 + kustomize/{base/confluent => operator}/confluent-operator.yaml | 0 resources/sensitive_secrets.sh | 3 +++ 5 files changed, 6 insertions(+) rename kustomize/{base/confluent => operator}/confluent-operator.yaml (100%) diff --git a/kustomize/environments/dev/kustomization.yaml b/kustomize/environments/dev/kustomization.yaml index 445fe96..1056cb7 100644 --- a/kustomize/environments/dev/kustomization.yaml +++ b/kustomize/environments/dev/kustomization.yaml @@ -1,5 +1,6 @@ resources: - namespace.yaml +- ../../operator - ../../base namePrefix: dev- namespace: dev diff --git a/kustomize/environments/production/kustomization.yaml b/kustomize/environments/production/kustomization.yaml index 177fa1d..38dd285 100644 --- a/kustomize/environments/production/kustomization.yaml +++ b/kustomize/environments/production/kustomization.yaml @@ -1,5 +1,6 @@ resources: - namespace.yaml +- ../../operator - ../../base namePrefix: prod- namespace: production diff --git a/kustomize/environments/staging/kustomization.yaml b/kustomize/environments/staging/kustomization.yaml index 58fd280..fd4ea4a 100644 --- a/kustomize/environments/staging/kustomization.yaml +++ b/kustomize/environments/staging/kustomization.yaml @@ -1,5 +1,6 @@ resources: - namespace.yaml +- ../../operator - ../../base namePrefix: staging- namespace: staging diff --git a/kustomize/base/confluent/confluent-operator.yaml b/kustomize/operator/confluent-operator.yaml similarity index 100% rename from kustomize/base/confluent/confluent-operator.yaml rename to kustomize/operator/confluent-operator.yaml diff --git a/resources/sensitive_secrets.sh b/resources/sensitive_secrets.sh index b804338..d89a230 100755 --- a/resources/sensitive_secrets.sh +++ b/resources/sensitive_secrets.sh @@ -1,3 +1,6 @@ +kubectl create namespace dev --dry-run=client --output=yaml > ./ns-dev.yaml +kubectl create namespace staging --dry-run=client --output=yaml > ./ns-staging.yaml +kubectl create namespace production --dry-run=client --output=yaml > ./ns-production.yaml kubectl create secret docker-registry confluent-registry -n dev \ --docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ --docker-username=$USER \ From 8da894e21bba3b38407c482fb386ad67f9358033 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 14:43:14 +0100 Subject: [PATCH 18/46] wip --- kustomize/operator/kustomization.yaml | 4 ++++ resources/ns-dev.yaml | 7 +++++++ resources/ns-flux-system.yaml | 7 +++++++ resources/ns-production.yaml | 7 +++++++ resources/ns-staging.yaml | 7 +++++++ resources/sensitive_secrets.sh | 1 + 6 files changed, 33 insertions(+) create mode 100644 kustomize/operator/kustomization.yaml create mode 100644 resources/ns-dev.yaml create mode 100644 resources/ns-flux-system.yaml create mode 100644 resources/ns-production.yaml create mode 100644 resources/ns-staging.yaml diff --git a/kustomize/operator/kustomization.yaml b/kustomize/operator/kustomization.yaml new file mode 100644 index 0000000..fb399a4 --- /dev/null +++ b/kustomize/operator/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - confluent-operator.yaml \ No newline at end of file diff --git a/resources/ns-dev.yaml b/resources/ns-dev.yaml new file mode 100644 index 0000000..16f39ef --- /dev/null +++ b/resources/ns-dev.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + creationTimestamp: null + name: dev +spec: {} +status: {} diff --git a/resources/ns-flux-system.yaml b/resources/ns-flux-system.yaml new file mode 100644 index 0000000..9c1343b --- /dev/null +++ b/resources/ns-flux-system.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + creationTimestamp: null + name: flux-system +spec: {} +status: {} diff --git a/resources/ns-production.yaml b/resources/ns-production.yaml new file mode 100644 index 0000000..22979d3 --- /dev/null +++ b/resources/ns-production.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + creationTimestamp: null + name: production +spec: {} +status: {} diff --git a/resources/ns-staging.yaml b/resources/ns-staging.yaml new file mode 100644 index 0000000..1bb3436 --- /dev/null +++ b/resources/ns-staging.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + creationTimestamp: null + name: staging +spec: {} +status: {} diff --git a/resources/sensitive_secrets.sh b/resources/sensitive_secrets.sh index d89a230..72149ec 100755 --- a/resources/sensitive_secrets.sh +++ b/resources/sensitive_secrets.sh @@ -1,6 +1,7 @@ kubectl create namespace dev --dry-run=client --output=yaml > ./ns-dev.yaml kubectl create namespace staging --dry-run=client --output=yaml > ./ns-staging.yaml kubectl create namespace production --dry-run=client --output=yaml > ./ns-production.yaml +kubectl create namespace flux-system --dry-run=client --output=yaml > ./ns-flux-system.yaml kubectl create secret docker-registry confluent-registry -n dev \ --docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ --docker-username=$USER \ From 991f1316cb5d5ba592f1911dc8138419dffb98d5 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 14:48:09 +0100 Subject: [PATCH 19/46] debug --- resources/sensitive_secrets.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/resources/sensitive_secrets.sh b/resources/sensitive_secrets.sh index 72149ec..3d745ab 100755 --- a/resources/sensitive_secrets.sh +++ b/resources/sensitive_secrets.sh @@ -1,3 +1,4 @@ +#!/bin/bash kubectl create namespace dev --dry-run=client --output=yaml > ./ns-dev.yaml kubectl create namespace staging --dry-run=client --output=yaml > ./ns-staging.yaml kubectl create namespace production --dry-run=client --output=yaml > ./ns-production.yaml @@ -20,4 +21,5 @@ kubectl create secret docker-registry confluent-registry -n production \ kubectl create secret -n flux-system generic https-credentials \ --from-literal=username=$USER \ --from-literal=password=$APIKEY \ ---dry-run=client --output=yaml > ./sensitive-https-credential.yaml \ No newline at end of file +--dry-run=client --output=yaml > ./sensitive-https-credential.yaml +kubectl apply -f . \ No newline at end of file From a651d5f05f29803d9785441da598e0fa273327b8 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 14:52:00 +0100 Subject: [PATCH 20/46] bad file reference --- kustomize/base/confluent/kustomization.yaml | 1 - ...fluent-operator.yaml => confluent-operator-credentials.yaml} | 0 kustomize/shared/tools/kustomization.yaml | 2 +- 3 files changed, 1 insertion(+), 2 deletions(-) rename kustomize/shared/tools/{confluent-operator.yaml => confluent-operator-credentials.yaml} (100%) diff --git a/kustomize/base/confluent/kustomization.yaml b/kustomize/base/confluent/kustomization.yaml index 5d88fdc..58aea4c 100644 --- a/kustomize/base/confluent/kustomization.yaml +++ b/kustomize/base/confluent/kustomization.yaml @@ -1,7 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - confluent-operator.yaml - certificates.yaml - zookeeper.yaml - kafka.yaml diff --git a/kustomize/shared/tools/confluent-operator.yaml b/kustomize/shared/tools/confluent-operator-credentials.yaml similarity index 100% rename from kustomize/shared/tools/confluent-operator.yaml rename to kustomize/shared/tools/confluent-operator-credentials.yaml diff --git a/kustomize/shared/tools/kustomization.yaml b/kustomize/shared/tools/kustomization.yaml index fe9fad1..6cff2a3 100644 --- a/kustomize/shared/tools/kustomization.yaml +++ b/kustomize/shared/tools/kustomization.yaml @@ -5,4 +5,4 @@ resources: - namespace.yaml - proxy.yaml - ldap.yaml - - confluent-operator.yaml \ No newline at end of file + - confluent-operator-credentials.yaml \ No newline at end of file From d498653b8cc57d1ce599bef9b19cfe905a815dcb Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 14:55:51 +0100 Subject: [PATCH 21/46] debug --- kustomize/environments/dev/kustomization.yaml | 1 - .../environments/production/kustomization.yaml | 1 - .../environments/staging/kustomization.yaml | 1 - kustomize/operator/kustomization.yaml | 4 ---- .../tools/confluent-operator-dev.yaml} | 1 + .../tools/confluent-operator-production.yaml | 17 +++++++++++++++++ .../tools/confluent-operator-staging.yaml | 17 +++++++++++++++++ kustomize/shared/tools/kustomization.yaml | 5 ++++- 8 files changed, 39 insertions(+), 8 deletions(-) delete mode 100644 kustomize/operator/kustomization.yaml rename kustomize/{operator/confluent-operator.yaml => shared/tools/confluent-operator-dev.yaml} (95%) create mode 100644 kustomize/shared/tools/confluent-operator-production.yaml create mode 100644 kustomize/shared/tools/confluent-operator-staging.yaml diff --git a/kustomize/environments/dev/kustomization.yaml b/kustomize/environments/dev/kustomization.yaml index 1056cb7..445fe96 100644 --- a/kustomize/environments/dev/kustomization.yaml +++ b/kustomize/environments/dev/kustomization.yaml @@ -1,6 +1,5 @@ resources: - namespace.yaml -- ../../operator - ../../base namePrefix: dev- namespace: dev diff --git a/kustomize/environments/production/kustomization.yaml b/kustomize/environments/production/kustomization.yaml index 38dd285..177fa1d 100644 --- a/kustomize/environments/production/kustomization.yaml +++ b/kustomize/environments/production/kustomization.yaml @@ -1,6 +1,5 @@ resources: - namespace.yaml -- ../../operator - ../../base namePrefix: prod- namespace: production diff --git a/kustomize/environments/staging/kustomization.yaml b/kustomize/environments/staging/kustomization.yaml index fd4ea4a..58fd280 100644 --- a/kustomize/environments/staging/kustomization.yaml +++ b/kustomize/environments/staging/kustomization.yaml @@ -1,6 +1,5 @@ resources: - namespace.yaml -- ../../operator - ../../base namePrefix: staging- namespace: staging diff --git a/kustomize/operator/kustomization.yaml b/kustomize/operator/kustomization.yaml deleted file mode 100644 index fb399a4..0000000 --- a/kustomize/operator/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - confluent-operator.yaml \ No newline at end of file diff --git a/kustomize/operator/confluent-operator.yaml b/kustomize/shared/tools/confluent-operator-dev.yaml similarity index 95% rename from kustomize/operator/confluent-operator.yaml rename to kustomize/shared/tools/confluent-operator-dev.yaml index 204299b..76b31ec 100644 --- a/kustomize/operator/confluent-operator.yaml +++ b/kustomize/shared/tools/confluent-operator-dev.yaml @@ -2,6 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: confluent + namespace: dev spec: interval: 1m chart: diff --git a/kustomize/shared/tools/confluent-operator-production.yaml b/kustomize/shared/tools/confluent-operator-production.yaml new file mode 100644 index 0000000..76b31ec --- /dev/null +++ b/kustomize/shared/tools/confluent-operator-production.yaml @@ -0,0 +1,17 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: confluent + namespace: dev +spec: + interval: 1m + chart: + spec: + chart: confluent-for-kubernetes + sourceRef: + kind: HelmRepository + name: confluent-private + namespace: flux-system + values: + image: + registry: confluent-docker-internal-early-access-operator-2.jfrog.io \ No newline at end of file diff --git a/kustomize/shared/tools/confluent-operator-staging.yaml b/kustomize/shared/tools/confluent-operator-staging.yaml new file mode 100644 index 0000000..76b31ec --- /dev/null +++ b/kustomize/shared/tools/confluent-operator-staging.yaml @@ -0,0 +1,17 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: confluent + namespace: dev +spec: + interval: 1m + chart: + spec: + chart: confluent-for-kubernetes + sourceRef: + kind: HelmRepository + name: confluent-private + namespace: flux-system + values: + image: + registry: confluent-docker-internal-early-access-operator-2.jfrog.io \ No newline at end of file diff --git a/kustomize/shared/tools/kustomization.yaml b/kustomize/shared/tools/kustomization.yaml index 6cff2a3..9e9ecd3 100644 --- a/kustomize/shared/tools/kustomization.yaml +++ b/kustomize/shared/tools/kustomization.yaml @@ -5,4 +5,7 @@ resources: - namespace.yaml - proxy.yaml - ldap.yaml - - confluent-operator-credentials.yaml \ No newline at end of file + - confluent-operator-credentials.yaml + - confluent-operator-dev.yaml + - confluent-operator-staging.yaml + - confluent-operator-production.yaml \ No newline at end of file From 3f8122fdbb6886b3aa70c5f30c5c824fc3ddd743 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 14:56:49 +0100 Subject: [PATCH 22/46] debug --- kustomize/shared/tools/confluent-operator-production.yaml | 2 +- kustomize/shared/tools/confluent-operator-staging.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kustomize/shared/tools/confluent-operator-production.yaml b/kustomize/shared/tools/confluent-operator-production.yaml index 76b31ec..6528066 100644 --- a/kustomize/shared/tools/confluent-operator-production.yaml +++ b/kustomize/shared/tools/confluent-operator-production.yaml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: confluent - namespace: dev + namespace: production spec: interval: 1m chart: diff --git a/kustomize/shared/tools/confluent-operator-staging.yaml b/kustomize/shared/tools/confluent-operator-staging.yaml index 76b31ec..a26230c 100644 --- a/kustomize/shared/tools/confluent-operator-staging.yaml +++ b/kustomize/shared/tools/confluent-operator-staging.yaml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: confluent - namespace: dev + namespace: staging spec: interval: 1m chart: From 5d69fb7f2692fb4ce317bc590a09c7f46030d90e Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 15:02:37 +0100 Subject: [PATCH 23/46] debug --- ...aml => confluent-operator-helm-release.yaml} | 0 .../tools/confluent-operator-production.yaml | 17 ----------------- .../tools/confluent-operator-staging.yaml | 17 ----------------- 3 files changed, 34 deletions(-) rename kustomize/shared/tools/{confluent-operator-dev.yaml => confluent-operator-helm-release.yaml} (100%) delete mode 100644 kustomize/shared/tools/confluent-operator-production.yaml delete mode 100644 kustomize/shared/tools/confluent-operator-staging.yaml diff --git a/kustomize/shared/tools/confluent-operator-dev.yaml b/kustomize/shared/tools/confluent-operator-helm-release.yaml similarity index 100% rename from kustomize/shared/tools/confluent-operator-dev.yaml rename to kustomize/shared/tools/confluent-operator-helm-release.yaml diff --git a/kustomize/shared/tools/confluent-operator-production.yaml b/kustomize/shared/tools/confluent-operator-production.yaml deleted file mode 100644 index 6528066..0000000 --- a/kustomize/shared/tools/confluent-operator-production.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: confluent - namespace: production -spec: - interval: 1m - chart: - spec: - chart: confluent-for-kubernetes - sourceRef: - kind: HelmRepository - name: confluent-private - namespace: flux-system - values: - image: - registry: confluent-docker-internal-early-access-operator-2.jfrog.io \ No newline at end of file diff --git a/kustomize/shared/tools/confluent-operator-staging.yaml b/kustomize/shared/tools/confluent-operator-staging.yaml deleted file mode 100644 index a26230c..0000000 --- a/kustomize/shared/tools/confluent-operator-staging.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: confluent - namespace: staging -spec: - interval: 1m - chart: - spec: - chart: confluent-for-kubernetes - sourceRef: - kind: HelmRepository - name: confluent-private - namespace: flux-system - values: - image: - registry: confluent-docker-internal-early-access-operator-2.jfrog.io \ No newline at end of file From ce9900aceaebfaa8bedaa573f4b63b46f3385de9 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 15:05:54 +0100 Subject: [PATCH 24/46] updated --- kustomize/shared/tools/kustomization.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/kustomize/shared/tools/kustomization.yaml b/kustomize/shared/tools/kustomization.yaml index 9e9ecd3..77254c3 100644 --- a/kustomize/shared/tools/kustomization.yaml +++ b/kustomize/shared/tools/kustomization.yaml @@ -6,6 +6,4 @@ resources: - proxy.yaml - ldap.yaml - confluent-operator-credentials.yaml - - confluent-operator-dev.yaml - - confluent-operator-staging.yaml - - confluent-operator-production.yaml \ No newline at end of file + - confluent-operator-helm-release.yaml \ No newline at end of file From efe86570cc5ff4c10d6e38d075513b932b753a4f Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 15:09:56 +0100 Subject: [PATCH 25/46] changing operator --- kustomize/shared/tools/confluent-operator-helm-release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kustomize/shared/tools/confluent-operator-helm-release.yaml b/kustomize/shared/tools/confluent-operator-helm-release.yaml index 76b31ec..a26230c 100644 --- a/kustomize/shared/tools/confluent-operator-helm-release.yaml +++ b/kustomize/shared/tools/confluent-operator-helm-release.yaml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: confluent - namespace: dev + namespace: staging spec: interval: 1m chart: From d8fd53ae80251d813480ebbc5216cb2c34755822 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 15:17:53 +0100 Subject: [PATCH 26/46] adding CRDs direct to repo --- kustomize/base/crds/kustomization.yaml | 13 + ...rm.confluent.io_confluentrolebindings.yaml | 249 + .../crds/platform.confluent.io_connects.yaml | 3103 ++++++++++ .../platform.confluent.io_controlcenters.yaml | 3032 ++++++++++ ...latform.confluent.io_kafkarestclasses.yaml | 361 ++ .../crds/platform.confluent.io_kafkas.yaml | 4981 +++++++++++++++++ .../platform.confluent.io_kafkatopics.yaml | 287 + .../crds/platform.confluent.io_ksqldbs.yaml | 2719 +++++++++ .../platform.confluent.io_migrationjobs.yaml | 669 +++ ...latform.confluent.io_schemaregistries.yaml | 2333 ++++++++ .../platform.confluent.io_zookeepers.yaml | 1551 +++++ kustomize/base/kustomization.yaml | 1 + 12 files changed, 19299 insertions(+) create mode 100644 kustomize/base/crds/kustomization.yaml create mode 100644 kustomize/base/crds/platform.confluent.io_confluentrolebindings.yaml create mode 100644 kustomize/base/crds/platform.confluent.io_connects.yaml create mode 100644 kustomize/base/crds/platform.confluent.io_controlcenters.yaml create mode 100644 kustomize/base/crds/platform.confluent.io_kafkarestclasses.yaml create mode 100644 kustomize/base/crds/platform.confluent.io_kafkas.yaml create mode 100644 kustomize/base/crds/platform.confluent.io_kafkatopics.yaml create mode 100644 kustomize/base/crds/platform.confluent.io_ksqldbs.yaml create mode 100644 kustomize/base/crds/platform.confluent.io_migrationjobs.yaml create mode 100644 kustomize/base/crds/platform.confluent.io_schemaregistries.yaml create mode 100644 kustomize/base/crds/platform.confluent.io_zookeepers.yaml diff --git a/kustomize/base/crds/kustomization.yaml b/kustomize/base/crds/kustomization.yaml new file mode 100644 index 0000000..2ad3673 --- /dev/null +++ b/kustomize/base/crds/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - platform.confluent.io_confluentrolebindings.yaml + - platform.confluent.io_connects.yaml + - platform.confluent.io_controlcenters.yaml + - platform.confluent.io_kafkarestclasses.yaml + - platform.confluent.io_kafkas.yaml + - platform.confluent.io_kafkatopics.yaml + - platform.confluent.io_ksqldbs.yaml + - platform.confluent.io_migrationjobs.yaml + - platform.confluent.io_schemaregistries.yaml + - platform.confluent.io_zookeepers.yaml diff --git a/kustomize/base/crds/platform.confluent.io_confluentrolebindings.yaml b/kustomize/base/crds/platform.confluent.io_confluentrolebindings.yaml new file mode 100644 index 0000000..6ccc8de --- /dev/null +++ b/kustomize/base/crds/platform.confluent.io_confluentrolebindings.yaml @@ -0,0 +1,249 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: confluentrolebindings.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .status.kafkaClusterId + name: KafkaClusterId + type: string + - JSONPath: .status.principal + name: Principal + type: string + - JSONPath: .status.role + name: Role + type: string + - JSONPath: .status.kafkaRestClass + name: KafkaRestClass + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.clusterRegistryName + name: ClusterRegistryName + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ConfluentRolebinding + listKind: ConfluentRolebindingList + plural: confluentrolebindings + shortNames: + - cfrb + - confluentrolebinding + singular: confluentrolebinding + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ConfluentRolebinding is the Schema for the confluentrolebinding + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfluentRolebindingSpec defines the desired state of rolebinding + for cp component when rbac is enabled + properties: + clustersScopeByIds: + description: ClusterScope defines the scope of clustersId + properties: + connectClusterId: + minLength: 1 + type: string + kafkaClusterId: + minLength: 1 + type: string + ksqlClusterId: + minLength: 1 + type: string + schemaRegistryClusterId: + minLength: 1 + type: string + type: object + clustersScopeByRegistryName: + description: ClusterRegistryName defines the unique cluster name customer + registered in cluster registry + minLength: 1 + type: string + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + principal: + description: Principal defines the confluent rolebinding principal name + and the binding details. + properties: + name: + description: Name defines the name of the principal(user/group) + minLength: 1 + type: string + type: + enum: + - user + - group + type: string + required: + - name + - type + type: object + resourcePatterns: + description: ResourcePatterns define the qualified resources associated + with this rolebinding + items: + description: ResourcePattern define the qualified resource info associated + with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + description: Role defines the name of the Role + minLength: 1 + type: string + required: + - principal + - role + type: object + status: + description: ConfluentRolebindingStatus defines the observed state of ConfluentRolebinding + properties: + clusterRegistryName: + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaClusterId: + type: string + kafkaRestClass: + type: string + mdsEndpoint: + type: string + principal: + type: string + resourcePatterns: + items: + description: ResourcePattern define the qualified resource info associated + with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + type: string + state: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/crds/platform.confluent.io_connects.yaml b/kustomize/base/crds/platform.confluent.io_connects.yaml new file mode 100644 index 0000000..b94a2ea --- /dev/null +++ b/kustomize/base/crds/platform.confluent.io_connects.yaml @@ -0,0 +1,3103 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: connects.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Connect + listKind: ConnectList + plural: connects + shortNames: + - connect + singular: connect + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Connect is the Schema for the Connects API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConnectSpec defines the desired state of Connect + properties: + authentication: + description: Rest server security fields + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + connectorOverridePolicy: + description: ConnectorOverridePolicy allows policy to permit per-connector + override configuration for producer/consumer/admin prefix. More information + can be found here, https://docs.confluent.io/platform/current/connect/security.html#separate-principals + enum: + - All + - Principal + type: string + dependencies: + description: ConnectDependencies holds dependencies a connect requires + or can enable + properties: + admin: + description: configure admin client If bootstrapEndpoint is not + configured, the security is configured based on the kafka dependencies + configuration. Configure if different bootstrapEndpoint is required + for admin client + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + consumer: + description: Consumer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for sink connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if different + bootstrapEndpoint is required for consumer + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + interceptor: + description: configure confluent monitoring interceptor + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: Connect dependency for connecting to kafka. Uses discovery + if that specified + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: Mds configurations for when RBAC is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + producer: + description: Producer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for source connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if different + bootstrapEndpoint/security is required for producer + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + schemaRegistry: + description: configure connect dependency for schemaregistry + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + enableSchemas: + description: EnableSchemas defines whether to enable scheme or not + type: boolean + externalAccess: + description: CPExternalAccess holds all external access policies for + non-kafka components + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: ' InternalTopicReplicationFactor defines internal topic + replication factor If not configured, it will be configured as 3' + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + keyConverterType: + description: KeyConverter defines the supported converters package for + CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage class used for creating pvc's of created connect + pods + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS allows configuring CP Component's server configuration + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + valueConverterType: + description: ValueConverter defines the supported converters package + for CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + required: + - image + - replicas + type: object + status: + description: ConnectStatus defines the observed state of Connect + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/crds/platform.confluent.io_controlcenters.yaml b/kustomize/base/crds/platform.confluent.io_controlcenters.yaml new file mode 100644 index 0000000..b2c2a1d --- /dev/null +++ b/kustomize/base/crds/platform.confluent.io_controlcenters.yaml @@ -0,0 +1,3032 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: controlcenters.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ControlCenter + listKind: ControlCenterList + plural: controlcenters + shortNames: + - controlcenter + - c3 + singular: controlcenter + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: ControlCenter is the Schema for the controlcenter API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControlCenterSpec defines the desired state of ControlCenter + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + ldap: + description: C3LdapAuthentication defines ldap authentication + properties: + property: + additionalProperties: + type: string + description: Property defines all the properties for LDAP configuration + Make sure to use secret object to pass username/password + type: object + restrictedRoles: + description: RestrictedRoles defines restricted access roles + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. + items: + type: string + minItems: 1 + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - ldap + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data size for PV + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + connect: + description: Connect defines connect worker dependencies configuration + items: + description: ControlCenterConnectDependency + properties: + authentication: + description: Authentication defines the authentication for + the connect cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for connect cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + ksqldb: + description: KsqlDB defines ksqldb dependencies configuration + items: + description: ControlCenterKSQLDependency + properties: + advertisedUrl: + description: AdvertisedURL defines the advertised url to use + in browser. + minLength: 1 + pattern: ^https?://.* + type: string + authentication: + description: Authentication defines the authentication for + the ksqldb cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for ksqldb cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistry defines schema registry dependencies + configuration + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + clusters: + items: + description: ControlCenterMultiSchemaRegistryDependency + properties: + authentication: + description: Authentication defines the authentication + for the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to + pass basic credential through directory path + in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted + roles on the server side only. Changes will + be only reflected in ControlCenter (C3). This + configuration is ignored on the client side + configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration + is ignored on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication + scheme for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side + TLS setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + id: + description: ControlCenterID identifier used as a prefix so that multiple + instances of Control Center can co-exist. + format: int32 + type: integer + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + mail: + description: ControlCenterSMTPServer, these settings control the SMTP + server and account used when an alerts triggers the email action. + properties: + authentication: + description: Authentication SMTP supports basic authentication support + only For other types of authentication use config overrides capability. + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for + Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + checkServerIdentity: + description: CheckServerIdentity forces validation of server’s certificate + when using STARTTLS or SSL. + type: boolean + hostname: + description: Hostname of outgoing SMTP server + minLength: 1 + type: string + mailBounceAddress: + description: MailBounceAddress override for MailFrom config to send + message + minLength: 1 + type: string + mailFrom: + description: MailFrom the originating address for emails sent from + Control Center. + minLength: 1 + type: string + port: + description: Port SMTP port open on for hostname + format: int32 + type: integer + startTLSRequired: + description: StartTLSRequired forces using STARTTLS. + type: boolean + required: + - hostname + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + monitoringKafkaClusters: + description: MonitoringKafkaClusters defines configuring monitoring + clusters + items: + description: MonitoringKafkaClusters kafka cluster configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS setting + for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + type: object + type: array + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + name: + description: ControlCenterName name of the cluster + type: string + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines user provided storage class reference + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: ControlCenterStatus defines the observed state of ControlCenter + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + controlCenterName: + type: string + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + id: + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + required: + - id + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/crds/platform.confluent.io_kafkarestclasses.yaml b/kustomize/base/crds/platform.confluent.io_kafkarestclasses.yaml new file mode 100644 index 0000000..2158aca --- /dev/null +++ b/kustomize/base/crds/platform.confluent.io_kafkarestclasses.yaml @@ -0,0 +1,361 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkarestclasses.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaRestClass + listKind: KafkaRestClassList + plural: kafkarestclasses + shortNames: + - krc + - kafkarestclass + singular: kafkarestclass + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KafkaRestClass is the Schema for the kafkarestclasses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaRestClassSpec defines the desired state of KafkaRestClass + properties: + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestApiInfo defines Kafka Rest API configuration + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: BearerAuthentication used by MDS clients + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + secondaryKafkaClusterRef: + description: SecondaryKafkaClusterRef defines the name of the secondary + kafka cluster when using centralized RBAC + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + secondaryKafkaRest: + description: SeconaryKafkaRestApiInfo defines secondary Kafka Rest API + configuration when using centralized RBAC + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: BearerAuthentication used by MDS clients + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + status: + description: KafkaRestClassStatus defines the observed state of KafkaRestClass + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + endpoint: + description: Endpoint defines the kafkarest/mds endpoint + type: string + kafkaClusterId: + description: KafkaClusterId defines the cluster id of kafka cluster + If using centralized RBAC and kafkarestclass is for secondary kafka + cluster, it will be clusterId of secondary kafka cluster + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/crds/platform.confluent.io_kafkas.yaml b/kustomize/base/crds/platform.confluent.io_kafkas.yaml new file mode 100644 index 0000000..00cfcb9 --- /dev/null +++ b/kustomize/base/crds/platform.confluent.io_kafkas.yaml @@ -0,0 +1,4981 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkas.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.zookeeperConnect + name: Zookeeper + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Kafka + listKind: KafkaList + plural: kafkas + shortNames: + - kafka + - broker + singular: kafka + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Kafka is the Schema for the kafkas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authorization: + description: Authorization defines authorization support + properties: + superUsers: + description: SuperUsers defines list of supers user to give admin + privilege on the Kafka Cluster This list takes the format as User: + items: + type: string + type: array + type: + enum: + - rbac + - simple + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the PV capacity. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the kafka dependencies like zookeeper + and centralized MDS settings + properties: + kafkaRest: + description: KafkaRestApiClientDep provides rest client auth for + MDS when RBAC is enabled + properties: + authentication: + description: Authentication defines authentication of Kafka + Rest API + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API + is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls + configuration to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: KafkaPrimaryMetaDataServerDep configure a secondary + Kafka cluster managed by the MDS of the primary Kafka cluster + properties: + endpoint: + description: URLEndpoint defines the URL endpoint in format + http|s://:port + minLength: 1 + pattern: ^https?://.* + type: string + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef or + directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - endpoint + - kafka + - tokenKeyPair + type: object + zookeeper: + description: KafkaZookeeperDependencies + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + discovery: + description: Discovery discover structure used by Confluent + platform (CP) + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + endpoint: + description: Endpoint defines the endpoint for service is format + endpoint:port + minLength: 1 + pattern: .+:[0-9]+ + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + listeners: + description: Listeners defines listeners configurations + properties: + custom: + items: + description: KafkaCustomListener ... + properties: + authentication: + description: KafkaZkAuthentication defines authentication + structure for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the + user wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least + one of 'backend' or 'rules' must be specified. + This field is optional to allow the loadbalancer + controller or defaulting logic to specify a + global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of + the Ingress object. If resource is specified, + serviceName and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is the group for + the resource being referenced. If APIGroup + is not specified, the specified Kind + must be in the core API group. For any + other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used + to set a default value for this field. For more + information, refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then + routed to the backend associated with the + matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to + \ the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected + because ports are not allowed. \t Currently + the port of an Ingress is implicitly :80 + for http and \t :443 for https. Both + these may change in the future. Incoming + requests are matched against the host + before the IngressRuleValue. If the host + is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a + domain name without the terminating dot + of a network host (e.g. \"foo.bar.com\") + or \"wildcard\", which is a domain name + prefixed with a single wildcard label + (e.g. \"*.foo.com\"). The wildcard character + '*' must appear by itself as the first + DNS label and matches only a single label. + You cannot have a wildcard label by itself + (e.g. Host == \"*\"). Requests will be + matched against the Host field in the + following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a + list of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource + will be used to match against everything + after the last ''/'' and before the first + ''?'' or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming + urls matching the path are forwarded + to the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint + to which the traffic will be + forwarded to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not + be specified. + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not specified, + the specified Kind must + be in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the + name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the + port of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a + URL path prefix split by ''/''. + Matching is done on a path + element by element basis. A + path element refers is the list + of labels in the path split + by the ''/'' separator. A request + is a match for path p if every + p is an element-wise prefix + of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request + path, it is not a match (e.g. + /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). + * ImplementationSpecific: Interpretation + of the Path matching is up to the + IngressClass. Implementations + can treat this as a separate + PathType or treat it identically + to Prefix or Exact path types. + Implementations are required + to support all path types. Defaults + to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the + Ingress only supports a single TLS port, 443. + If multiple members of this list specify different + hosts, they will be multiplexed on the same + port according to the hostname specified through + the SNI TLS extension, if the ingress controller + fulfilling the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in + this list must match the name/s used in + the tlsSecret. Defaults to the wildcard + host setting for the loadbalancer controller + fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for + termination and value of the Host header + is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing + order with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used + in the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to + be used and will go in the increasing order with + respect to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + name: + description: Name defines the name of the custom listener + internal/external/token can't be used as they are reserved + by the Operator + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: Port will bind given port to the custom listener. + Port < 9093 is reserved by the Operator + format: int32 + minimum: 9093 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + - port + type: object + type: array + external: + description: KafkaExternalAccessListener is the kafka specific external + listener + properties: + authentication: + description: KafkaZkAuthentication defines authentication structure + for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added as + bootstrapPrefix.domain If not configured it will be + the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added as + bootstrapPrefix.domain If not configured it will be + the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used in + the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to be + used and will go in the increasing order with respect + to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + internal: + description: Listener is the base fields for component listener + configuration + properties: + authentication: + description: KafkaZkAuthentication defines authentication structure + for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + metricReporter: + description: MetricsReporter defines the metric reporter configuration + which will be enabled by default, and piggyback internal listener's + authentication and TLS if it is not set + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + type: string + enabled: + type: boolean + replicationFactor: + format: int32 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - enabled + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + rackAssignment: + description: RackAssignment defines the rack awareness capability for + kafka + properties: + availabilityZoneCount: + description: AvailabilityZoneCount if configured will configure + broker.rack with formula (pod_id % azCount) this is mainly for + backwards compatibility with Operator 1.0 + format: int32 + type: integer + nodeLabels: + description: NodeLabels if configured uses the kubernetes node APIs + to to retrieve the value to be used in the broker.rack. This feature + requires Confluent Operaotr to run in cluster-level access + items: + type: string + minItems: 1 + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + services: + description: KafkaServices defines services supported part of kafka + properties: + kafkaRest: + description: RestApiServer embedded rest api server + properties: + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MetaDataServer + properties: + authentication: + description: MDSAuthentication supported MDS server configuration + properties: + type: + enum: + - bearer + type: string + required: + - type + type: object + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + provider: + properties: + ldap: + description: LdapService LDAP configuration for RBAC + properties: + address: + type: string + authentication: + description: LdapAuthentication supported ldap configuration + for RBAC + properties: + simple: + description: LdapSimpleAuthentication load credential + either for secret or directory path in container + for RBAC + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - simple + - mtls + type: string + required: + - type + type: object + configurations: + description: LdapSettings ldap configurations for CP + RBAC. Anything missing can be passed through configOverride + capability + properties: + groupMemberAttribute: + minLength: 1 + type: string + groupMemberAttributePattern: + minLength: 1 + type: string + groupNameAttribute: + minLength: 1 + type: string + groupObjectClass: + minLength: 1 + type: string + groupSearchBase: + minLength: 1 + type: string + groupSearchFilter: + minLength: 1 + type: string + groupSearchScope: + format: int32 + type: integer + userMemberOfAttributePattern: + minLength: 1 + type: string + userNameAttribute: + minLength: 1 + type: string + userObjectClass: + minLength: 1 + type: string + userSearchBase: + minLength: 1 + type: string + userSearchFilter: + minLength: 1 + type: string + userSearchScope: + format: int32 + type: integer + type: object + tls: + description: ClientTLSConfig defines TLS configuration + for CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name + referenced for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be + found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - address + - authentication + - configurations + type: object + type: + enum: + - ldap + type: string + required: + - ldap + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef or + directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - provider + - tokenKeyPair + type: object + type: object + storageClass: + description: StorageClass defines the user provided storage class. If + not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines the global level TLS configuration which can + be used by listeners and services if they all want to share same certificate. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KafkaStatus defines the observed state of KafkaServer + properties: + authorizationType: + type: string + brokerIdOffset: + format: int32 + type: integer + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + externalClient: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + listeners: + additionalProperties: + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + client: + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + minISR: + format: int32 + type: integer + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + replicationFactor: + format: int32 + type: integer + services: + additionalProperties: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + zookeeperConnect: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/crds/platform.confluent.io_kafkatopics.yaml b/kustomize/base/crds/platform.confluent.io_kafkatopics.yaml new file mode 100644 index 0000000..e6afabd --- /dev/null +++ b/kustomize/base/crds/platform.confluent.io_kafkatopics.yaml @@ -0,0 +1,287 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkatopics.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.partitionCount + name: Partition + type: string + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .status.kafkaClusterId + name: ClusterId + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaTopic + listKind: KafkaTopicList + plural: kafkatopics + shortNames: + - kt + - topic + singular: kafkatopic + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KafkaTopic is the Schema for the kafkatopics API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaTopicSpec defines the desired state of KafkaTopic + properties: + configs: + additionalProperties: + type: string + description: Configs allows passing configs for topic More information + about topic configs is available here https://docs.confluent.io/current/installation/configuration/topic-configs.html + type: object + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestRef defines the Kafka Rest API configuration + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: BearerAuthentication used by MDS clients + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + name: + description: Name defines the topic name. If not configured uses the + CR name as topic name. + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + partitionCount: + description: PartitionCount defines the partition count + format: int32 + minimum: 1 + type: integer + replicas: + description: Replicas defines the replication factor for a topic + format: int32 + minimum: 1 + type: integer + type: object + status: + description: KafkaTopicStatus defines the observed state of KafkaTopic + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaClusterId: + type: string + kafkaRestEndpoint: + type: string + partitionCount: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/crds/platform.confluent.io_ksqldbs.yaml b/kustomize/base/crds/platform.confluent.io_ksqldbs.yaml new file mode 100644 index 0000000..5f99859 --- /dev/null +++ b/kustomize/base/crds/platform.confluent.io_ksqldbs.yaml @@ -0,0 +1,2719 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: ksqldbs.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KsqlDB + listKind: KsqlDBList + plural: ksqldbs + shortNames: + - ksqldb + - ksql + singular: ksqldb + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: KsqlDB is the Schema for the ksql API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authentication: + description: Authentication specifies whether auth is needed when accessing + the ksqlDB rest server. + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization configuration defines RBAC configuration + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: Data volume + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines dependencies Kafka, interceptor, schemaregistry, + mds dependencies + properties: + interceptor: + description: InterceptorDependency defines interceptor settings + for CP component + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines MDS configure when CP RBAC + is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring CP + component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: Provides configuring endpoints and services to make ksqlDB + accessible from outside the cluster + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: Replication factor for internal topics + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage class used for creating pvc's of created ksqlDB + pods + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: Specifies TLS configurations for the ksqlDB rest server. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KsqlDBStatus defines the observed state of KSQLServer + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + serviceId: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/crds/platform.confluent.io_migrationjobs.yaml b/kustomize/base/crds/platform.confluent.io_migrationjobs.yaml new file mode 100644 index 0000000..ead0c24 --- /dev/null +++ b/kustomize/base/crds/platform.confluent.io_migrationjobs.yaml @@ -0,0 +1,669 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: migrationjobs.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: MigrationJob + listKind: MigrationJobList + plural: migrationjobs + shortNames: + - migrationjob + - migration + singular: migrationjob + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: MigrationJob is the Schema for the migrationjobs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MigrationJobSpec defines the desired state of MigrationJob + properties: + blockReconcile: + type: boolean + connect: + description: ConnectMigrationJobSpec defines the desired state of Connect + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + controlcenter: + description: ControlCenterMigrationJobSpec defines the desired state + of ControlCenter after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + initContainerImage: + minLength: 1 + type: string + kafka: + description: KafkaMigrationJobSpec defines the descired state of Kafka + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + ksqldb: + description: KsqlDBMigrationJobSpec defines the desired state of KsqlDB + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + pullSecretRef: + items: + type: string + type: array + replicator: + description: ReplicatorMigrationJobSpec defines the desired state of + Replicator after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + schemaRegistry: + description: SchemaRegistryMigrationJobSpec defines the desired state + of SchemaRegistry after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + skipCleanup: + type: boolean + skipRollback: + type: boolean + zookeeper: + description: ZookeeperMigrationJobSpec defines the desired state of + Zookeeper after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + required: + - initContainerImage + type: object + status: + description: MigrationJobStatus defines the observed state of MigrationJob + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + connect: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + controlcenter: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + kafka: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + ksqldb: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + phase: + type: string + replicator: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + schemaRegistry: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + zookeeper: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + required: + - phase + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/crds/platform.confluent.io_schemaregistries.yaml b/kustomize/base/crds/platform.confluent.io_schemaregistries.yaml new file mode 100644 index 0000000..5d5723a --- /dev/null +++ b/kustomize/base/crds/platform.confluent.io_schemaregistries.yaml @@ -0,0 +1,2333 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: schemaregistries.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: SchemaRegistry + listKind: SchemaRegistryList + plural: schemaregistries + shortNames: + - schemaregistry + - sr + singular: schemaregistry + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: SchemaRegistry is the Schema for the schemaregistries API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SchemaRegistrySpec defines the desired state of SchemaRegistry + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + minimum: 1 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage defines + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - image + - replicas + type: object + status: + description: SchemaRegistryStatus defines the observed state of SchemaRegistry + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + metricPrefix: + type: string + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/crds/platform.confluent.io_zookeepers.yaml b/kustomize/base/crds/platform.confluent.io_zookeepers.yaml new file mode 100644 index 0000000..e8c7c7b --- /dev/null +++ b/kustomize/base/crds/platform.confluent.io_zookeepers.yaml @@ -0,0 +1,1551 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: zookeepers.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.endpoint + name: Endpoint + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Zookeeper + listKind: ZookeeperList + plural: zookeepers + shortNames: + - zookeeper + - zk + singular: zookeeper + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Zookeeper is the Schema for the zookeepers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ZookeeperSpec defines the desired state of Confluent Platform + (CP) component, Zookeeper + properties: + authentication: + description: Authentication defines support authentication configuration + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass required + credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced for + authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + logVolumeCapacity: + anyOf: + - type: integer + - type: string + description: LogVolumeCapacity defines the log volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines the user provided storage class. If + not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLS defines TLS setting + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - logVolumeCapacity + - replicas + type: object + status: + description: ZookeeperStatus defines the observed state of Zookeeper + properties: + authenticationType: + type: string + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + endpoint: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + tls: + type: boolean + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index f984546..5ac276b 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -1,6 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - crds - secrets - confluent - rolebindings From 97eb97d1167ec374e035004bf1281d7b708f31b0 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 15:21:20 +0100 Subject: [PATCH 27/46] debug --- kustomize/{base => shared}/crds/kustomization.yaml | 0 .../crds/platform.confluent.io_confluentrolebindings.yaml | 0 .../{base => shared}/crds/platform.confluent.io_connects.yaml | 0 .../crds/platform.confluent.io_controlcenters.yaml | 0 .../crds/platform.confluent.io_kafkarestclasses.yaml | 0 kustomize/{base => shared}/crds/platform.confluent.io_kafkas.yaml | 0 .../{base => shared}/crds/platform.confluent.io_kafkatopics.yaml | 0 .../{base => shared}/crds/platform.confluent.io_ksqldbs.yaml | 0 .../crds/platform.confluent.io_migrationjobs.yaml | 0 .../crds/platform.confluent.io_schemaregistries.yaml | 0 .../{base => shared}/crds/platform.confluent.io_zookeepers.yaml | 0 11 files changed, 0 insertions(+), 0 deletions(-) rename kustomize/{base => shared}/crds/kustomization.yaml (100%) rename kustomize/{base => shared}/crds/platform.confluent.io_confluentrolebindings.yaml (100%) rename kustomize/{base => shared}/crds/platform.confluent.io_connects.yaml (100%) rename kustomize/{base => shared}/crds/platform.confluent.io_controlcenters.yaml (100%) rename kustomize/{base => shared}/crds/platform.confluent.io_kafkarestclasses.yaml (100%) rename kustomize/{base => shared}/crds/platform.confluent.io_kafkas.yaml (100%) rename kustomize/{base => shared}/crds/platform.confluent.io_kafkatopics.yaml (100%) rename kustomize/{base => shared}/crds/platform.confluent.io_ksqldbs.yaml (100%) rename kustomize/{base => shared}/crds/platform.confluent.io_migrationjobs.yaml (100%) rename kustomize/{base => shared}/crds/platform.confluent.io_schemaregistries.yaml (100%) rename kustomize/{base => shared}/crds/platform.confluent.io_zookeepers.yaml (100%) diff --git a/kustomize/base/crds/kustomization.yaml b/kustomize/shared/crds/kustomization.yaml similarity index 100% rename from kustomize/base/crds/kustomization.yaml rename to kustomize/shared/crds/kustomization.yaml diff --git a/kustomize/base/crds/platform.confluent.io_confluentrolebindings.yaml b/kustomize/shared/crds/platform.confluent.io_confluentrolebindings.yaml similarity index 100% rename from kustomize/base/crds/platform.confluent.io_confluentrolebindings.yaml rename to kustomize/shared/crds/platform.confluent.io_confluentrolebindings.yaml diff --git a/kustomize/base/crds/platform.confluent.io_connects.yaml b/kustomize/shared/crds/platform.confluent.io_connects.yaml similarity index 100% rename from kustomize/base/crds/platform.confluent.io_connects.yaml rename to kustomize/shared/crds/platform.confluent.io_connects.yaml diff --git a/kustomize/base/crds/platform.confluent.io_controlcenters.yaml b/kustomize/shared/crds/platform.confluent.io_controlcenters.yaml similarity index 100% rename from kustomize/base/crds/platform.confluent.io_controlcenters.yaml rename to kustomize/shared/crds/platform.confluent.io_controlcenters.yaml diff --git a/kustomize/base/crds/platform.confluent.io_kafkarestclasses.yaml b/kustomize/shared/crds/platform.confluent.io_kafkarestclasses.yaml similarity index 100% rename from kustomize/base/crds/platform.confluent.io_kafkarestclasses.yaml rename to kustomize/shared/crds/platform.confluent.io_kafkarestclasses.yaml diff --git a/kustomize/base/crds/platform.confluent.io_kafkas.yaml b/kustomize/shared/crds/platform.confluent.io_kafkas.yaml similarity index 100% rename from kustomize/base/crds/platform.confluent.io_kafkas.yaml rename to kustomize/shared/crds/platform.confluent.io_kafkas.yaml diff --git a/kustomize/base/crds/platform.confluent.io_kafkatopics.yaml b/kustomize/shared/crds/platform.confluent.io_kafkatopics.yaml similarity index 100% rename from kustomize/base/crds/platform.confluent.io_kafkatopics.yaml rename to kustomize/shared/crds/platform.confluent.io_kafkatopics.yaml diff --git a/kustomize/base/crds/platform.confluent.io_ksqldbs.yaml b/kustomize/shared/crds/platform.confluent.io_ksqldbs.yaml similarity index 100% rename from kustomize/base/crds/platform.confluent.io_ksqldbs.yaml rename to kustomize/shared/crds/platform.confluent.io_ksqldbs.yaml diff --git a/kustomize/base/crds/platform.confluent.io_migrationjobs.yaml b/kustomize/shared/crds/platform.confluent.io_migrationjobs.yaml similarity index 100% rename from kustomize/base/crds/platform.confluent.io_migrationjobs.yaml rename to kustomize/shared/crds/platform.confluent.io_migrationjobs.yaml diff --git a/kustomize/base/crds/platform.confluent.io_schemaregistries.yaml b/kustomize/shared/crds/platform.confluent.io_schemaregistries.yaml similarity index 100% rename from kustomize/base/crds/platform.confluent.io_schemaregistries.yaml rename to kustomize/shared/crds/platform.confluent.io_schemaregistries.yaml diff --git a/kustomize/base/crds/platform.confluent.io_zookeepers.yaml b/kustomize/shared/crds/platform.confluent.io_zookeepers.yaml similarity index 100% rename from kustomize/base/crds/platform.confluent.io_zookeepers.yaml rename to kustomize/shared/crds/platform.confluent.io_zookeepers.yaml From 756bc4959e7afbcbbaf6624905d9b0afd15efc00 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 15:23:09 +0100 Subject: [PATCH 28/46] debug --- kustomize/base/kustomization.yaml | 1 - kustomize/shared/kustomization.yaml | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index 5ac276b..f984546 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -1,7 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - crds - secrets - confluent - rolebindings diff --git a/kustomize/shared/kustomization.yaml b/kustomize/shared/kustomization.yaml index e9ae671..10733bf 100644 --- a/kustomize/shared/kustomization.yaml +++ b/kustomize/shared/kustomization.yaml @@ -1,4 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - crds - tools \ No newline at end of file From cd3149d1e26f2becdaaec99a19f9581680add7ef Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 15:33:38 +0100 Subject: [PATCH 29/46] debug --- kustomize/apps.yaml | 15 + kustomize/infrastucture.yaml | 17 + kustomize/kustomization.yaml | 4 - .../confluent-operator-credentials.yaml | 0 ... confluent-operator-helm-release-dev.yaml} | 2 +- ...uent-operator-helm-release-production.yaml | 17 + ...nfluent-operator-helm-release-staging.yaml | 17 + kustomize/shared/crds/kustomization.yaml | 13 - ...rm.confluent.io_confluentrolebindings.yaml | 249 - .../crds/platform.confluent.io_connects.yaml | 3103 ---------- .../platform.confluent.io_controlcenters.yaml | 3032 ---------- ...latform.confluent.io_kafkarestclasses.yaml | 361 -- .../crds/platform.confluent.io_kafkas.yaml | 4981 ----------------- .../platform.confluent.io_kafkatopics.yaml | 287 - .../crds/platform.confluent.io_ksqldbs.yaml | 2719 --------- .../platform.confluent.io_migrationjobs.yaml | 669 --- ...latform.confluent.io_schemaregistries.yaml | 2333 -------- .../platform.confluent.io_zookeepers.yaml | 1551 ----- kustomize/shared/kustomization.yaml | 10 +- kustomize/shared/{tools => }/ldap.yaml | 0 kustomize/shared/{tools => }/namespace.yaml | 0 kustomize/shared/{tools => }/proxy.yaml | 0 kustomize/shared/tools/kustomization.yaml | 9 - 23 files changed, 75 insertions(+), 19314 deletions(-) create mode 100644 kustomize/apps.yaml create mode 100644 kustomize/infrastucture.yaml delete mode 100644 kustomize/kustomization.yaml rename kustomize/shared/{tools => }/confluent-operator-credentials.yaml (100%) rename kustomize/shared/{tools/confluent-operator-helm-release.yaml => confluent-operator-helm-release-dev.yaml} (94%) create mode 100644 kustomize/shared/confluent-operator-helm-release-production.yaml create mode 100644 kustomize/shared/confluent-operator-helm-release-staging.yaml delete mode 100644 kustomize/shared/crds/kustomization.yaml delete mode 100644 kustomize/shared/crds/platform.confluent.io_confluentrolebindings.yaml delete mode 100644 kustomize/shared/crds/platform.confluent.io_connects.yaml delete mode 100644 kustomize/shared/crds/platform.confluent.io_controlcenters.yaml delete mode 100644 kustomize/shared/crds/platform.confluent.io_kafkarestclasses.yaml delete mode 100644 kustomize/shared/crds/platform.confluent.io_kafkas.yaml delete mode 100644 kustomize/shared/crds/platform.confluent.io_kafkatopics.yaml delete mode 100644 kustomize/shared/crds/platform.confluent.io_ksqldbs.yaml delete mode 100644 kustomize/shared/crds/platform.confluent.io_migrationjobs.yaml delete mode 100644 kustomize/shared/crds/platform.confluent.io_schemaregistries.yaml delete mode 100644 kustomize/shared/crds/platform.confluent.io_zookeepers.yaml rename kustomize/shared/{tools => }/ldap.yaml (100%) rename kustomize/shared/{tools => }/namespace.yaml (100%) rename kustomize/shared/{tools => }/proxy.yaml (100%) delete mode 100644 kustomize/shared/tools/kustomization.yaml diff --git a/kustomize/apps.yaml b/kustomize/apps.yaml new file mode 100644 index 0000000..5a2f411 --- /dev/null +++ b/kustomize/apps.yaml @@ -0,0 +1,15 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: environments + namespace: flux-system +spec: + interval: 1m +# dependsOn: +# - name: infrastucture + sourceRef: + kind: GitRepository + name: flux-system + prune: true + path: ./environments + validation: client diff --git a/kustomize/infrastucture.yaml b/kustomize/infrastucture.yaml new file mode 100644 index 0000000..713a150 --- /dev/null +++ b/kustomize/infrastucture.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: shared + namespace: flux-system +spec: + interval: 1m + sourceRef: + kind: GitRepository + name: flux-system + namespace: flux-system + healthChecks: + - kind: Pod + name: ldap + namespace: tools + path: ./shared + prune: true diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml deleted file mode 100644 index 0e78dab..0000000 --- a/kustomize/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -resources: - - shared - - environments -namePrefix: cluster-a- diff --git a/kustomize/shared/tools/confluent-operator-credentials.yaml b/kustomize/shared/confluent-operator-credentials.yaml similarity index 100% rename from kustomize/shared/tools/confluent-operator-credentials.yaml rename to kustomize/shared/confluent-operator-credentials.yaml diff --git a/kustomize/shared/tools/confluent-operator-helm-release.yaml b/kustomize/shared/confluent-operator-helm-release-dev.yaml similarity index 94% rename from kustomize/shared/tools/confluent-operator-helm-release.yaml rename to kustomize/shared/confluent-operator-helm-release-dev.yaml index a26230c..76b31ec 100644 --- a/kustomize/shared/tools/confluent-operator-helm-release.yaml +++ b/kustomize/shared/confluent-operator-helm-release-dev.yaml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: confluent - namespace: staging + namespace: dev spec: interval: 1m chart: diff --git a/kustomize/shared/confluent-operator-helm-release-production.yaml b/kustomize/shared/confluent-operator-helm-release-production.yaml new file mode 100644 index 0000000..76b31ec --- /dev/null +++ b/kustomize/shared/confluent-operator-helm-release-production.yaml @@ -0,0 +1,17 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: confluent + namespace: dev +spec: + interval: 1m + chart: + spec: + chart: confluent-for-kubernetes + sourceRef: + kind: HelmRepository + name: confluent-private + namespace: flux-system + values: + image: + registry: confluent-docker-internal-early-access-operator-2.jfrog.io \ No newline at end of file diff --git a/kustomize/shared/confluent-operator-helm-release-staging.yaml b/kustomize/shared/confluent-operator-helm-release-staging.yaml new file mode 100644 index 0000000..76b31ec --- /dev/null +++ b/kustomize/shared/confluent-operator-helm-release-staging.yaml @@ -0,0 +1,17 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: confluent + namespace: dev +spec: + interval: 1m + chart: + spec: + chart: confluent-for-kubernetes + sourceRef: + kind: HelmRepository + name: confluent-private + namespace: flux-system + values: + image: + registry: confluent-docker-internal-early-access-operator-2.jfrog.io \ No newline at end of file diff --git a/kustomize/shared/crds/kustomization.yaml b/kustomize/shared/crds/kustomization.yaml deleted file mode 100644 index 2ad3673..0000000 --- a/kustomize/shared/crds/kustomization.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - platform.confluent.io_confluentrolebindings.yaml - - platform.confluent.io_connects.yaml - - platform.confluent.io_controlcenters.yaml - - platform.confluent.io_kafkarestclasses.yaml - - platform.confluent.io_kafkas.yaml - - platform.confluent.io_kafkatopics.yaml - - platform.confluent.io_ksqldbs.yaml - - platform.confluent.io_migrationjobs.yaml - - platform.confluent.io_schemaregistries.yaml - - platform.confluent.io_zookeepers.yaml diff --git a/kustomize/shared/crds/platform.confluent.io_confluentrolebindings.yaml b/kustomize/shared/crds/platform.confluent.io_confluentrolebindings.yaml deleted file mode 100644 index 6ccc8de..0000000 --- a/kustomize/shared/crds/platform.confluent.io_confluentrolebindings.yaml +++ /dev/null @@ -1,249 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: confluentrolebindings.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: Status - type: string - - JSONPath: .status.kafkaClusterId - name: KafkaClusterId - type: string - - JSONPath: .status.principal - name: Principal - type: string - - JSONPath: .status.role - name: Role - type: string - - JSONPath: .status.kafkaRestClass - name: KafkaRestClass - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.clusterRegistryName - name: ClusterRegistryName - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: ConfluentRolebinding - listKind: ConfluentRolebindingList - plural: confluentrolebindings - shortNames: - - cfrb - - confluentrolebinding - singular: confluentrolebinding - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: ConfluentRolebinding is the Schema for the confluentrolebinding - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfluentRolebindingSpec defines the desired state of rolebinding - for cp component when rbac is enabled - properties: - clustersScopeByIds: - description: ClusterScope defines the scope of clustersId - properties: - connectClusterId: - minLength: 1 - type: string - kafkaClusterId: - minLength: 1 - type: string - ksqlClusterId: - minLength: 1 - type: string - schemaRegistryClusterId: - minLength: 1 - type: string - type: object - clustersScopeByRegistryName: - description: ClusterRegistryName defines the unique cluster name customer - registered in cluster registry - minLength: 1 - type: string - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - principal: - description: Principal defines the confluent rolebinding principal name - and the binding details. - properties: - name: - description: Name defines the name of the principal(user/group) - minLength: 1 - type: string - type: - enum: - - user - - group - type: string - required: - - name - - type - type: object - resourcePatterns: - description: ResourcePatterns define the qualified resources associated - with this rolebinding - items: - description: ResourcePattern define the qualified resource info associated - with this rolebinding - properties: - name: - description: Name defines the name of resource associated with - this rolebinding - minLength: 1 - type: string - patternType: - description: PatternType defines whether the pattern of resource - is PREFIXED or LITERAL, default is LITERAL if not set - enum: - - PREFIXED - - LITERAL - type: string - resourceType: - description: ResourceType defines the type of resource - minLength: 1 - type: string - required: - - name - - resourceType - type: object - type: array - role: - description: Role defines the name of the Role - minLength: 1 - type: string - required: - - principal - - role - type: object - status: - description: ConfluentRolebindingStatus defines the observed state of ConfluentRolebinding - properties: - clusterRegistryName: - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - kafkaClusterId: - type: string - kafkaRestClass: - type: string - mdsEndpoint: - type: string - principal: - type: string - resourcePatterns: - items: - description: ResourcePattern define the qualified resource info associated - with this rolebinding - properties: - name: - description: Name defines the name of resource associated with - this rolebinding - minLength: 1 - type: string - patternType: - description: PatternType defines whether the pattern of resource - is PREFIXED or LITERAL, default is LITERAL if not set - enum: - - PREFIXED - - LITERAL - type: string - resourceType: - description: ResourceType defines the type of resource - minLength: 1 - type: string - required: - - name - - resourceType - type: object - type: array - role: - type: string - state: - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/shared/crds/platform.confluent.io_connects.yaml b/kustomize/shared/crds/platform.confluent.io_connects.yaml deleted file mode 100644 index b94a2ea..0000000 --- a/kustomize/shared/crds/platform.confluent.io_connects.yaml +++ /dev/null @@ -1,3103 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: connects.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.kafka.bootstrapEndpoint - name: Kafka - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: Connect - listKind: ConnectList - plural: connects - shortNames: - - connect - singular: connect - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: Connect is the Schema for the Connects API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConnectSpec defines the desired state of Connect - properties: - authentication: - description: Rest server security fields - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic credential - through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on the - server side only. Changes will be only reflected in ControlCenter - (C3). This configuration is ignored on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on the - server side only. This configuration is ignored on the client - side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme for Rest - Server - enum: - - basic - - mtls - type: string - required: - - type - type: object - authorization: - description: Authorization - properties: - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - type: - enum: - - rbac - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - connectorOverridePolicy: - description: ConnectorOverridePolicy allows policy to permit per-connector - override configuration for producer/consumer/admin prefix. More information - can be found here, https://docs.confluent.io/platform/current/connect/security.html#separate-principals - enum: - - All - - Principal - type: string - dependencies: - description: ConnectDependencies holds dependencies a connect requires - or can enable - properties: - admin: - description: configure admin client If bootstrapEndpoint is not - configured, the security is configured based on the kafka dependencies - configuration. Configure if different bootstrapEndpoint is required - for admin client - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - consumer: - description: Consumer security configuration to connect to Kafka - Cluster pointed by bootstrapEndpoint, used for sink connectors. - If bootstrapEndpoint is not configured, the security is configured - based on the kafka dependencies configuration. Configure if different - bootstrapEndpoint is required for consumer - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - interceptor: - description: configure confluent monitoring interceptor - properties: - configs: - description: Configs defines configs for the CP interceptor - Config override feature can be used to pass config - items: - type: string - type: array - consumer: - description: Consumer defines the consumer configuration for - interceptor. If not configured it will use the kafka dependency - configuration - properties: - authentication: - description: Authentication defines the authentication for - the kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's - JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference - to pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete - JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap - endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability - to discover kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is - running Uses the same namespace where Operator is - running if not configured - type: string - secretRef: - description: SecretRef defines the name of the secret - reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side - TLS setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - enabled: - description: Enabled defines to enable the CP interceptor configuration - type: boolean - producer: - description: Producer defines the producer configuration for - interceptor. If not configured it will use the kafka dependency - configuration - properties: - authentication: - description: Authentication defines the authentication for - the kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's - JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference - to pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete - JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap - endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability - to discover kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is - running Uses the same namespace where Operator is - running if not configured - type: string - secretRef: - description: SecretRef defines the name of the secret - reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side - TLS setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - publishMs: - type: integer - required: - - enabled - type: object - kafka: - description: Connect dependency for connecting to kafka. Uses discovery - if that specified - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mds: - description: Mds configurations for when RBAC is enabled - properties: - authentication: - description: Authentication defines MDS authentication configuration - properties: - bearer: - description: BearerAuthentication defines bearer authentication - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines the authentication type support - for MDS - enum: - - bearer - type: string - required: - - bearer - - type - type: object - endpoint: - description: Endpoint defines the mds endpoint - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: TokenKeyPair defines the token keypair to configure - MDS - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - authentication - - endpoint - - tokenKeyPair - type: object - producer: - description: Producer security configuration to connect to Kafka - Cluster pointed by bootstrapEndpoint, used for source connectors. - If bootstrapEndpoint is not configured, the security is configured - based on the kafka dependencies configuration. Configure if different - bootstrapEndpoint/security is required for producer - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - schemaRegistry: - description: configure connect dependency for schemaregistry - properties: - authentication: - description: Authentication defines the authentication for the - schemaregistry cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass - basic credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles - on the server side only. Changes will be only reflected - in ControlCenter (C3). This configuration is ignored - on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration is ignored - on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme - for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for schemaregistry cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - url - type: object - type: object - enableSchemas: - description: EnableSchemas defines whether to enable scheme or not - type: boolean - externalAccess: - description: CPExternalAccess holds all external access policies for - non-kafka components - properties: - ingress: - description: Ingress allows to create a ingress service Not implemented - yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user wishes - to exist. - properties: - backend: - description: A default backend capable of servicing requests - that don't match any rule. At least one of 'backend' or - 'rules' must be specified. This field is optional to allow - the loadbalancer controller or defaulting logic to specify - a global default. - properties: - resource: - description: Resource is an ObjectRef to another Kubernetes - resource in the namespace of the Ingress object. If - resource is specified, serviceName and servicePort - must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the IngressClass - cluster resource. The associated IngressClass defines - which controller will implement the resource. This replaces - the deprecated `kubernetes.io/ingress.class` annotation. - For backwards compatibility, when that annotation is set, - it must be given precedence over this field. The controller - may emit a warning if the field and annotation have different - values. Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource may - be marked as default, which can be used to set a default - value for this field. For more information, refer to the - IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure the - Ingress. If unspecified, or no rule matches, all traffic - is sent to the default backend. - items: - description: IngressRule represents the rules mapping - the paths under a specified host to the related backend - services. Incoming requests are first evaluated for - a host match, then routed to the backend associated - with the matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified domain name - of a network host, as defined by RFC 3986. Note - the following deviations from the \"host\" part - of the URI as defined in RFC 3986: 1. IPs are not - allowed. Currently an IngressRuleValue can only - apply to the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected because ports - are not allowed. \t Currently the port of an Ingress - is implicitly :80 for http and \t :443 for https. - Both these may change in the future. Incoming requests - are matched against the host before the IngressRuleValue. - If the host is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a domain name - without the terminating dot of a network host (e.g. - \"foo.bar.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. - \"*.foo.com\"). The wildcard character '*' must - appear by itself as the first DNS label and matches - only a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests will - be matched against the Host field in the following - way: 1. If Host is precise, the request matches - this rule if the http host header is equal to Host. - 2. If Host is a wildcard, then the request matches - this rule if the http host header is to equal to - the suffix (removing the first label) of the wildcard - rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list of http - selectors pointing to backends. In the example: - http:///? -> backend where - where parts of the url correspond to RFC 3986, this - resource will be used to match against everything - after the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that map requests - to backends. - items: - description: HTTPIngressPath associates a path - with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: Backend defines the referenced - service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: Resource is an ObjectRef - to another Kubernetes resource in - the namespace of the Ingress object. - If resource is specified, serviceName - and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the - referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the - referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against the - path of an incoming request. Currently - it can contain characters disallowed from - the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin - with a '/'. When unspecified, all paths - from incoming requests are matched. - type: string - pathType: - description: 'PathType determines the interpretation - of the Path matching. PathType can be - one of the following values: * Exact: - Matches the URL path exactly. * Prefix: - Matches based on a URL path prefix split - by ''/''. Matching is done on a path - element by element basis. A path element - refers is the list of labels in the - path split by the ''/'' separator. A request - is a match for path p if every p is - an element-wise prefix of p of the request - path. Note that if the last element of - the path is a substring of the last - element in request path, it is not a match - (e.g. /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching is - up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix or Exact - path types. Implementations are required - to support all path types. Defaults to - ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress only - supports a single TLS port, 443. If multiple members of - this list specify different hosts, they will be multiplexed - on the same port according to the hostname specified through - the SNI TLS extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts - with the "Host" header field used by an IngressRule, - the SNI host is used for termination and value of - the Host header is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes load balancer - service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type load balancer - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring source - range - items: - type: string - type: array - port: - description: Port allows to configure external port for client - consumption If not configured, same internal/external port - will be configured per component Information about the port - can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port offset - to be used and will go in the increasing order with respect - to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for OpenShift - Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the OpenShift - service type route - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. It defaults - to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - internalTopicReplicationFactor: - description: ' InternalTopicReplicationFactor defines internal topic - replication factor If not configured, it will be configured as 3' - format: int32 - type: integer - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - keyConverterType: - description: KeyConverter defines the supported converters package for - CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters - By default, it is configured as org.apache.kafka.connect.json.JsonConverter - minLength: 1 - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - storageClass: - description: Storage class used for creating pvc's of created connect - pods - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - telemetry: - description: ConfluentTelemetry defines the confluent telemetry reporter - configuration - properties: - global: - description: Global will allow disabling telemetry configuration. - If Operator is deployed with telemetry, this field is only is - used to disabled. By default the value is true if telemetry is - enabled in global level. - type: boolean - type: object - tls: - description: TLS allows configuring CP Component's server configuration - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - valueConverterType: - description: ValueConverter defines the supported converters package - for CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters - By default, it is configured as org.apache.kafka.connect.json.JsonConverter - minLength: 1 - type: string - required: - - image - - replicas - type: object - status: - description: ConnectStatus defines the observed state of Connect - properties: - authorizationType: - type: string - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - groupId: - type: string - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - kafka: - description: KafkaClientInfoStatus defines the kafka client side status - for all CP component - properties: - authenticationType: - description: AuthenticationType defines the authentication type - for kafka - type: string - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - type: string - tls: - description: TLS defines if tls is enabled for kafka dependency - type: boolean - type: object - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - rbac: - description: RBACInfoStatus defines RBAC related status when RBAC is - enabled - properties: - clusterId: - description: ClusterId defines the id of cluster - type: string - internalRolebindings: - description: RolebindingState defines the state of internal rolebindings - items: - type: string - type: array - type: object - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - restConfig: - description: ListenerStatus describes general information about a listeners - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to connect - to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to connect - to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/shared/crds/platform.confluent.io_controlcenters.yaml b/kustomize/shared/crds/platform.confluent.io_controlcenters.yaml deleted file mode 100644 index b2c2a1d..0000000 --- a/kustomize/shared/crds/platform.confluent.io_controlcenters.yaml +++ /dev/null @@ -1,3032 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: controlcenters.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.kafka.bootstrapEndpoint - name: Kafka - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: ControlCenter - listKind: ControlCenterList - plural: controlcenters - shortNames: - - controlcenter - - c3 - singular: controlcenter - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: ControlCenter is the Schema for the controlcenter API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ControlCenterSpec defines the desired state of ControlCenter - properties: - authentication: - description: Authentication defines the rest-endpoint configuration - properties: - basic: - description: BasicAuthentication defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic credential - through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on the - server side only. Changes will be only reflected in ControlCenter - (C3). This configuration is ignored on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on the - server side only. This configuration is ignored on the client - side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - ldap: - description: C3LdapAuthentication defines ldap authentication - properties: - property: - additionalProperties: - type: string - description: Property defines all the properties for LDAP configuration - Make sure to use secret object to pass username/password - type: object - restrictedRoles: - description: RestrictedRoles defines restricted access roles - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on the - server side only. - items: - type: string - minItems: 1 - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - basic - - ldap - - mtls - type: string - required: - - type - type: object - authorization: - description: Authorization defines authorization configurations - properties: - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - type: - enum: - - rbac - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - dataVolumeCapacity: - anyOf: - - type: integer - - type: string - description: DataVolumeCapacity defines the data size for PV - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - dependencies: - description: Dependencies defines all the dependencies service configuration - properties: - connect: - description: Connect defines connect worker dependencies configuration - items: - description: ControlCenterConnectDependency - properties: - authentication: - description: Authentication defines the authentication for - the connect cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass - basic credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles - on the server side only. Changes will be only reflected - in ControlCenter (C3). This configuration is ignored - on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration is ignored - on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme - for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - name: - description: Name defines the cluster name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - tls: - description: TLSDependencyConfig defines the client side TLS - setting for connect cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - name - - url - type: object - type: array - kafka: - description: Kafka defines kafka dependencies configuration - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - ksqldb: - description: KsqlDB defines ksqldb dependencies configuration - items: - description: ControlCenterKSQLDependency - properties: - advertisedUrl: - description: AdvertisedURL defines the advertised url to use - in browser. - minLength: 1 - pattern: ^https?://.* - type: string - authentication: - description: Authentication defines the authentication for - the ksqldb cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass - basic credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles - on the server side only. Changes will be only reflected - in ControlCenter (C3). This configuration is ignored - on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration is ignored - on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme - for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - name: - description: Name defines the cluster name - minLength: 1 - type: string - tls: - description: TLSDependencyConfig defines the client side TLS - setting for ksqldb cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - name - - url - type: object - type: array - mds: - description: MDSDependencies defines the RBAC dependencies configurations - properties: - authentication: - description: Authentication defines MDS authentication configuration - properties: - bearer: - description: BearerAuthentication defines bearer authentication - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines the authentication type support - for MDS - enum: - - bearer - type: string - required: - - bearer - - type - type: object - endpoint: - description: Endpoint defines the mds endpoint - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: TokenKeyPair defines the token keypair to configure - MDS - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - authentication - - endpoint - - tokenKeyPair - type: object - schemaRegistry: - description: SchemaRegistry defines schema registry dependencies - configuration - properties: - authentication: - description: Authentication defines the authentication for the - schemaregistry cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass - basic credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles - on the server side only. Changes will be only reflected - in ControlCenter (C3). This configuration is ignored - on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration is ignored - on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme - for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - clusters: - items: - description: ControlCenterMultiSchemaRegistryDependency - properties: - authentication: - description: Authentication defines the authentication - for the schemaregistry cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to - pass basic credential through directory path - in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted - roles on the server side only. Changes will - be only reflected in ControlCenter (C3). This - configuration is ignored on the client side - configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration - is ignored on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication - scheme for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - name: - description: Name defines the cluster name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - tls: - description: TLSDependencyConfig defines the client side - TLS setting for schemaregistry cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the - directory path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration - for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure - ignores the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name - referenced for jks password More information - about jks password key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - name - - url - type: object - type: array - tls: - description: TLSDependencyConfig defines the client side TLS - setting for schemaregistry cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - url - type: object - type: object - externalAccess: - description: ExternalAccess defines the external access configuration - properties: - ingress: - description: Ingress allows to create a ingress service Not implemented - yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user wishes - to exist. - properties: - backend: - description: A default backend capable of servicing requests - that don't match any rule. At least one of 'backend' or - 'rules' must be specified. This field is optional to allow - the loadbalancer controller or defaulting logic to specify - a global default. - properties: - resource: - description: Resource is an ObjectRef to another Kubernetes - resource in the namespace of the Ingress object. If - resource is specified, serviceName and servicePort - must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the IngressClass - cluster resource. The associated IngressClass defines - which controller will implement the resource. This replaces - the deprecated `kubernetes.io/ingress.class` annotation. - For backwards compatibility, when that annotation is set, - it must be given precedence over this field. The controller - may emit a warning if the field and annotation have different - values. Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource may - be marked as default, which can be used to set a default - value for this field. For more information, refer to the - IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure the - Ingress. If unspecified, or no rule matches, all traffic - is sent to the default backend. - items: - description: IngressRule represents the rules mapping - the paths under a specified host to the related backend - services. Incoming requests are first evaluated for - a host match, then routed to the backend associated - with the matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified domain name - of a network host, as defined by RFC 3986. Note - the following deviations from the \"host\" part - of the URI as defined in RFC 3986: 1. IPs are not - allowed. Currently an IngressRuleValue can only - apply to the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected because ports - are not allowed. \t Currently the port of an Ingress - is implicitly :80 for http and \t :443 for https. - Both these may change in the future. Incoming requests - are matched against the host before the IngressRuleValue. - If the host is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a domain name - without the terminating dot of a network host (e.g. - \"foo.bar.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. - \"*.foo.com\"). The wildcard character '*' must - appear by itself as the first DNS label and matches - only a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests will - be matched against the Host field in the following - way: 1. If Host is precise, the request matches - this rule if the http host header is equal to Host. - 2. If Host is a wildcard, then the request matches - this rule if the http host header is to equal to - the suffix (removing the first label) of the wildcard - rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list of http - selectors pointing to backends. In the example: - http:///? -> backend where - where parts of the url correspond to RFC 3986, this - resource will be used to match against everything - after the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that map requests - to backends. - items: - description: HTTPIngressPath associates a path - with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: Backend defines the referenced - service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: Resource is an ObjectRef - to another Kubernetes resource in - the namespace of the Ingress object. - If resource is specified, serviceName - and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the - referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the - referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against the - path of an incoming request. Currently - it can contain characters disallowed from - the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin - with a '/'. When unspecified, all paths - from incoming requests are matched. - type: string - pathType: - description: 'PathType determines the interpretation - of the Path matching. PathType can be - one of the following values: * Exact: - Matches the URL path exactly. * Prefix: - Matches based on a URL path prefix split - by ''/''. Matching is done on a path - element by element basis. A path element - refers is the list of labels in the - path split by the ''/'' separator. A request - is a match for path p if every p is - an element-wise prefix of p of the request - path. Note that if the last element of - the path is a substring of the last - element in request path, it is not a match - (e.g. /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching is - up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix or Exact - path types. Implementations are required - to support all path types. Defaults to - ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress only - supports a single TLS port, 443. If multiple members of - this list specify different hosts, they will be multiplexed - on the same port according to the hostname specified through - the SNI TLS extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts - with the "Host" header field used by an IngressRule, - the SNI host is used for termination and value of - the Host header is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes load balancer - service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type load balancer - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring source - range - items: - type: string - type: array - port: - description: Port allows to configure external port for client - consumption If not configured, same internal/external port - will be configured per component Information about the port - can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port offset - to be used and will go in the increasing order with respect - to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for OpenShift - Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the OpenShift - service type route - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. It defaults - to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - id: - description: ControlCenterID identifier used as a prefix so that multiple - instances of Control Center can co-exist. - format: int32 - type: integer - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - internalTopicReplicatorFactor: - format: int32 - type: integer - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - mail: - description: ControlCenterSMTPServer, these settings control the SMTP - server and account used when an alerts triggers the email action. - properties: - authentication: - description: Authentication SMTP supports basic authentication support - only For other types of authentication use config overrides capability. - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic - credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on - the server side only. Changes will be only reflected in - ControlCenter (C3). This configuration is ignored on the - client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on - the server side only. This configuration is ignored on - the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme for - Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - checkServerIdentity: - description: CheckServerIdentity forces validation of server’s certificate - when using STARTTLS or SSL. - type: boolean - hostname: - description: Hostname of outgoing SMTP server - minLength: 1 - type: string - mailBounceAddress: - description: MailBounceAddress override for MailFrom config to send - message - minLength: 1 - type: string - mailFrom: - description: MailFrom the originating address for emails sent from - Control Center. - minLength: 1 - type: string - port: - description: Port SMTP port open on for hostname - format: int32 - type: integer - startTLSRequired: - description: StartTLSRequired forces using STARTTLS. - type: boolean - required: - - hostname - type: object - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - monitoringKafkaClusters: - description: MonitoringKafkaClusters defines configuring monitoring - clusters - items: - description: MonitoringKafkaClusters kafka cluster configuration - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - name: - description: Name defines the cluster name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - tls: - description: TLSDependencyConfig defines the client side TLS setting - for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - required: - - name - type: object - type: array - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - name: - description: ControlCenterName name of the cluster - type: string - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - storageClass: - description: StorageClass defines user provided storage class reference - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - telemetry: - description: ConfluentTelemetry defines the confluent telemetry reporter - configuration - properties: - global: - description: Global will allow disabling telemetry configuration. - If Operator is deployed with telemetry, this field is only is - used to disabled. By default the value is true if telemetry is - enabled in global level. - type: boolean - type: object - tls: - description: TLS defines tls configuration for rest-endpoint - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - dataVolumeCapacity - - image - - replicas - type: object - status: - description: ControlCenterStatus defines the observed state of ControlCenter - properties: - authorizationType: - type: string - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - controlCenterName: - type: string - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - id: - format: int32 - type: integer - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - kafka: - description: KafkaClientInfoStatus defines the kafka client side status - for all CP component - properties: - authenticationType: - description: AuthenticationType defines the authentication type - for kafka - type: string - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - type: string - tls: - description: TLS defines if tls is enabled for kafka dependency - type: boolean - type: object - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - rbac: - description: RBACInfoStatus defines RBAC related status when RBAC is - enabled - properties: - clusterId: - description: ClusterId defines the id of cluster - type: string - internalRolebindings: - description: RolebindingState defines the state of internal rolebindings - items: - type: string - type: array - type: object - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - restConfig: - description: ListenerStatus describes general information about a listeners - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to connect - to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to connect - to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - required: - - id - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/shared/crds/platform.confluent.io_kafkarestclasses.yaml b/kustomize/shared/crds/platform.confluent.io_kafkarestclasses.yaml deleted file mode 100644 index 2158aca..0000000 --- a/kustomize/shared/crds/platform.confluent.io_kafkarestclasses.yaml +++ /dev/null @@ -1,361 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: kafkarestclasses.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: KafkaRestClass - listKind: KafkaRestClassList - plural: kafkarestclasses - shortNames: - - krc - - kafkarestclass - singular: kafkarestclass - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: KafkaRestClass is the Schema for the kafkarestclasses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaRestClassSpec defines the desired state of KafkaRestClass - properties: - kafkaClusterRef: - description: KafkaClusterRef defines the name of the kafka cluster - properties: - name: - description: Name defines name of the Kafka cluster - minLength: 1 - type: string - namespace: - description: Namespace defines namespace where kafka cluster is - running - minLength: 1 - type: string - required: - - name - type: object - kafkaRest: - description: KafkaRestApiInfo defines Kafka Rest API configuration - properties: - authentication: - description: Authentication defines authentication of Kafka Rest - API - properties: - basic: - description: BasicAuthentication defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic - credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on - the server side only. Changes will be only reflected in - ControlCenter (C3). This configuration is ignored on the - client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on - the server side only. This configuration is ignored on - the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - bearer: - description: BearerAuthentication used by MDS clients - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - basic - - bearer - type: string - required: - - type - type: object - endpoint: - description: Endpoint defines where confluent Kafka Rest API is - running - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: TLSDependencyConfig defines the client side tls configuration - to connect to Kafka Rest API - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - secondaryKafkaClusterRef: - description: SecondaryKafkaClusterRef defines the name of the secondary - kafka cluster when using centralized RBAC - properties: - name: - description: Name defines name of the Kafka cluster - minLength: 1 - type: string - namespace: - description: Namespace defines namespace where kafka cluster is - running - minLength: 1 - type: string - required: - - name - type: object - secondaryKafkaRest: - description: SeconaryKafkaRestApiInfo defines secondary Kafka Rest API - configuration when using centralized RBAC - properties: - authentication: - description: Authentication defines authentication of Kafka Rest - API - properties: - basic: - description: BasicAuthentication defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic - credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on - the server side only. Changes will be only reflected in - ControlCenter (C3). This configuration is ignored on the - client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on - the server side only. This configuration is ignored on - the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - bearer: - description: BearerAuthentication used by MDS clients - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - basic - - bearer - type: string - required: - - type - type: object - endpoint: - description: Endpoint defines where confluent Kafka Rest API is - running - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: TLSDependencyConfig defines the client side tls configuration - to connect to Kafka Rest API - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - type: object - status: - description: KafkaRestClassStatus defines the observed state of KafkaRestClass - properties: - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - endpoint: - description: Endpoint defines the kafkarest/mds endpoint - type: string - kafkaClusterId: - description: KafkaClusterId defines the cluster id of kafka cluster - If using centralized RBAC and kafkarestclass is for secondary kafka - cluster, it will be clusterId of secondary kafka cluster - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/shared/crds/platform.confluent.io_kafkas.yaml b/kustomize/shared/crds/platform.confluent.io_kafkas.yaml deleted file mode 100644 index 00cfcb9..0000000 --- a/kustomize/shared/crds/platform.confluent.io_kafkas.yaml +++ /dev/null @@ -1,4981 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: kafkas.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.zookeeperConnect - name: Zookeeper - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: Kafka - listKind: KafkaList - plural: kafkas - shortNames: - - kafka - - broker - singular: kafka - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: Kafka is the Schema for the kafkas API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaSpec defines the desired state of CP component, Kafka - Server - properties: - authorization: - description: Authorization defines authorization support - properties: - superUsers: - description: SuperUsers defines list of supers user to give admin - privilege on the Kafka Cluster This list takes the format as User: - items: - type: string - type: array - type: - enum: - - rbac - - simple - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - dataVolumeCapacity: - anyOf: - - type: integer - - type: string - description: DataVolumeCapacity defines the PV capacity. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - dependencies: - description: Dependencies defines all the kafka dependencies like zookeeper - and centralized MDS settings - properties: - kafkaRest: - description: KafkaRestApiClientDep provides rest client auth for - MDS when RBAC is enabled - properties: - authentication: - description: Authentication defines authentication of Kafka - Rest API - properties: - bearer: - description: BearerAuthentication defines bearer authentication - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines the authentication type support - for MDS - enum: - - bearer - type: string - required: - - bearer - - type - type: object - endpoint: - description: Endpoint defines where confluent Kafka Rest API - is running - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: TLSDependencyConfig defines the client side tls - configuration to connect to Kafka Rest API - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mds: - description: KafkaPrimaryMetaDataServerDep configure a secondary - Kafka cluster managed by the MDS of the primary Kafka cluster - properties: - endpoint: - description: URLEndpoint defines the URL endpoint in format - http|s://:port - minLength: 1 - pattern: ^https?://.* - type: string - kafka: - description: KafkaClientDependency allows configuring CP component - dependency to configure kafka settings - properties: - authentication: - description: Authentication defines the authentication for - the kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's - JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference - to pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete - JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap - endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability - to discover kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is - running Uses the same namespace where Operator is - running if not configured - type: string - secretRef: - description: SecretRef defines the name of the secret - reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side - TLS setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: MDSTokenKeyPair load either through secretRef or - directory path - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - endpoint - - kafka - - tokenKeyPair - type: object - zookeeper: - description: KafkaZookeeperDependencies - properties: - authentication: - description: KafkaClientAuthentication defines the authentication - structure for all dependent CP Component for Kafka Cluster. - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - discovery: - description: Discovery discover structure used by Confluent - platform (CP) - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - endpoint: - description: Endpoint defines the endpoint for service is format - endpoint:port - minLength: 1 - pattern: .+:[0-9]+ - type: string - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - type: object - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - listeners: - description: Listeners defines listeners configurations - properties: - custom: - items: - description: KafkaCustomListener ... - properties: - authentication: - description: KafkaZkAuthentication defines authentication - structure for Kafka/ZK cluster. - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to - pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - principalMappingRules: - items: - type: string - type: array - type: - description: Type defines supported kafka authentication - types - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - externalAccess: - description: KafkaExternalAccess allows to configure external - access for Kafka cluster - properties: - ingress: - description: Ingress allows to create a ingress service - Not implemented yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations - for the kubernetes service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the - user wishes to exist. - properties: - backend: - description: A default backend capable of servicing - requests that don't match any rule. At least - one of 'backend' or 'rules' must be specified. - This field is optional to allow the loadbalancer - controller or defaulting logic to specify a - global default. - properties: - resource: - description: Resource is an ObjectRef to another - Kubernetes resource in the namespace of - the Ingress object. If resource is specified, - serviceName and servicePort must not be - specified. - properties: - apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the - IngressClass cluster resource. The associated - IngressClass defines which controller will implement - the resource. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when - that annotation is set, it must be given precedence - over this field. The controller may emit a warning - if the field and annotation have different values. - Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource - may be marked as default, which can be used - to set a default value for this field. For more - information, refer to the IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure - the Ingress. If unspecified, or no rule matches, - all traffic is sent to the default backend. - items: - description: IngressRule represents the rules - mapping the paths under a specified host to - the related backend services. Incoming requests - are first evaluated for a host match, then - routed to the backend associated with the - matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified - domain name of a network host, as defined - by RFC 3986. Note the following deviations - from the \"host\" part of the URI as defined - in RFC 3986: 1. IPs are not allowed. Currently - an IngressRuleValue can only apply to - \ the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected - because ports are not allowed. \t Currently - the port of an Ingress is implicitly :80 - for http and \t :443 for https. Both - these may change in the future. Incoming - requests are matched against the host - before the IngressRuleValue. If the host - is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a - domain name without the terminating dot - of a network host (e.g. \"foo.bar.com\") - or \"wildcard\", which is a domain name - prefixed with a single wildcard label - (e.g. \"*.foo.com\"). The wildcard character - '*' must appear by itself as the first - DNS label and matches only a single label. - You cannot have a wildcard label by itself - (e.g. Host == \"*\"). Requests will be - matched against the Host field in the - following way: 1. If Host is precise, - the request matches this rule if the http - host header is equal to Host. 2. If Host - is a wildcard, then the request matches - this rule if the http host header is to - equal to the suffix (removing the first - label) of the wildcard rule." - type: string - http: - description: 'HTTPIngressRuleValue is a - list of http selectors pointing to backends. - In the example: http:///? - -> backend where where parts of the url - correspond to RFC 3986, this resource - will be used to match against everything - after the last ''/'' and before the first - ''?'' or ''#''.' - properties: - paths: - description: A collection of paths that - map requests to backends. - items: - description: HTTPIngressPath associates - a path with a backend. Incoming - urls matching the path are forwarded - to the backend. - properties: - backend: - description: Backend defines the - referenced service endpoint - to which the traffic will be - forwarded to. - properties: - resource: - description: Resource is an - ObjectRef to another Kubernetes - resource in the namespace - of the Ingress object. If - resource is specified, serviceName - and servicePort must not - be specified. - properties: - apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the - name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the - port of the referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against - the path of an incoming request. - Currently it can contain characters - disallowed from the conventional - "path" part of a URL as defined - by RFC 3986. Paths must begin - with a '/'. When unspecified, - all paths from incoming requests - are matched. - type: string - pathType: - description: 'PathType determines - the interpretation of the Path - matching. PathType can be one - of the following values: * Exact: - Matches the URL path exactly. - * Prefix: Matches based on a - URL path prefix split by ''/''. - Matching is done on a path - element by element basis. A - path element refers is the list - of labels in the path split - by the ''/'' separator. A request - is a match for path p if every - p is an element-wise prefix - of p of the request path. - Note that if the last element - of the path is a substring of - the last element in request - path, it is not a match (e.g. - /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). - * ImplementationSpecific: Interpretation - of the Path matching is up to the - IngressClass. Implementations - can treat this as a separate - PathType or treat it identically - to Prefix or Exact path types. - Implementations are required - to support all path types. Defaults - to ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the - Ingress only supports a single TLS port, 443. - If multiple members of this list specify different - hosts, they will be multiplexed on the same - port according to the hostname specified through - the SNI TLS extension, if the ingress controller - fulfilling the ingress supports SNI. - items: - description: IngressTLS describes the transport - layer security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included - in the TLS certificate. The values in - this list must match the name/s used in - the tlsSecret. Defaults to the wildcard - host setting for the loadbalancer controller - fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the - secret used to terminate TLS traffic on - port 443. Field is left optional to allow - TLS routing based on SNI hostname alone. - If the SNI host in a listener conflicts - with the "Host" header field used by an - IngressRule, the SNI host is used for - termination and value of the Host header - is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes - load balancer service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations - for the kubernetes service type load balancer - type: object - bootstrapPrefix: - description: BootstrapPrefix defines the prefix for - bootstrap advertised endpoint and will be added - as bootstrapPrefix.domain If not configured it will - be the cluster name of CR - minLength: 1 - type: string - brokerPrefix: - description: 'BrokerPrefix defines the prefix for - broker advertised endpoint and will be added as - brokerPrefix.domain If not configured, it will add - b as a prefix, like b#.domain where # will start - from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring - source range - items: - type: string - type: array - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on - service's port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed - names such as mycompany.com/my-custom-protocol. - Field can be enabled with ServiceAppProtocol - feature gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which - this service is exposed when type=NodePort - or LoadBalancer. Usually assigned by the system. - If specified, it will be allocated to the - service if unused or else creation of the - service will fail. Default is to auto-allocate - a port if the ServiceType of this Service - requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. - Supports "TCP", "UDP", and "SCTP". Default - is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to - access on the pods targeted by the service. - Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. If this is a string, - it will be looked up as a named port in the - target Pod''s container ports. If this is - not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should - be omitted or set equal to the ''port'' field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node - port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations - for the kubernetes service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port - offset to be used and will go in the increasing - order with respect to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on - service's port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed - names such as mycompany.com/my-custom-protocol. - Field can be enabled with ServiceAppProtocol - feature gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which - this service is exposed when type=NodePort - or LoadBalancer. Usually assigned by the system. - If specified, it will be allocated to the - service if unused or else creation of the - service will fail. Default is to auto-allocate - a port if the ServiceType of this Service - requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. - Supports "TCP", "UDP", and "SCTP". Default - is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to - access on the pods targeted by the service. - Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. If this is a string, - it will be looked up as a named port in the - target Pod''s container ports. If this is - not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should - be omitted or set equal to the ''port'' field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for - OpenShift Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations - for the OpenShift service type route - type: object - bootstrapPrefix: - description: BootstrapPrefix defines the prefix for - bootstrap advertised endpoint and will be added - as bootstrapPrefix.domain If not configured it will - be the cluster name of CR - minLength: 1 - type: string - brokerPrefix: - description: 'BrokerPrefix defines the prefix for - broker advertised endpoint and will be added as - brokerPrefix.domain If not configured, it will add - b as a prefix, like b#.domain where # will start - from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. - It defaults to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - staticForHostBasedRouting: - description: StaticForHostBasedRouting allows to integrate - with external ingress controllers by doing host based - routing through SNI capability. With this schema, operator - configures kafka advertised listeners only and no kubernetes - external service will be created. - properties: - brokerPrefix: - description: 'BrokerPrefix defines the prefix for - broker advertised endpoint and will be added as - brokerPrefix.domain If not configured, it will add - b as a prefix, like b#.domain where # will start - from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - port: - description: Port defines the port to be used in the - advertised listener for a broker - format: int32 - type: integer - required: - - domain - - port - type: object - staticForPortBasedRouting: - description: StaticForPortBasedRouting allows to enable - external access by port routing With this schema, operator - configures kafka advertised listeners only and no kubernetes - external service will be created. - properties: - host: - description: Host defines the host name to be used - in the advertised listener for a broker - minLength: 1 - type: string - portOffset: - description: PortOffset defines the portOffset to - be used and will go in the increasing order with - respect to the replicas count - format: int32 - type: integer - required: - - host - - portOffset - type: object - type: - description: Type defines supported kubernetes external - services - enum: - - loadBalancer - - nodePort - - route - - staticForPortBasedRouting - - staticForHostBasedRouting - type: string - required: - - type - type: object - name: - description: Name defines the name of the custom listener - internal/external/token can't be used as they are reserved - by the Operator - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: Port will bind given port to the custom listener. - Port < 9093 is reserved by the Operator - format: int32 - minimum: 9093 - type: integer - tls: - description: ClientTLSConfig defines TLS configuration for - CP component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - required: - - name - - port - type: object - type: array - external: - description: KafkaExternalAccessListener is the kafka specific external - listener - properties: - authentication: - description: KafkaZkAuthentication defines authentication structure - for Kafka/ZK cluster. - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - principalMappingRules: - items: - type: string - type: array - type: - description: Type defines supported kafka authentication - types - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - externalAccess: - description: KafkaExternalAccess allows to configure external - access for Kafka cluster - properties: - ingress: - description: Ingress allows to create a ingress service - Not implemented yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user - wishes to exist. - properties: - backend: - description: A default backend capable of servicing - requests that don't match any rule. At least one - of 'backend' or 'rules' must be specified. This - field is optional to allow the loadbalancer controller - or defaulting logic to specify a global default. - properties: - resource: - description: Resource is an ObjectRef to another - Kubernetes resource in the namespace of the - Ingress object. If resource is specified, - serviceName and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the - resource being referenced. If APIGroup - is not specified, the specified Kind must - be in the core API group. For any other - third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the - IngressClass cluster resource. The associated - IngressClass defines which controller will implement - the resource. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when - that annotation is set, it must be given precedence - over this field. The controller may emit a warning - if the field and annotation have different values. - Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource - may be marked as default, which can be used to - set a default value for this field. For more information, - refer to the IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure - the Ingress. If unspecified, or no rule matches, - all traffic is sent to the default backend. - items: - description: IngressRule represents the rules - mapping the paths under a specified host to - the related backend services. Incoming requests - are first evaluated for a host match, then routed - to the backend associated with the matching - IngressRuleValue. - properties: - host: - description: "Host is the fully qualified - domain name of a network host, as defined - by RFC 3986. Note the following deviations - from the \"host\" part of the URI as defined - in RFC 3986: 1. IPs are not allowed. Currently - an IngressRuleValue can only apply to the - IP in the Spec of the parent Ingress. 2. - The `:` delimiter is not respected because - ports are not allowed. \t Currently the - port of an Ingress is implicitly :80 for - http and \t :443 for https. Both these - may change in the future. Incoming requests - are matched against the host before the - IngressRuleValue. If the host is unspecified, - the Ingress routes all traffic based on - the specified IngressRuleValue. \n Host - can be \"precise\" which is a domain name - without the terminating dot of a network - host (e.g. \"foo.bar.com\") or \"wildcard\", - which is a domain name prefixed with a single - wildcard label (e.g. \"*.foo.com\"). The - wildcard character '*' must appear by itself - as the first DNS label and matches only - a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests - will be matched against the Host field in - the following way: 1. If Host is precise, - the request matches this rule if the http - host header is equal to Host. 2. If Host - is a wildcard, then the request matches - this rule if the http host header is to - equal to the suffix (removing the first - label) of the wildcard rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list - of http selectors pointing to backends. - In the example: http:///? - -> backend where where parts of the url - correspond to RFC 3986, this resource will - be used to match against everything after - the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that - map requests to backends. - items: - description: HTTPIngressPath associates - a path with a backend. Incoming urls - matching the path are forwarded to - the backend. - properties: - backend: - description: Backend defines the - referenced service endpoint to - which the traffic will be forwarded - to. - properties: - resource: - description: Resource is an - ObjectRef to another Kubernetes - resource in the namespace - of the Ingress object. If - resource is specified, serviceName - and servicePort must not be - specified. - properties: - apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name - of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port - of the referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against - the path of an incoming request. - Currently it can contain characters - disallowed from the conventional - "path" part of a URL as defined - by RFC 3986. Paths must begin - with a '/'. When unspecified, - all paths from incoming requests - are matched. - type: string - pathType: - description: 'PathType determines - the interpretation of the Path - matching. PathType can be one - of the following values: * Exact: - Matches the URL path exactly. - * Prefix: Matches based on a URL - path prefix split by ''/''. Matching - is done on a path element by - element basis. A path element - refers is the list of labels - in the path split by the ''/'' - separator. A request is a match - for path p if every p is an element-wise - prefix of p of the request path. - Note that if the last element - of the path is a substring of - the last element in request path, - it is not a match (e.g. /foo/bar matches - /foo/bar/baz, but does not match - /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching - is up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix - or Exact path types. Implementations - are required to support all path - types. Defaults to ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress - only supports a single TLS port, 443. If multiple - members of this list specify different hosts, - they will be multiplexed on the same port according - to the hostname specified through the SNI TLS - extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport - layer security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included - in the TLS certificate. The values in this - list must match the name/s used in the tlsSecret. - Defaults to the wildcard host setting for - the loadbalancer controller fulfilling this - Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the - secret used to terminate TLS traffic on - port 443. Field is left optional to allow - TLS routing based on SNI hostname alone. - If the SNI host in a listener conflicts - with the "Host" header field used by an - IngressRule, the SNI host is used for termination - and value of the Host header is used for - routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes - load balancer service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type load balancer - type: object - bootstrapPrefix: - description: BootstrapPrefix defines the prefix for - bootstrap advertised endpoint and will be added as - bootstrapPrefix.domain If not configured it will be - the cluster name of CR - minLength: 1 - type: string - brokerPrefix: - description: 'BrokerPrefix defines the prefix for broker - advertised endpoint and will be added as brokerPrefix.domain - If not configured, it will add b as a prefix, like - b#.domain where # will start from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring - source range - items: - type: string - type: array - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node - port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port - offset to be used and will go in the increasing order - with respect to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for - OpenShift Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the OpenShift service type route - type: object - bootstrapPrefix: - description: BootstrapPrefix defines the prefix for - bootstrap advertised endpoint and will be added as - bootstrapPrefix.domain If not configured it will be - the cluster name of CR - minLength: 1 - type: string - brokerPrefix: - description: 'BrokerPrefix defines the prefix for broker - advertised endpoint and will be added as brokerPrefix.domain - If not configured, it will add b as a prefix, like - b#.domain where # will start from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. - It defaults to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - staticForHostBasedRouting: - description: StaticForHostBasedRouting allows to integrate - with external ingress controllers by doing host based - routing through SNI capability. With this schema, operator - configures kafka advertised listeners only and no kubernetes - external service will be created. - properties: - brokerPrefix: - description: 'BrokerPrefix defines the prefix for broker - advertised endpoint and will be added as brokerPrefix.domain - If not configured, it will add b as a prefix, like - b#.domain where # will start from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - port: - description: Port defines the port to be used in the - advertised listener for a broker - format: int32 - type: integer - required: - - domain - - port - type: object - staticForPortBasedRouting: - description: StaticForPortBasedRouting allows to enable - external access by port routing With this schema, operator - configures kafka advertised listeners only and no kubernetes - external service will be created. - properties: - host: - description: Host defines the host name to be used in - the advertised listener for a broker - minLength: 1 - type: string - portOffset: - description: PortOffset defines the portOffset to be - used and will go in the increasing order with respect - to the replicas count - format: int32 - type: integer - required: - - host - - portOffset - type: object - type: - description: Type defines supported kubernetes external - services - enum: - - loadBalancer - - nodePort - - route - - staticForPortBasedRouting - - staticForHostBasedRouting - type: string - required: - - type - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - internal: - description: Listener is the base fields for component listener - configuration - properties: - authentication: - description: KafkaZkAuthentication defines authentication structure - for Kafka/ZK cluster. - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - principalMappingRules: - items: - type: string - type: array - type: - description: Type defines supported kafka authentication - types - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - type: object - metricReporter: - description: MetricsReporter defines the metric reporter configuration - which will be enabled by default, and piggyback internal listener's - authentication and TLS if it is not set - properties: - authentication: - description: KafkaClientAuthentication defines the authentication - structure for all dependent CP Component for Kafka Cluster. - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - type: string - enabled: - type: boolean - replicationFactor: - format: int32 - type: integer - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - required: - - enabled - type: object - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - rackAssignment: - description: RackAssignment defines the rack awareness capability for - kafka - properties: - availabilityZoneCount: - description: AvailabilityZoneCount if configured will configure - broker.rack with formula (pod_id % azCount) this is mainly for - backwards compatibility with Operator 1.0 - format: int32 - type: integer - nodeLabels: - description: NodeLabels if configured uses the kubernetes node APIs - to to retrieve the value to be used in the broker.rack. This feature - requires Confluent Operaotr to run in cluster-level access - items: - type: string - minItems: 1 - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - services: - description: KafkaServices defines services supported part of kafka - properties: - kafkaRest: - description: RestApiServer embedded rest api server - properties: - externalAccess: - description: CPExternalAccess holds all external access policies - for non-kafka components - properties: - ingress: - description: Ingress allows to create a ingress service - Not implemented yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user - wishes to exist. - properties: - backend: - description: A default backend capable of servicing - requests that don't match any rule. At least one - of 'backend' or 'rules' must be specified. This - field is optional to allow the loadbalancer controller - or defaulting logic to specify a global default. - properties: - resource: - description: Resource is an ObjectRef to another - Kubernetes resource in the namespace of the - Ingress object. If resource is specified, - serviceName and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the - resource being referenced. If APIGroup - is not specified, the specified Kind must - be in the core API group. For any other - third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the - IngressClass cluster resource. The associated - IngressClass defines which controller will implement - the resource. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when - that annotation is set, it must be given precedence - over this field. The controller may emit a warning - if the field and annotation have different values. - Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource - may be marked as default, which can be used to - set a default value for this field. For more information, - refer to the IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure - the Ingress. If unspecified, or no rule matches, - all traffic is sent to the default backend. - items: - description: IngressRule represents the rules - mapping the paths under a specified host to - the related backend services. Incoming requests - are first evaluated for a host match, then routed - to the backend associated with the matching - IngressRuleValue. - properties: - host: - description: "Host is the fully qualified - domain name of a network host, as defined - by RFC 3986. Note the following deviations - from the \"host\" part of the URI as defined - in RFC 3986: 1. IPs are not allowed. Currently - an IngressRuleValue can only apply to the - IP in the Spec of the parent Ingress. 2. - The `:` delimiter is not respected because - ports are not allowed. \t Currently the - port of an Ingress is implicitly :80 for - http and \t :443 for https. Both these - may change in the future. Incoming requests - are matched against the host before the - IngressRuleValue. If the host is unspecified, - the Ingress routes all traffic based on - the specified IngressRuleValue. \n Host - can be \"precise\" which is a domain name - without the terminating dot of a network - host (e.g. \"foo.bar.com\") or \"wildcard\", - which is a domain name prefixed with a single - wildcard label (e.g. \"*.foo.com\"). The - wildcard character '*' must appear by itself - as the first DNS label and matches only - a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests - will be matched against the Host field in - the following way: 1. If Host is precise, - the request matches this rule if the http - host header is equal to Host. 2. If Host - is a wildcard, then the request matches - this rule if the http host header is to - equal to the suffix (removing the first - label) of the wildcard rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list - of http selectors pointing to backends. - In the example: http:///? - -> backend where where parts of the url - correspond to RFC 3986, this resource will - be used to match against everything after - the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that - map requests to backends. - items: - description: HTTPIngressPath associates - a path with a backend. Incoming urls - matching the path are forwarded to - the backend. - properties: - backend: - description: Backend defines the - referenced service endpoint to - which the traffic will be forwarded - to. - properties: - resource: - description: Resource is an - ObjectRef to another Kubernetes - resource in the namespace - of the Ingress object. If - resource is specified, serviceName - and servicePort must not be - specified. - properties: - apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name - of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port - of the referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against - the path of an incoming request. - Currently it can contain characters - disallowed from the conventional - "path" part of a URL as defined - by RFC 3986. Paths must begin - with a '/'. When unspecified, - all paths from incoming requests - are matched. - type: string - pathType: - description: 'PathType determines - the interpretation of the Path - matching. PathType can be one - of the following values: * Exact: - Matches the URL path exactly. - * Prefix: Matches based on a URL - path prefix split by ''/''. Matching - is done on a path element by - element basis. A path element - refers is the list of labels - in the path split by the ''/'' - separator. A request is a match - for path p if every p is an element-wise - prefix of p of the request path. - Note that if the last element - of the path is a substring of - the last element in request path, - it is not a match (e.g. /foo/bar matches - /foo/bar/baz, but does not match - /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching - is up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix - or Exact path types. Implementations - are required to support all path - types. Defaults to ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress - only supports a single TLS port, 443. If multiple - members of this list specify different hosts, - they will be multiplexed on the same port according - to the hostname specified through the SNI TLS - extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport - layer security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included - in the TLS certificate. The values in this - list must match the name/s used in the tlsSecret. - Defaults to the wildcard host setting for - the loadbalancer controller fulfilling this - Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the - secret used to terminate TLS traffic on - port 443. Field is left optional to allow - TLS routing based on SNI hostname alone. - If the SNI host in a listener conflicts - with the "Host" header field used by an - IngressRule, the SNI host is used for termination - and value of the Host header is used for - routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes - load balancer service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type load balancer - type: object - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring - source range - items: - type: string - type: array - port: - description: Port allows to configure external port - for client consumption If not configured, same internal/external - port will be configured per component Information - about the port can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured - for the given domain If prefix is not configured, - the name of the cluster will be used as a default - value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node - port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port - offset to be used and will go in the increasing order - with respect to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for - OpenShift Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the OpenShift service type route - type: object - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured - for the given domain If prefix is not configured, - the name of the cluster will be used as a default - value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. - It defaults to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external - services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mds: - description: MetaDataServer - properties: - authentication: - description: MDSAuthentication supported MDS server configuration - properties: - type: - enum: - - bearer - type: string - required: - - type - type: object - externalAccess: - description: CPExternalAccess holds all external access policies - for non-kafka components - properties: - ingress: - description: Ingress allows to create a ingress service - Not implemented yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user - wishes to exist. - properties: - backend: - description: A default backend capable of servicing - requests that don't match any rule. At least one - of 'backend' or 'rules' must be specified. This - field is optional to allow the loadbalancer controller - or defaulting logic to specify a global default. - properties: - resource: - description: Resource is an ObjectRef to another - Kubernetes resource in the namespace of the - Ingress object. If resource is specified, - serviceName and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the - resource being referenced. If APIGroup - is not specified, the specified Kind must - be in the core API group. For any other - third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the - IngressClass cluster resource. The associated - IngressClass defines which controller will implement - the resource. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when - that annotation is set, it must be given precedence - over this field. The controller may emit a warning - if the field and annotation have different values. - Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource - may be marked as default, which can be used to - set a default value for this field. For more information, - refer to the IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure - the Ingress. If unspecified, or no rule matches, - all traffic is sent to the default backend. - items: - description: IngressRule represents the rules - mapping the paths under a specified host to - the related backend services. Incoming requests - are first evaluated for a host match, then routed - to the backend associated with the matching - IngressRuleValue. - properties: - host: - description: "Host is the fully qualified - domain name of a network host, as defined - by RFC 3986. Note the following deviations - from the \"host\" part of the URI as defined - in RFC 3986: 1. IPs are not allowed. Currently - an IngressRuleValue can only apply to the - IP in the Spec of the parent Ingress. 2. - The `:` delimiter is not respected because - ports are not allowed. \t Currently the - port of an Ingress is implicitly :80 for - http and \t :443 for https. Both these - may change in the future. Incoming requests - are matched against the host before the - IngressRuleValue. If the host is unspecified, - the Ingress routes all traffic based on - the specified IngressRuleValue. \n Host - can be \"precise\" which is a domain name - without the terminating dot of a network - host (e.g. \"foo.bar.com\") or \"wildcard\", - which is a domain name prefixed with a single - wildcard label (e.g. \"*.foo.com\"). The - wildcard character '*' must appear by itself - as the first DNS label and matches only - a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests - will be matched against the Host field in - the following way: 1. If Host is precise, - the request matches this rule if the http - host header is equal to Host. 2. If Host - is a wildcard, then the request matches - this rule if the http host header is to - equal to the suffix (removing the first - label) of the wildcard rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list - of http selectors pointing to backends. - In the example: http:///? - -> backend where where parts of the url - correspond to RFC 3986, this resource will - be used to match against everything after - the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that - map requests to backends. - items: - description: HTTPIngressPath associates - a path with a backend. Incoming urls - matching the path are forwarded to - the backend. - properties: - backend: - description: Backend defines the - referenced service endpoint to - which the traffic will be forwarded - to. - properties: - resource: - description: Resource is an - ObjectRef to another Kubernetes - resource in the namespace - of the Ingress object. If - resource is specified, serviceName - and servicePort must not be - specified. - properties: - apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name - of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port - of the referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against - the path of an incoming request. - Currently it can contain characters - disallowed from the conventional - "path" part of a URL as defined - by RFC 3986. Paths must begin - with a '/'. When unspecified, - all paths from incoming requests - are matched. - type: string - pathType: - description: 'PathType determines - the interpretation of the Path - matching. PathType can be one - of the following values: * Exact: - Matches the URL path exactly. - * Prefix: Matches based on a URL - path prefix split by ''/''. Matching - is done on a path element by - element basis. A path element - refers is the list of labels - in the path split by the ''/'' - separator. A request is a match - for path p if every p is an element-wise - prefix of p of the request path. - Note that if the last element - of the path is a substring of - the last element in request path, - it is not a match (e.g. /foo/bar matches - /foo/bar/baz, but does not match - /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching - is up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix - or Exact path types. Implementations - are required to support all path - types. Defaults to ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress - only supports a single TLS port, 443. If multiple - members of this list specify different hosts, - they will be multiplexed on the same port according - to the hostname specified through the SNI TLS - extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport - layer security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included - in the TLS certificate. The values in this - list must match the name/s used in the tlsSecret. - Defaults to the wildcard host setting for - the loadbalancer controller fulfilling this - Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the - secret used to terminate TLS traffic on - port 443. Field is left optional to allow - TLS routing based on SNI hostname alone. - If the SNI host in a listener conflicts - with the "Host" header field used by an - IngressRule, the SNI host is used for termination - and value of the Host header is used for - routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes - load balancer service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type load balancer - type: object - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring - source range - items: - type: string - type: array - port: - description: Port allows to configure external port - for client consumption If not configured, same internal/external - port will be configured per component Information - about the port can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured - for the given domain If prefix is not configured, - the name of the cluster will be used as a default - value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node - port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port - offset to be used and will go in the increasing order - with respect to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for - OpenShift Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the OpenShift service type route - type: object - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured - for the given domain If prefix is not configured, - the name of the cluster will be used as a default - value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. - It defaults to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external - services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - provider: - properties: - ldap: - description: LdapService LDAP configuration for RBAC - properties: - address: - type: string - authentication: - description: LdapAuthentication supported ldap configuration - for RBAC - properties: - simple: - description: LdapSimpleAuthentication load credential - either for secret or directory path in container - for RBAC - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - simple - - mtls - type: string - required: - - type - type: object - configurations: - description: LdapSettings ldap configurations for CP - RBAC. Anything missing can be passed through configOverride - capability - properties: - groupMemberAttribute: - minLength: 1 - type: string - groupMemberAttributePattern: - minLength: 1 - type: string - groupNameAttribute: - minLength: 1 - type: string - groupObjectClass: - minLength: 1 - type: string - groupSearchBase: - minLength: 1 - type: string - groupSearchFilter: - minLength: 1 - type: string - groupSearchScope: - format: int32 - type: integer - userMemberOfAttributePattern: - minLength: 1 - type: string - userNameAttribute: - minLength: 1 - type: string - userObjectClass: - minLength: 1 - type: string - userSearchBase: - minLength: 1 - type: string - userSearchFilter: - minLength: 1 - type: string - userSearchScope: - format: int32 - type: integer - type: object - tls: - description: ClientTLSConfig defines TLS configuration - for CP component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the - directory path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration - for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure - ignores the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name - referenced for jks password - properties: - secretRef: - description: SecretRef defines the secret name - referenced for jks password More information - about jks password key/value format can be - found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - required: - - address - - authentication - - configurations - type: object - type: - enum: - - ldap - type: string - required: - - ldap - - type - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: MDSTokenKeyPair load either through secretRef or - directory path - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - provider - - tokenKeyPair - type: object - type: object - storageClass: - description: StorageClass defines the user provided storage class. If - not configured, it will use default storage class. - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - telemetry: - description: ConfluentTelemetry defines the confluent telemetry reporter - configuration - properties: - global: - description: Global will allow disabling telemetry configuration. - If Operator is deployed with telemetry, this field is only is - used to disabled. By default the value is true if telemetry is - enabled in global level. - type: boolean - type: object - tls: - description: TLS defines the global level TLS configuration which can - be used by listeners and services if they all want to share same certificate. - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - dataVolumeCapacity - - image - - replicas - type: object - status: - description: KafkaStatus defines the observed state of KafkaServer - properties: - authorizationType: - type: string - brokerIdOffset: - format: int32 - type: integer - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - externalClient: - type: string - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - listeners: - additionalProperties: - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - client: - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to - connect to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to - connect to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - type: object - minISR: - format: int32 - type: integer - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - replicationFactor: - format: int32 - type: integer - services: - additionalProperties: - description: ListenerStatus describes general information about a - listeners - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to - connect to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to - connect to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - type: object - zookeeperConnect: - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/shared/crds/platform.confluent.io_kafkatopics.yaml b/kustomize/shared/crds/platform.confluent.io_kafkatopics.yaml deleted file mode 100644 index e6afabd..0000000 --- a/kustomize/shared/crds/platform.confluent.io_kafkatopics.yaml +++ /dev/null @@ -1,287 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: kafkatopics.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.partitionCount - name: Partition - type: string - - JSONPath: .status.state - name: Status - type: string - - JSONPath: .status.kafkaClusterId - name: ClusterId - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: KafkaTopic - listKind: KafkaTopicList - plural: kafkatopics - shortNames: - - kt - - topic - singular: kafkatopic - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: KafkaTopic is the Schema for the kafkatopics API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaTopicSpec defines the desired state of KafkaTopic - properties: - configs: - additionalProperties: - type: string - description: Configs allows passing configs for topic More information - about topic configs is available here https://docs.confluent.io/current/installation/configuration/topic-configs.html - type: object - kafkaClusterRef: - description: KafkaClusterRef defines the name of the kafka cluster - properties: - name: - description: Name defines name of the Kafka cluster - minLength: 1 - type: string - namespace: - description: Namespace defines namespace where kafka cluster is - running - minLength: 1 - type: string - required: - - name - type: object - kafkaRest: - description: KafkaRestRef defines the Kafka Rest API configuration - properties: - authentication: - description: Authentication defines authentication of Kafka Rest - API - properties: - basic: - description: BasicAuthentication defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic - credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on - the server side only. Changes will be only reflected in - ControlCenter (C3). This configuration is ignored on the - client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on - the server side only. This configuration is ignored on - the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - bearer: - description: BearerAuthentication used by MDS clients - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - basic - - bearer - type: string - required: - - type - type: object - endpoint: - description: Endpoint defines where confluent Kafka Rest API is - running - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: TLSDependencyConfig defines the client side tls configuration - to connect to Kafka Rest API - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - name: - description: Name defines the topic name. If not configured uses the - CR name as topic name. - maxLength: 255 - minLength: 1 - pattern: ^[a-zA-Z0-9\._\-]*$ - type: string - partitionCount: - description: PartitionCount defines the partition count - format: int32 - minimum: 1 - type: integer - replicas: - description: Replicas defines the replication factor for a topic - format: int32 - minimum: 1 - type: integer - type: object - status: - description: KafkaTopicStatus defines the observed state of KafkaTopic - properties: - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - kafkaClusterId: - type: string - kafkaRestEndpoint: - type: string - partitionCount: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/shared/crds/platform.confluent.io_ksqldbs.yaml b/kustomize/shared/crds/platform.confluent.io_ksqldbs.yaml deleted file mode 100644 index 5f99859..0000000 --- a/kustomize/shared/crds/platform.confluent.io_ksqldbs.yaml +++ /dev/null @@ -1,2719 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: ksqldbs.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.kafka.bootstrapEndpoint - name: Kafka - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: KsqlDB - listKind: KsqlDBList - plural: ksqldbs - shortNames: - - ksqldb - - ksql - singular: ksqldb - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: KsqlDB is the Schema for the ksql API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaSpec defines the desired state of CP component, Kafka - Server - properties: - authentication: - description: Authentication specifies whether auth is needed when accessing - the ksqlDB rest server. - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic credential - through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on the - server side only. Changes will be only reflected in ControlCenter - (C3). This configuration is ignored on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on the - server side only. This configuration is ignored on the client - side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme for Rest - Server - enum: - - basic - - mtls - type: string - required: - - type - type: object - authorization: - description: Authorization configuration defines RBAC configuration - properties: - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - type: - enum: - - rbac - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - dataVolumeCapacity: - anyOf: - - type: integer - - type: string - description: Data volume - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - dependencies: - description: Dependencies defines dependencies Kafka, interceptor, schemaregistry, - mds dependencies - properties: - interceptor: - description: InterceptorDependency defines interceptor settings - for CP component - properties: - configs: - description: Configs defines configs for the CP interceptor - Config override feature can be used to pass config - items: - type: string - type: array - consumer: - description: Consumer defines the consumer configuration for - interceptor. If not configured it will use the kafka dependency - configuration - properties: - authentication: - description: Authentication defines the authentication for - the kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's - JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference - to pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete - JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap - endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability - to discover kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is - running Uses the same namespace where Operator is - running if not configured - type: string - secretRef: - description: SecretRef defines the name of the secret - reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side - TLS setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - enabled: - description: Enabled defines to enable the CP interceptor configuration - type: boolean - producer: - description: Producer defines the producer configuration for - interceptor. If not configured it will use the kafka dependency - configuration - properties: - authentication: - description: Authentication defines the authentication for - the kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's - JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference - to pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete - JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap - endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability - to discover kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is - running Uses the same namespace where Operator is - running if not configured - type: string - secretRef: - description: SecretRef defines the name of the secret - reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side - TLS setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - publishMs: - type: integer - required: - - enabled - type: object - kafka: - description: KafkaClientDependency allows configuring CP component - dependency to configure kafka settings - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mds: - description: MDSDependencies defines MDS configure when CP RBAC - is enabled - properties: - authentication: - description: Authentication defines MDS authentication configuration - properties: - bearer: - description: BearerAuthentication defines bearer authentication - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines the authentication type support - for MDS - enum: - - bearer - type: string - required: - - bearer - - type - type: object - endpoint: - description: Endpoint defines the mds endpoint - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: TokenKeyPair defines the token keypair to configure - MDS - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - authentication - - endpoint - - tokenKeyPair - type: object - schemaRegistry: - description: SchemaRegistryClientDependency allows configuring CP - component dependency to configure schemaRegistry settings - properties: - authentication: - description: Authentication defines the authentication for the - schemaregistry cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass - basic credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles - on the server side only. Changes will be only reflected - in ControlCenter (C3). This configuration is ignored - on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration is ignored - on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme - for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for schemaregistry cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - url - type: object - type: object - externalAccess: - description: Provides configuring endpoints and services to make ksqlDB - accessible from outside the cluster - properties: - ingress: - description: Ingress allows to create a ingress service Not implemented - yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user wishes - to exist. - properties: - backend: - description: A default backend capable of servicing requests - that don't match any rule. At least one of 'backend' or - 'rules' must be specified. This field is optional to allow - the loadbalancer controller or defaulting logic to specify - a global default. - properties: - resource: - description: Resource is an ObjectRef to another Kubernetes - resource in the namespace of the Ingress object. If - resource is specified, serviceName and servicePort - must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the IngressClass - cluster resource. The associated IngressClass defines - which controller will implement the resource. This replaces - the deprecated `kubernetes.io/ingress.class` annotation. - For backwards compatibility, when that annotation is set, - it must be given precedence over this field. The controller - may emit a warning if the field and annotation have different - values. Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource may - be marked as default, which can be used to set a default - value for this field. For more information, refer to the - IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure the - Ingress. If unspecified, or no rule matches, all traffic - is sent to the default backend. - items: - description: IngressRule represents the rules mapping - the paths under a specified host to the related backend - services. Incoming requests are first evaluated for - a host match, then routed to the backend associated - with the matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified domain name - of a network host, as defined by RFC 3986. Note - the following deviations from the \"host\" part - of the URI as defined in RFC 3986: 1. IPs are not - allowed. Currently an IngressRuleValue can only - apply to the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected because ports - are not allowed. \t Currently the port of an Ingress - is implicitly :80 for http and \t :443 for https. - Both these may change in the future. Incoming requests - are matched against the host before the IngressRuleValue. - If the host is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a domain name - without the terminating dot of a network host (e.g. - \"foo.bar.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. - \"*.foo.com\"). The wildcard character '*' must - appear by itself as the first DNS label and matches - only a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests will - be matched against the Host field in the following - way: 1. If Host is precise, the request matches - this rule if the http host header is equal to Host. - 2. If Host is a wildcard, then the request matches - this rule if the http host header is to equal to - the suffix (removing the first label) of the wildcard - rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list of http - selectors pointing to backends. In the example: - http:///? -> backend where - where parts of the url correspond to RFC 3986, this - resource will be used to match against everything - after the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that map requests - to backends. - items: - description: HTTPIngressPath associates a path - with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: Backend defines the referenced - service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: Resource is an ObjectRef - to another Kubernetes resource in - the namespace of the Ingress object. - If resource is specified, serviceName - and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the - referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the - referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against the - path of an incoming request. Currently - it can contain characters disallowed from - the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin - with a '/'. When unspecified, all paths - from incoming requests are matched. - type: string - pathType: - description: 'PathType determines the interpretation - of the Path matching. PathType can be - one of the following values: * Exact: - Matches the URL path exactly. * Prefix: - Matches based on a URL path prefix split - by ''/''. Matching is done on a path - element by element basis. A path element - refers is the list of labels in the - path split by the ''/'' separator. A request - is a match for path p if every p is - an element-wise prefix of p of the request - path. Note that if the last element of - the path is a substring of the last - element in request path, it is not a match - (e.g. /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching is - up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix or Exact - path types. Implementations are required - to support all path types. Defaults to - ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress only - supports a single TLS port, 443. If multiple members of - this list specify different hosts, they will be multiplexed - on the same port according to the hostname specified through - the SNI TLS extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts - with the "Host" header field used by an IngressRule, - the SNI host is used for termination and value of - the Host header is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes load balancer - service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type load balancer - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring source - range - items: - type: string - type: array - port: - description: Port allows to configure external port for client - consumption If not configured, same internal/external port - will be configured per component Information about the port - can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port offset - to be used and will go in the increasing order with respect - to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for OpenShift - Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the OpenShift - service type route - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. It defaults - to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - internalTopicReplicationFactor: - description: Replication factor for internal topics - format: int32 - type: integer - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - storageClass: - description: Storage class used for creating pvc's of created ksqlDB - pods - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - telemetry: - description: ConfluentTelemetry defines the confluent telemetry reporter - configuration - properties: - global: - description: Global will allow disabling telemetry configuration. - If Operator is deployed with telemetry, this field is only is - used to disabled. By default the value is true if telemetry is - enabled in global level. - type: boolean - type: object - tls: - description: Specifies TLS configurations for the ksqlDB rest server. - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - dataVolumeCapacity - - image - - replicas - type: object - status: - description: KsqlDBStatus defines the observed state of KSQLServer - properties: - authorizationType: - type: string - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - kafka: - description: KafkaClientInfoStatus defines the kafka client side status - for all CP component - properties: - authenticationType: - description: AuthenticationType defines the authentication type - for kafka - type: string - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - type: string - tls: - description: TLS defines if tls is enabled for kafka dependency - type: boolean - type: object - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - rbac: - description: RBACInfoStatus defines RBAC related status when RBAC is - enabled - properties: - clusterId: - description: ClusterId defines the id of cluster - type: string - internalRolebindings: - description: RolebindingState defines the state of internal rolebindings - items: - type: string - type: array - type: object - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - restConfig: - description: ListenerStatus describes general information about a listeners - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to connect - to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to connect - to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - serviceId: - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/shared/crds/platform.confluent.io_migrationjobs.yaml b/kustomize/shared/crds/platform.confluent.io_migrationjobs.yaml deleted file mode 100644 index ead0c24..0000000 --- a/kustomize/shared/crds/platform.confluent.io_migrationjobs.yaml +++ /dev/null @@ -1,669 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: migrationjobs.platform.confluent.io -spec: - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: MigrationJob - listKind: MigrationJobList - plural: migrationjobs - shortNames: - - migrationjob - - migration - singular: migrationjob - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: MigrationJob is the Schema for the migrationjobs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MigrationJobSpec defines the desired state of MigrationJob - properties: - blockReconcile: - type: boolean - connect: - description: ConnectMigrationJobSpec defines the desired state of Connect - after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - controlcenter: - description: ControlCenterMigrationJobSpec defines the desired state - of ControlCenter after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - initContainerImage: - minLength: 1 - type: string - kafka: - description: KafkaMigrationJobSpec defines the descired state of Kafka - after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - ksqldb: - description: KsqlDBMigrationJobSpec defines the desired state of KsqlDB - after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - pullSecretRef: - items: - type: string - type: array - replicator: - description: ReplicatorMigrationJobSpec defines the desired state of - Replicator after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - schemaRegistry: - description: SchemaRegistryMigrationJobSpec defines the desired state - of SchemaRegistry after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - skipCleanup: - type: boolean - skipRollback: - type: boolean - zookeeper: - description: ZookeeperMigrationJobSpec defines the desired state of - Zookeeper after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - required: - - initContainerImage - type: object - status: - description: MigrationJobStatus defines the observed state of MigrationJob - properties: - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - connect: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - controlcenter: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - kafka: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - ksqldb: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - phase: - type: string - replicator: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - schemaRegistry: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - zookeeper: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - required: - - phase - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/shared/crds/platform.confluent.io_schemaregistries.yaml b/kustomize/shared/crds/platform.confluent.io_schemaregistries.yaml deleted file mode 100644 index 5d5723a..0000000 --- a/kustomize/shared/crds/platform.confluent.io_schemaregistries.yaml +++ /dev/null @@ -1,2333 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: schemaregistries.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.kafka.bootstrapEndpoint - name: Kafka - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: SchemaRegistry - listKind: SchemaRegistryList - plural: schemaregistries - shortNames: - - schemaregistry - - sr - singular: schemaregistry - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: SchemaRegistry is the Schema for the schemaregistries API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: SchemaRegistrySpec defines the desired state of SchemaRegistry - properties: - authentication: - description: Authentication defines the rest-endpoint configuration - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic credential - through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on the - server side only. Changes will be only reflected in ControlCenter - (C3). This configuration is ignored on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on the - server side only. This configuration is ignored on the client - side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme for Rest - Server - enum: - - basic - - mtls - type: string - required: - - type - type: object - authorization: - description: Authorization defines authorization configurations - properties: - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - type: - enum: - - rbac - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - dependencies: - description: Dependencies defines all the dependencies service configuration - properties: - kafka: - description: Kafka defines kafka dependencies configuration - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mds: - description: MDSDependencies defines the RBAC dependencies configurations - properties: - authentication: - description: Authentication defines MDS authentication configuration - properties: - bearer: - description: BearerAuthentication defines bearer authentication - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines the authentication type support - for MDS - enum: - - bearer - type: string - required: - - bearer - - type - type: object - endpoint: - description: Endpoint defines the mds endpoint - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: TokenKeyPair defines the token keypair to configure - MDS - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - authentication - - endpoint - - tokenKeyPair - type: object - type: object - externalAccess: - description: ExternalAccess defines the external access configuration - properties: - ingress: - description: Ingress allows to create a ingress service Not implemented - yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user wishes - to exist. - properties: - backend: - description: A default backend capable of servicing requests - that don't match any rule. At least one of 'backend' or - 'rules' must be specified. This field is optional to allow - the loadbalancer controller or defaulting logic to specify - a global default. - properties: - resource: - description: Resource is an ObjectRef to another Kubernetes - resource in the namespace of the Ingress object. If - resource is specified, serviceName and servicePort - must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the IngressClass - cluster resource. The associated IngressClass defines - which controller will implement the resource. This replaces - the deprecated `kubernetes.io/ingress.class` annotation. - For backwards compatibility, when that annotation is set, - it must be given precedence over this field. The controller - may emit a warning if the field and annotation have different - values. Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource may - be marked as default, which can be used to set a default - value for this field. For more information, refer to the - IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure the - Ingress. If unspecified, or no rule matches, all traffic - is sent to the default backend. - items: - description: IngressRule represents the rules mapping - the paths under a specified host to the related backend - services. Incoming requests are first evaluated for - a host match, then routed to the backend associated - with the matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified domain name - of a network host, as defined by RFC 3986. Note - the following deviations from the \"host\" part - of the URI as defined in RFC 3986: 1. IPs are not - allowed. Currently an IngressRuleValue can only - apply to the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected because ports - are not allowed. \t Currently the port of an Ingress - is implicitly :80 for http and \t :443 for https. - Both these may change in the future. Incoming requests - are matched against the host before the IngressRuleValue. - If the host is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a domain name - without the terminating dot of a network host (e.g. - \"foo.bar.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. - \"*.foo.com\"). The wildcard character '*' must - appear by itself as the first DNS label and matches - only a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests will - be matched against the Host field in the following - way: 1. If Host is precise, the request matches - this rule if the http host header is equal to Host. - 2. If Host is a wildcard, then the request matches - this rule if the http host header is to equal to - the suffix (removing the first label) of the wildcard - rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list of http - selectors pointing to backends. In the example: - http:///? -> backend where - where parts of the url correspond to RFC 3986, this - resource will be used to match against everything - after the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that map requests - to backends. - items: - description: HTTPIngressPath associates a path - with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: Backend defines the referenced - service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: Resource is an ObjectRef - to another Kubernetes resource in - the namespace of the Ingress object. - If resource is specified, serviceName - and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the - referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the - referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against the - path of an incoming request. Currently - it can contain characters disallowed from - the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin - with a '/'. When unspecified, all paths - from incoming requests are matched. - type: string - pathType: - description: 'PathType determines the interpretation - of the Path matching. PathType can be - one of the following values: * Exact: - Matches the URL path exactly. * Prefix: - Matches based on a URL path prefix split - by ''/''. Matching is done on a path - element by element basis. A path element - refers is the list of labels in the - path split by the ''/'' separator. A request - is a match for path p if every p is - an element-wise prefix of p of the request - path. Note that if the last element of - the path is a substring of the last - element in request path, it is not a match - (e.g. /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching is - up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix or Exact - path types. Implementations are required - to support all path types. Defaults to - ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress only - supports a single TLS port, 443. If multiple members of - this list specify different hosts, they will be multiplexed - on the same port according to the hostname specified through - the SNI TLS extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts - with the "Host" header field used by an IngressRule, - the SNI host is used for termination and value of - the Host header is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes load balancer - service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type load balancer - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring source - range - items: - type: string - type: array - port: - description: Port allows to configure external port for client - consumption If not configured, same internal/external port - will be configured per component Information about the port - can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port offset - to be used and will go in the increasing order with respect - to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for OpenShift - Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the OpenShift - service type route - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. It defaults - to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - internalTopicReplicatorFactor: - format: int32 - minimum: 1 - type: integer - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - storageClass: - description: Storage defines - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - telemetry: - description: ConfluentTelemetry defines the confluent telemetry reporter - configuration - properties: - global: - description: Global will allow disabling telemetry configuration. - If Operator is deployed with telemetry, this field is only is - used to disabled. By default the value is true if telemetry is - enabled in global level. - type: boolean - type: object - tls: - description: TLS defines tls configuration for rest-endpoint - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - image - - replicas - type: object - status: - description: SchemaRegistryStatus defines the observed state of SchemaRegistry - properties: - authorizationType: - type: string - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - groupId: - type: string - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - kafka: - description: KafkaClientInfoStatus defines the kafka client side status - for all CP component - properties: - authenticationType: - description: AuthenticationType defines the authentication type - for kafka - type: string - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - type: string - tls: - description: TLS defines if tls is enabled for kafka dependency - type: boolean - type: object - metricPrefix: - type: string - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - rbac: - description: RBACInfoStatus defines RBAC related status when RBAC is - enabled - properties: - clusterId: - description: ClusterId defines the id of cluster - type: string - internalRolebindings: - description: RolebindingState defines the state of internal rolebindings - items: - type: string - type: array - type: object - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - restConfig: - description: ListenerStatus describes general information about a listeners - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to connect - to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to connect - to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/shared/crds/platform.confluent.io_zookeepers.yaml b/kustomize/shared/crds/platform.confluent.io_zookeepers.yaml deleted file mode 100644 index e8c7c7b..0000000 --- a/kustomize/shared/crds/platform.confluent.io_zookeepers.yaml +++ /dev/null @@ -1,1551 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: zookeepers.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.endpoint - name: Endpoint - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: Zookeeper - listKind: ZookeeperList - plural: zookeepers - shortNames: - - zookeeper - - zk - singular: zookeeper - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: Zookeeper is the Schema for the zookeepers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ZookeeperSpec defines the desired state of Confluent Platform - (CP) component, Zookeeper - properties: - authentication: - description: Authentication defines support authentication configuration - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass required - credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced for - authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - principalMappingRules: - items: - type: string - type: array - type: - description: Type defines supported kafka authentication types - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - dataVolumeCapacity: - anyOf: - - type: integer - - type: string - description: DataVolumeCapacity defines the data volume size - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - logVolumeCapacity: - anyOf: - - type: integer - - type: string - description: LogVolumeCapacity defines the log volume size - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - storageClass: - description: StorageClass defines the user provided storage class. If - not configured, it will use default storage class. - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLS defines TLS setting - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - dataVolumeCapacity - - image - - logVolumeCapacity - - replicas - type: object - status: - description: ZookeeperStatus defines the observed state of Zookeeper - properties: - authenticationType: - type: string - authorizationType: - type: string - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - endpoint: - type: string - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - tls: - type: boolean - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/shared/kustomization.yaml b/kustomize/shared/kustomization.yaml index 10733bf..c723bff 100644 --- a/kustomize/shared/kustomization.yaml +++ b/kustomize/shared/kustomization.yaml @@ -1,5 +1,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization +namespace: tools resources: - - crds - - tools \ No newline at end of file + - namespace.yaml + - proxy.yaml + - ldap.yaml + - confluent-operator-credentials.yaml + - confluent-operator-helm-release-dev.yaml + - confluent-operator-helm-release-staging.yaml + - confluent-operator-helm-release-production.yaml diff --git a/kustomize/shared/tools/ldap.yaml b/kustomize/shared/ldap.yaml similarity index 100% rename from kustomize/shared/tools/ldap.yaml rename to kustomize/shared/ldap.yaml diff --git a/kustomize/shared/tools/namespace.yaml b/kustomize/shared/namespace.yaml similarity index 100% rename from kustomize/shared/tools/namespace.yaml rename to kustomize/shared/namespace.yaml diff --git a/kustomize/shared/tools/proxy.yaml b/kustomize/shared/proxy.yaml similarity index 100% rename from kustomize/shared/tools/proxy.yaml rename to kustomize/shared/proxy.yaml diff --git a/kustomize/shared/tools/kustomization.yaml b/kustomize/shared/tools/kustomization.yaml deleted file mode 100644 index 77254c3..0000000 --- a/kustomize/shared/tools/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: tools -resources: - - namespace.yaml - - proxy.yaml - - ldap.yaml - - confluent-operator-credentials.yaml - - confluent-operator-helm-release.yaml \ No newline at end of file From 7dde5bcb44d21052f23443bbf9100c0a5bf12896 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 15:36:06 +0100 Subject: [PATCH 30/46] debug --- .../shared/confluent-operator-helm-release-production.yaml | 2 +- kustomize/shared/confluent-operator-helm-release-staging.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kustomize/shared/confluent-operator-helm-release-production.yaml b/kustomize/shared/confluent-operator-helm-release-production.yaml index 76b31ec..6528066 100644 --- a/kustomize/shared/confluent-operator-helm-release-production.yaml +++ b/kustomize/shared/confluent-operator-helm-release-production.yaml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: confluent - namespace: dev + namespace: production spec: interval: 1m chart: diff --git a/kustomize/shared/confluent-operator-helm-release-staging.yaml b/kustomize/shared/confluent-operator-helm-release-staging.yaml index 76b31ec..a26230c 100644 --- a/kustomize/shared/confluent-operator-helm-release-staging.yaml +++ b/kustomize/shared/confluent-operator-helm-release-staging.yaml @@ -2,7 +2,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: confluent - namespace: dev + namespace: staging spec: interval: 1m chart: From 6a41faea4e7f9fce495043511e2f69858b83b37e Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 15:38:28 +0100 Subject: [PATCH 31/46] deubg --- kustomize/shared/kustomization.yaml | 1 - kustomize/shared/proxy.yaml | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/kustomize/shared/kustomization.yaml b/kustomize/shared/kustomization.yaml index c723bff..0aa4abd 100644 --- a/kustomize/shared/kustomization.yaml +++ b/kustomize/shared/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: tools resources: - namespace.yaml - proxy.yaml diff --git a/kustomize/shared/proxy.yaml b/kustomize/shared/proxy.yaml index 050f6f8..5f39f80 100644 --- a/kustomize/shared/proxy.yaml +++ b/kustomize/shared/proxy.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Pod metadata: name: proxy + namespace: tools labels: role: proxy spec: From 37161c3b4f7a3f1f51bebb4f82f21f0b2cbe7e92 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 15:40:25 +0100 Subject: [PATCH 32/46] debug --- kustomize/apps.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kustomize/apps.yaml b/kustomize/apps.yaml index 5a2f411..4fb52a1 100644 --- a/kustomize/apps.yaml +++ b/kustomize/apps.yaml @@ -5,8 +5,8 @@ metadata: namespace: flux-system spec: interval: 1m -# dependsOn: -# - name: infrastucture + dependsOn: + - name: shared sourceRef: kind: GitRepository name: flux-system From 2c2dc856e306ab2dec81cc6b7c2dad3966a054bc Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 15:46:50 +0100 Subject: [PATCH 33/46] debug --- kustomize/apps.yaml | 15 --------------- kustomize/infrastucture.yaml | 17 ----------------- kustomize/kustomization.yaml | 3 +++ 3 files changed, 3 insertions(+), 32 deletions(-) delete mode 100644 kustomize/apps.yaml delete mode 100644 kustomize/infrastucture.yaml create mode 100644 kustomize/kustomization.yaml diff --git a/kustomize/apps.yaml b/kustomize/apps.yaml deleted file mode 100644 index 4fb52a1..0000000 --- a/kustomize/apps.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -kind: Kustomization -metadata: - name: environments - namespace: flux-system -spec: - interval: 1m - dependsOn: - - name: shared - sourceRef: - kind: GitRepository - name: flux-system - prune: true - path: ./environments - validation: client diff --git a/kustomize/infrastucture.yaml b/kustomize/infrastucture.yaml deleted file mode 100644 index 713a150..0000000 --- a/kustomize/infrastucture.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -kind: Kustomization -metadata: - name: shared - namespace: flux-system -spec: - interval: 1m - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - healthChecks: - - kind: Pod - name: ldap - namespace: tools - path: ./shared - prune: true diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml new file mode 100644 index 0000000..ab54b74 --- /dev/null +++ b/kustomize/kustomization.yaml @@ -0,0 +1,3 @@ +resources: +- shared + From da0796dd32b4da7f0823a1b2a42bb115fd096e44 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 15:51:00 +0100 Subject: [PATCH 34/46] adding envs --- kustomize/kustomization.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml index ab54b74..18bf202 100644 --- a/kustomize/kustomization.yaml +++ b/kustomize/kustomization.yaml @@ -1,3 +1,4 @@ resources: - shared +- environments From 73d12e9247cf0fd1cf471c510e7aa983975885d6 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 15:56:53 +0100 Subject: [PATCH 35/46] getting rid of prefix --- kustomize/environments/dev/kustomization.yaml | 1 - kustomize/environments/production/kustomization.yaml | 1 - kustomize/environments/staging/kustomization.yaml | 1 - 3 files changed, 3 deletions(-) diff --git a/kustomize/environments/dev/kustomization.yaml b/kustomize/environments/dev/kustomization.yaml index 445fe96..eff2f03 100644 --- a/kustomize/environments/dev/kustomization.yaml +++ b/kustomize/environments/dev/kustomization.yaml @@ -1,5 +1,4 @@ resources: - namespace.yaml - ../../base -namePrefix: dev- namespace: dev diff --git a/kustomize/environments/production/kustomization.yaml b/kustomize/environments/production/kustomization.yaml index 177fa1d..9927ffc 100644 --- a/kustomize/environments/production/kustomization.yaml +++ b/kustomize/environments/production/kustomization.yaml @@ -1,5 +1,4 @@ resources: - namespace.yaml - ../../base -namePrefix: prod- namespace: production diff --git a/kustomize/environments/staging/kustomization.yaml b/kustomize/environments/staging/kustomization.yaml index 58fd280..8efa5b0 100644 --- a/kustomize/environments/staging/kustomization.yaml +++ b/kustomize/environments/staging/kustomization.yaml @@ -1,5 +1,4 @@ resources: - namespace.yaml - ../../base -namePrefix: staging- namespace: staging From 646e93ad800eeecea63ea87c0bffbd422d8924dd Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 16:07:06 +0100 Subject: [PATCH 36/46] updating --- kustom.yaml | 32 ++++++++++++++++++++++++++++++++ kustomize/kustomization.yaml | 2 +- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 kustom.yaml diff --git a/kustom.yaml b/kustom.yaml new file mode 100644 index 0000000..283e1ef --- /dev/null +++ b/kustom.yaml @@ -0,0 +1,32 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: shared + namespace: flux-system +spec: + interval: 5m + path: "./shared" + prune: true + sourceRef: + kind: GitRepository + name: flux-system + healthChecks: + - apiVersion: apps/v1 + kind: Deployment + name: cert-manager + namespace: cert-manager +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: certs + namespace: flux-system +spec: + dependsOn: + - name: shared + interval: 5m + path: "./environments" + prune: true + sourceRef: + kind: GitRepository + name: flux-system \ No newline at end of file diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml index 18bf202..609d5bb 100644 --- a/kustomize/kustomization.yaml +++ b/kustomize/kustomization.yaml @@ -1,4 +1,4 @@ resources: - shared -- environments +#- environments From ef47464889f91128b4cd917e4f035df54f35afa6 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 16:09:31 +0100 Subject: [PATCH 37/46] debug --- kustomization.yaml | 4 ++++ kustomize/kustomization.yaml | 36 ++++++++++++++++++++++++++++++++---- 2 files changed, 36 insertions(+), 4 deletions(-) create mode 100644 kustomization.yaml diff --git a/kustomization.yaml b/kustomization.yaml new file mode 100644 index 0000000..609d5bb --- /dev/null +++ b/kustomization.yaml @@ -0,0 +1,4 @@ +resources: +- shared +#- environments + diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml index 609d5bb..81371dd 100644 --- a/kustomize/kustomization.yaml +++ b/kustomize/kustomization.yaml @@ -1,4 +1,32 @@ -resources: -- shared -#- environments - +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: shared + namespace: flux-system +spec: + interval: 5m + path: "./shared" + prune: true + sourceRef: + kind: GitRepository + name: flux-system + healthChecks: + - apiVersion: apps/v1 + kind: Deployment + name: confluent-operator + namespace: dev +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: certs + namespace: flux-system +spec: + dependsOn: + - name: shared + interval: 5m + path: "./environments" + prune: true + sourceRef: + kind: GitRepository + name: flux-system \ No newline at end of file From 10e2dff9468cc03199b381d247f99e858375d579 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 16:13:19 +0100 Subject: [PATCH 38/46] updating sync --- kustomize/flux-system/gotk-sync.yaml | 41 +++++++++++++++++++++++++--- kustomize/kustomization.yaml | 2 +- 2 files changed, 38 insertions(+), 5 deletions(-) diff --git a/kustomize/flux-system/gotk-sync.yaml b/kustomize/flux-system/gotk-sync.yaml index 3a01dc1..7df9116 100644 --- a/kustomize/flux-system/gotk-sync.yaml +++ b/kustomize/flux-system/gotk-sync.yaml @@ -11,17 +11,50 @@ spec: secretRef: name: flux-system url: ssh://git@github.com/mccullya/kafka-gitops +#--- +#apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +#kind: Kustomization +#metadata: +# name: flux-system +# namespace: flux-system +#spec: +# interval: 10m0s +# path: ./kustomize +# prune: true +# sourceRef: +# kind: GitRepository +# name: flux-system +# validation: client --- apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 kind: Kustomization metadata: - name: flux-system + name: shared namespace: flux-system spec: - interval: 10m0s - path: ./kustomize + interval: 5m + path: ../shared prune: true sourceRef: kind: GitRepository name: flux-system - validation: client + healthChecks: + - apiVersion: apps/v1 + kind: Deployment + name: confluent-operator + namespace: dev +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: environments + namespace: flux-system +spec: + dependsOn: + - name: shared + interval: 5m + path: ../environments + prune: true + sourceRef: + kind: GitRepository + name: flux-system \ No newline at end of file diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml index 81371dd..c95acb1 100644 --- a/kustomize/kustomization.yaml +++ b/kustomize/kustomization.yaml @@ -19,7 +19,7 @@ spec: apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 kind: Kustomization metadata: - name: certs + name: environments namespace: flux-system spec: dependsOn: From 567f69debae3eae09cc5a6bd19d6ab7263c8b21a Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 16:14:51 +0100 Subject: [PATCH 39/46] Revert "updating sync" This reverts commit 10e2dff9468cc03199b381d247f99e858375d579. --- kustomize/flux-system/gotk-sync.yaml | 41 +++------------------------- kustomize/kustomization.yaml | 2 +- 2 files changed, 5 insertions(+), 38 deletions(-) diff --git a/kustomize/flux-system/gotk-sync.yaml b/kustomize/flux-system/gotk-sync.yaml index 7df9116..3a01dc1 100644 --- a/kustomize/flux-system/gotk-sync.yaml +++ b/kustomize/flux-system/gotk-sync.yaml @@ -11,50 +11,17 @@ spec: secretRef: name: flux-system url: ssh://git@github.com/mccullya/kafka-gitops -#--- -#apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -#kind: Kustomization -#metadata: -# name: flux-system -# namespace: flux-system -#spec: -# interval: 10m0s -# path: ./kustomize -# prune: true -# sourceRef: -# kind: GitRepository -# name: flux-system -# validation: client --- apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 kind: Kustomization metadata: - name: shared + name: flux-system namespace: flux-system spec: - interval: 5m - path: ../shared + interval: 10m0s + path: ./kustomize prune: true sourceRef: kind: GitRepository name: flux-system - healthChecks: - - apiVersion: apps/v1 - kind: Deployment - name: confluent-operator - namespace: dev ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -kind: Kustomization -metadata: - name: environments - namespace: flux-system -spec: - dependsOn: - - name: shared - interval: 5m - path: ../environments - prune: true - sourceRef: - kind: GitRepository - name: flux-system \ No newline at end of file + validation: client diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml index c95acb1..81371dd 100644 --- a/kustomize/kustomization.yaml +++ b/kustomize/kustomization.yaml @@ -19,7 +19,7 @@ spec: apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 kind: Kustomization metadata: - name: environments + name: certs namespace: flux-system spec: dependsOn: From 3542d725a8cac5d175739dfc854bc1f5c2788f24 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 16:16:29 +0100 Subject: [PATCH 40/46] debug --- kustomize/environments.yaml | 14 ++++++++++++++ kustomize/{kustomization.yaml => shared.yaml} | 17 +---------------- 2 files changed, 15 insertions(+), 16 deletions(-) create mode 100644 kustomize/environments.yaml rename kustomize/{kustomization.yaml => shared.yaml} (52%) diff --git a/kustomize/environments.yaml b/kustomize/environments.yaml new file mode 100644 index 0000000..d12be33 --- /dev/null +++ b/kustomize/environments.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: environments + namespace: flux-system +spec: + dependsOn: + - name: shared + interval: 5m + path: "./environments" + prune: true + sourceRef: + kind: GitRepository + name: flux-system \ No newline at end of file diff --git a/kustomize/kustomization.yaml b/kustomize/shared.yaml similarity index 52% rename from kustomize/kustomization.yaml rename to kustomize/shared.yaml index 81371dd..2b09b3b 100644 --- a/kustomize/kustomization.yaml +++ b/kustomize/shared.yaml @@ -14,19 +14,4 @@ spec: - apiVersion: apps/v1 kind: Deployment name: confluent-operator - namespace: dev ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -kind: Kustomization -metadata: - name: certs - namespace: flux-system -spec: - dependsOn: - - name: shared - interval: 5m - path: "./environments" - prune: true - sourceRef: - kind: GitRepository - name: flux-system \ No newline at end of file + namespace: dev \ No newline at end of file From c59402bc241ce4d58165d1b47fc943b8a86c8d20 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Tue, 18 May 2021 16:29:06 +0100 Subject: [PATCH 41/46] adding helm release dpeendency --- kustomize/environments.yaml | 2 +- kustomize/shared.yaml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/kustomize/environments.yaml b/kustomize/environments.yaml index d12be33..cdbd271 100644 --- a/kustomize/environments.yaml +++ b/kustomize/environments.yaml @@ -7,7 +7,7 @@ spec: dependsOn: - name: shared interval: 5m - path: "./environments" + path: ./environments prune: true sourceRef: kind: GitRepository diff --git a/kustomize/shared.yaml b/kustomize/shared.yaml index 2b09b3b..6cc2ea9 100644 --- a/kustomize/shared.yaml +++ b/kustomize/shared.yaml @@ -5,13 +5,13 @@ metadata: namespace: flux-system spec: interval: 5m - path: "./shared" + path: ./shared prune: true sourceRef: kind: GitRepository name: flux-system healthChecks: - - apiVersion: apps/v1 - kind: Deployment - name: confluent-operator + - apiVersion: helm.toolkit.fluxcd.io/v1beta1 + kind: HelmRelease + name: confluent namespace: dev \ No newline at end of file From 1f242f8f8a5a0a5111da20c27f1d40ed80f5d467 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Wed, 19 May 2021 10:51:50 +0100 Subject: [PATCH 42/46] debug --- kustomize/{shared.yaml => infrastructure.yaml} | 0 .../confluent-operator-credentials.yaml | 0 .../confluent-operator-helm-release-dev.yaml | 0 .../confluent-operator-helm-release-production.yaml | 0 .../confluent-operator-helm-release-staging.yaml | 0 kustomize/{shared => infrastructure}/kustomization.yaml | 0 kustomize/{shared => infrastructure}/ldap.yaml | 0 kustomize/{shared => infrastructure}/namespace.yaml | 0 kustomize/{shared => infrastructure}/proxy.yaml | 0 9 files changed, 0 insertions(+), 0 deletions(-) rename kustomize/{shared.yaml => infrastructure.yaml} (100%) rename kustomize/{shared => infrastructure}/confluent-operator-credentials.yaml (100%) rename kustomize/{shared => infrastructure}/confluent-operator-helm-release-dev.yaml (100%) rename kustomize/{shared => infrastructure}/confluent-operator-helm-release-production.yaml (100%) rename kustomize/{shared => infrastructure}/confluent-operator-helm-release-staging.yaml (100%) rename kustomize/{shared => infrastructure}/kustomization.yaml (100%) rename kustomize/{shared => infrastructure}/ldap.yaml (100%) rename kustomize/{shared => infrastructure}/namespace.yaml (100%) rename kustomize/{shared => infrastructure}/proxy.yaml (100%) diff --git a/kustomize/shared.yaml b/kustomize/infrastructure.yaml similarity index 100% rename from kustomize/shared.yaml rename to kustomize/infrastructure.yaml diff --git a/kustomize/shared/confluent-operator-credentials.yaml b/kustomize/infrastructure/confluent-operator-credentials.yaml similarity index 100% rename from kustomize/shared/confluent-operator-credentials.yaml rename to kustomize/infrastructure/confluent-operator-credentials.yaml diff --git a/kustomize/shared/confluent-operator-helm-release-dev.yaml b/kustomize/infrastructure/confluent-operator-helm-release-dev.yaml similarity index 100% rename from kustomize/shared/confluent-operator-helm-release-dev.yaml rename to kustomize/infrastructure/confluent-operator-helm-release-dev.yaml diff --git a/kustomize/shared/confluent-operator-helm-release-production.yaml b/kustomize/infrastructure/confluent-operator-helm-release-production.yaml similarity index 100% rename from kustomize/shared/confluent-operator-helm-release-production.yaml rename to kustomize/infrastructure/confluent-operator-helm-release-production.yaml diff --git a/kustomize/shared/confluent-operator-helm-release-staging.yaml b/kustomize/infrastructure/confluent-operator-helm-release-staging.yaml similarity index 100% rename from kustomize/shared/confluent-operator-helm-release-staging.yaml rename to kustomize/infrastructure/confluent-operator-helm-release-staging.yaml diff --git a/kustomize/shared/kustomization.yaml b/kustomize/infrastructure/kustomization.yaml similarity index 100% rename from kustomize/shared/kustomization.yaml rename to kustomize/infrastructure/kustomization.yaml diff --git a/kustomize/shared/ldap.yaml b/kustomize/infrastructure/ldap.yaml similarity index 100% rename from kustomize/shared/ldap.yaml rename to kustomize/infrastructure/ldap.yaml diff --git a/kustomize/shared/namespace.yaml b/kustomize/infrastructure/namespace.yaml similarity index 100% rename from kustomize/shared/namespace.yaml rename to kustomize/infrastructure/namespace.yaml diff --git a/kustomize/shared/proxy.yaml b/kustomize/infrastructure/proxy.yaml similarity index 100% rename from kustomize/shared/proxy.yaml rename to kustomize/infrastructure/proxy.yaml From 72b765d2cd964b9989d6908ffc8e59302c3b1590 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Wed, 19 May 2021 11:23:04 +0100 Subject: [PATCH 43/46] working deployment --- .gitignore | 5 +++- README.md | 1 + .../gotk-components.yaml | 0 .../gotk-sync.yaml | 24 +++++++++++++++++-- .../kustomization.yaml | 0 kustomize/base/secrets/kustomization.yaml | 1 + kustomize/environments.yaml | 14 ----------- kustomize/infrastructure.yaml | 17 ------------- .../certs/mds-publickey.txt | 0 .../certs/mds-tokenkeypair.txt | 0 .../populate_secrets.sh | 16 ++++++------- .../users/bearer.txt | 0 .../users/c3-mds-client.txt | 0 .../users/connect-mds-client.txt | 0 .../users/creds-client-kafka-sasl-user.txt | 0 .../users/creds-control-center-users.txt | 0 .../users/creds-kafka-sasl-users.json | 0 .../creds-kafka-zookeeper-credentials.txt | 0 .../creds-zookeeper-sasl-digest-users.json | 0 .../users/ksqldb-mds-client.txt | 0 .../{ => application-secrets}/users/ldap.txt | 0 .../users/sr-mds-client.txt | 0 .../{ => confluent-helm}/sensitive_secrets.sh | 8 +++---- resources/git/git_repo.sh | 7 ++++++ resources/ns-dev.yaml | 7 ------ resources/ns-flux-system.yaml | 7 ------ resources/ns-production.yaml | 7 ------ resources/ns-staging.yaml | 7 ------ 28 files changed, 47 insertions(+), 74 deletions(-) rename {kustomize/flux-system => flux-system}/gotk-components.yaml (100%) rename {kustomize/flux-system => flux-system}/gotk-sync.yaml (50%) rename {kustomize/flux-system => flux-system}/kustomization.yaml (100%) delete mode 100644 kustomize/environments.yaml delete mode 100644 kustomize/infrastructure.yaml rename resources/{ => application-secrets}/certs/mds-publickey.txt (100%) rename resources/{ => application-secrets}/certs/mds-tokenkeypair.txt (100%) rename resources/{ => application-secrets}/populate_secrets.sh (71%) rename resources/{ => application-secrets}/users/bearer.txt (100%) rename resources/{ => application-secrets}/users/c3-mds-client.txt (100%) rename resources/{ => application-secrets}/users/connect-mds-client.txt (100%) rename resources/{ => application-secrets}/users/creds-client-kafka-sasl-user.txt (100%) rename resources/{ => application-secrets}/users/creds-control-center-users.txt (100%) rename resources/{ => application-secrets}/users/creds-kafka-sasl-users.json (100%) rename resources/{ => application-secrets}/users/creds-kafka-zookeeper-credentials.txt (100%) rename resources/{ => application-secrets}/users/creds-zookeeper-sasl-digest-users.json (100%) rename resources/{ => application-secrets}/users/ksqldb-mds-client.txt (100%) rename resources/{ => application-secrets}/users/ldap.txt (100%) rename resources/{ => application-secrets}/users/sr-mds-client.txt (100%) rename resources/{ => confluent-helm}/sensitive_secrets.sh (91%) create mode 100755 resources/git/git_repo.sh delete mode 100644 resources/ns-dev.yaml delete mode 100644 resources/ns-flux-system.yaml delete mode 100644 resources/ns-production.yaml delete mode 100644 resources/ns-staging.yaml diff --git a/.gitignore b/.gitignore index 7f257cd..84a29c8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,5 @@ .idea -sensitive-* \ No newline at end of file +sensitive-* +identity +identity.pub +known_hosts \ No newline at end of file diff --git a/README.md b/README.md index d2263c4..6d3bfde 100644 --- a/README.md +++ b/README.md @@ -169,6 +169,7 @@ $ watch flux get helmreleases --all-namespaces * Decode secrets `kubectl get secrets -n flux-system https-credentials -o json | jq '.data | map_values(@base64d)'` + `kubectl get secrets -n flux-system flux-system -o json | jq '.data | map_values(@base64d)'` * Access Control Centre `kubectl port-forward -n confluent controlcenter-0 9021:9021`. The web UI credentials will be c3/c3-secret (as defined by the populated secrets) diff --git a/kustomize/flux-system/gotk-components.yaml b/flux-system/gotk-components.yaml similarity index 100% rename from kustomize/flux-system/gotk-components.yaml rename to flux-system/gotk-components.yaml diff --git a/kustomize/flux-system/gotk-sync.yaml b/flux-system/gotk-sync.yaml similarity index 50% rename from kustomize/flux-system/gotk-sync.yaml rename to flux-system/gotk-sync.yaml index 3a01dc1..a362488 100644 --- a/kustomize/flux-system/gotk-sync.yaml +++ b/flux-system/gotk-sync.yaml @@ -15,13 +15,33 @@ spec: apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 kind: Kustomization metadata: - name: flux-system + name: confluent-infra namespace: flux-system spec: interval: 10m0s - path: ./kustomize + path: ./kustomize/infrastructure prune: true sourceRef: kind: GitRepository name: flux-system + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v1beta1 + kind: HelmRelease + name: confluent + namespace: dev validation: client +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: environments + namespace: flux-system +spec: + dependsOn: + - name: confluent-infra + interval: 5m + path: ./kustomize/environments + prune: true + sourceRef: + kind: GitRepository + name: flux-system diff --git a/kustomize/flux-system/kustomization.yaml b/flux-system/kustomization.yaml similarity index 100% rename from kustomize/flux-system/kustomization.yaml rename to flux-system/kustomization.yaml diff --git a/kustomize/base/secrets/kustomization.yaml b/kustomize/base/secrets/kustomization.yaml index 1ee46d9..5471250 100644 --- a/kustomize/base/secrets/kustomization.yaml +++ b/kustomize/base/secrets/kustomization.yaml @@ -6,5 +6,6 @@ resources: - credential.yaml - ksqldb-mds-client.yaml - mds-client.yaml + - mds-token.yaml - rest-credential.yaml - sr-mds-client.yaml \ No newline at end of file diff --git a/kustomize/environments.yaml b/kustomize/environments.yaml deleted file mode 100644 index cdbd271..0000000 --- a/kustomize/environments.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -kind: Kustomization -metadata: - name: environments - namespace: flux-system -spec: - dependsOn: - - name: shared - interval: 5m - path: ./environments - prune: true - sourceRef: - kind: GitRepository - name: flux-system \ No newline at end of file diff --git a/kustomize/infrastructure.yaml b/kustomize/infrastructure.yaml deleted file mode 100644 index 6cc2ea9..0000000 --- a/kustomize/infrastructure.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -kind: Kustomization -metadata: - name: shared - namespace: flux-system -spec: - interval: 5m - path: ./shared - prune: true - sourceRef: - kind: GitRepository - name: flux-system - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v1beta1 - kind: HelmRelease - name: confluent - namespace: dev \ No newline at end of file diff --git a/resources/certs/mds-publickey.txt b/resources/application-secrets/certs/mds-publickey.txt similarity index 100% rename from resources/certs/mds-publickey.txt rename to resources/application-secrets/certs/mds-publickey.txt diff --git a/resources/certs/mds-tokenkeypair.txt b/resources/application-secrets/certs/mds-tokenkeypair.txt similarity index 100% rename from resources/certs/mds-tokenkeypair.txt rename to resources/application-secrets/certs/mds-tokenkeypair.txt diff --git a/resources/populate_secrets.sh b/resources/application-secrets/populate_secrets.sh similarity index 71% rename from resources/populate_secrets.sh rename to resources/application-secrets/populate_secrets.sh index ca411b6..2616349 100755 --- a/resources/populate_secrets.sh +++ b/resources/application-secrets/populate_secrets.sh @@ -8,36 +8,36 @@ kubectl create secret generic credential \ --from-file=ldap.txt=./users/ldap.txt \ --from-file=mdsPublicKey.pem=./certs/mds-publickey.txt \ --from-file=mdsTokenKeyPair.pem=./certs/mds-tokenkeypair.txt \ ---dry-run=client --output=yaml > ../kustomize/base/secrets/credential.yaml +--dry-run=client --output=yaml > ../../kustomize/base/secrets/credential.yaml kubectl create secret generic mds-token \ --from-file=mdsPublicKey.pem=./certs/mds-publickey.txt \ --from-file=mdsTokenKeyPair.pem=./certs/mds-tokenkeypair.txt \ ---dry-run=client --output=yaml > ../kustomize/base/secrets/mds-token.yaml +--dry-run=client --output=yaml > ../../kustomize/base/secrets/mds-token.yaml # Kafka RBAC credential kubectl create secret generic mds-client \ --from-file=bearer.txt=./users/bearer.txt \ ---dry-run=client --output=yaml > ../kustomize/base/secrets/mds-client.yaml +--dry-run=client --output=yaml > ../../kustomize/base/secrets/mds-client.yaml # Control Center RBAC credential kubectl create secret generic c3-mds-client \ --from-file=bearer.txt=./users/c3-mds-client.txt \ ---dry-run=client --output=yaml > ../kustomize/base/secrets/c3-mds-client.yaml +--dry-run=client --output=yaml > ../../kustomize/base/secrets/c3-mds-client.yaml # Connect RBAC credential kubectl create secret generic connect-mds-client \ --from-file=bearer.txt=./users/connect-mds-client.txt \ ---dry-run=client --output=yaml > ../kustomize/base/secrets/connect-mds-client.yaml +--dry-run=client --output=yaml > ../../kustomize/base/secrets/connect-mds-client.yaml # Schema Registry RBAC credential kubectl create secret generic sr-mds-client \ --from-file=bearer.txt=./users/sr-mds-client.txt \ ---dry-run=client --output=yaml > ../kustomize/base/secrets/sr-mds-client.yaml +--dry-run=client --output=yaml > ../../kustomize/base/secrets/sr-mds-client.yaml # ksqlDB RBAC credential kubectl create secret generic ksqldb-mds-client \ --from-file=bearer.txt=./users/ksqldb-mds-client.txt \ ---dry-run=client --output=yaml > ../kustomize/base/secrets/ksqldb-mds-client.yaml +--dry-run=client --output=yaml > ../../kustomize/base/secrets/ksqldb-mds-client.yaml # Kafka REST credential kubectl create secret generic rest-credential \ --from-file=bearer.txt=./users/bearer.txt \ --from-file=basic.txt=./users/bearer.txt \ --from-file=plain.txt=./users/bearer.txt \ ---dry-run=client --output=yaml > ../kustomize/base/secrets/rest-credential.yaml \ No newline at end of file +--dry-run=client --output=yaml > ../../kustomize/base/secrets/rest-credential.yaml \ No newline at end of file diff --git a/resources/users/bearer.txt b/resources/application-secrets/users/bearer.txt similarity index 100% rename from resources/users/bearer.txt rename to resources/application-secrets/users/bearer.txt diff --git a/resources/users/c3-mds-client.txt b/resources/application-secrets/users/c3-mds-client.txt similarity index 100% rename from resources/users/c3-mds-client.txt rename to resources/application-secrets/users/c3-mds-client.txt diff --git a/resources/users/connect-mds-client.txt b/resources/application-secrets/users/connect-mds-client.txt similarity index 100% rename from resources/users/connect-mds-client.txt rename to resources/application-secrets/users/connect-mds-client.txt diff --git a/resources/users/creds-client-kafka-sasl-user.txt b/resources/application-secrets/users/creds-client-kafka-sasl-user.txt similarity index 100% rename from resources/users/creds-client-kafka-sasl-user.txt rename to resources/application-secrets/users/creds-client-kafka-sasl-user.txt diff --git a/resources/users/creds-control-center-users.txt b/resources/application-secrets/users/creds-control-center-users.txt similarity index 100% rename from resources/users/creds-control-center-users.txt rename to resources/application-secrets/users/creds-control-center-users.txt diff --git a/resources/users/creds-kafka-sasl-users.json b/resources/application-secrets/users/creds-kafka-sasl-users.json similarity index 100% rename from resources/users/creds-kafka-sasl-users.json rename to resources/application-secrets/users/creds-kafka-sasl-users.json diff --git a/resources/users/creds-kafka-zookeeper-credentials.txt b/resources/application-secrets/users/creds-kafka-zookeeper-credentials.txt similarity index 100% rename from resources/users/creds-kafka-zookeeper-credentials.txt rename to resources/application-secrets/users/creds-kafka-zookeeper-credentials.txt diff --git a/resources/users/creds-zookeeper-sasl-digest-users.json b/resources/application-secrets/users/creds-zookeeper-sasl-digest-users.json similarity index 100% rename from resources/users/creds-zookeeper-sasl-digest-users.json rename to resources/application-secrets/users/creds-zookeeper-sasl-digest-users.json diff --git a/resources/users/ksqldb-mds-client.txt b/resources/application-secrets/users/ksqldb-mds-client.txt similarity index 100% rename from resources/users/ksqldb-mds-client.txt rename to resources/application-secrets/users/ksqldb-mds-client.txt diff --git a/resources/users/ldap.txt b/resources/application-secrets/users/ldap.txt similarity index 100% rename from resources/users/ldap.txt rename to resources/application-secrets/users/ldap.txt diff --git a/resources/users/sr-mds-client.txt b/resources/application-secrets/users/sr-mds-client.txt similarity index 100% rename from resources/users/sr-mds-client.txt rename to resources/application-secrets/users/sr-mds-client.txt diff --git a/resources/sensitive_secrets.sh b/resources/confluent-helm/sensitive_secrets.sh similarity index 91% rename from resources/sensitive_secrets.sh rename to resources/confluent-helm/sensitive_secrets.sh index 3d745ab..5cb6c64 100755 --- a/resources/sensitive_secrets.sh +++ b/resources/confluent-helm/sensitive_secrets.sh @@ -1,8 +1,8 @@ #!/bin/bash -kubectl create namespace dev --dry-run=client --output=yaml > ./ns-dev.yaml -kubectl create namespace staging --dry-run=client --output=yaml > ./ns-staging.yaml -kubectl create namespace production --dry-run=client --output=yaml > ./ns-production.yaml -kubectl create namespace flux-system --dry-run=client --output=yaml > ./ns-flux-system.yaml +kubectl create namespace dev --dry-run=client --output=yaml > ./sensitive-ns-dev.yaml +kubectl create namespace staging --dry-run=client --output=yaml > ./sensitive-ns-staging.yaml +kubectl create namespace production --dry-run=client --output=yaml > ./sensitive-ns-production.yaml +kubectl create namespace flux-system --dry-run=client --output=yaml > ./sensitive-ns-flux-system.yaml kubectl create secret docker-registry confluent-registry -n dev \ --docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ --docker-username=$USER \ diff --git a/resources/git/git_repo.sh b/resources/git/git_repo.sh new file mode 100755 index 0000000..00b5a5b --- /dev/null +++ b/resources/git/git_repo.sh @@ -0,0 +1,7 @@ +#!/bin/bash +kubectl create secret -n flux-system generic flux-system \ +--from-file=identity=./identity \ +--from-file=identity.pub=./identity.pub \ +--from-file=known_hosts=./known_hosts \ +--dry-run=client --output=yaml > ./sensitive-git-flux-secrets.yaml +kubectl apply -f sensitive-git-flux-secrets.yaml \ No newline at end of file diff --git a/resources/ns-dev.yaml b/resources/ns-dev.yaml deleted file mode 100644 index 16f39ef..0000000 --- a/resources/ns-dev.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - creationTimestamp: null - name: dev -spec: {} -status: {} diff --git a/resources/ns-flux-system.yaml b/resources/ns-flux-system.yaml deleted file mode 100644 index 9c1343b..0000000 --- a/resources/ns-flux-system.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - creationTimestamp: null - name: flux-system -spec: {} -status: {} diff --git a/resources/ns-production.yaml b/resources/ns-production.yaml deleted file mode 100644 index 22979d3..0000000 --- a/resources/ns-production.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - creationTimestamp: null - name: production -spec: {} -status: {} diff --git a/resources/ns-staging.yaml b/resources/ns-staging.yaml deleted file mode 100644 index 1bb3436..0000000 --- a/resources/ns-staging.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - creationTimestamp: null - name: staging -spec: {} -status: {} From bb00e7117ce9c74294ba3e3618964a503a86f21b Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Wed, 19 May 2021 11:59:37 +0100 Subject: [PATCH 44/46] introducing environment patches --- kustomize/environments/dev/control-centre.yaml | 11 +++++++++++ kustomize/environments/dev/kafka-connect.yaml | 11 +++++++++++ kustomize/environments/dev/kafka.yaml | 11 +++++++++++ kustomize/environments/dev/ksqldb.yaml | 11 +++++++++++ kustomize/environments/dev/kustomization.yaml | 8 +++++++- kustomize/environments/dev/schema-registry.yaml | 11 +++++++++++ kustomize/environments/production/control-centre.yaml | 11 +++++++++++ kustomize/environments/production/kafka-connect.yaml | 11 +++++++++++ kustomize/environments/production/kafka.yaml | 11 +++++++++++ kustomize/environments/production/ksqldb.yaml | 11 +++++++++++ kustomize/environments/production/kustomization.yaml | 8 +++++++- .../environments/production/schema-registry.yaml | 11 +++++++++++ kustomize/environments/staging/control-centre.yaml | 11 +++++++++++ kustomize/environments/staging/kafka-connect.yaml | 11 +++++++++++ kustomize/environments/staging/kafka.yaml | 11 +++++++++++ kustomize/environments/staging/ksqldb.yaml | 11 +++++++++++ kustomize/environments/staging/kustomization.yaml | 10 +++++++++- kustomize/environments/staging/schema-registry.yaml | 11 +++++++++++ 18 files changed, 188 insertions(+), 3 deletions(-) create mode 100644 kustomize/environments/dev/control-centre.yaml create mode 100644 kustomize/environments/dev/kafka-connect.yaml create mode 100644 kustomize/environments/dev/kafka.yaml create mode 100644 kustomize/environments/dev/ksqldb.yaml create mode 100644 kustomize/environments/dev/schema-registry.yaml create mode 100644 kustomize/environments/production/control-centre.yaml create mode 100644 kustomize/environments/production/kafka-connect.yaml create mode 100644 kustomize/environments/production/kafka.yaml create mode 100644 kustomize/environments/production/ksqldb.yaml create mode 100644 kustomize/environments/production/schema-registry.yaml create mode 100644 kustomize/environments/staging/control-centre.yaml create mode 100644 kustomize/environments/staging/kafka-connect.yaml create mode 100644 kustomize/environments/staging/kafka.yaml create mode 100644 kustomize/environments/staging/ksqldb.yaml create mode 100644 kustomize/environments/staging/schema-registry.yaml diff --git a/kustomize/environments/dev/control-centre.yaml b/kustomize/environments/dev/control-centre.yaml new file mode 100644 index 0000000..0fbd39b --- /dev/null +++ b/kustomize/environments/dev/control-centre.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ControlCenter +metadata: + name: controlcenter +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 + mds: + endpoint: https://kafka.dev.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/dev/kafka-connect.yaml b/kustomize/environments/dev/kafka-connect.yaml new file mode 100644 index 0000000..ed69f20 --- /dev/null +++ b/kustomize/environments/dev/kafka-connect.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Connect +metadata: + name: connect +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 + mds: + endpoint: https://kafka.dev.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/dev/kafka.yaml b/kustomize/environments/dev/kafka.yaml new file mode 100644 index 0000000..5179afb --- /dev/null +++ b/kustomize/environments/dev/kafka.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + dependencies: + zookeeper: + endpoint: zookeeper.dev.svc.cluster.local:2182 + metricReporter: + bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 diff --git a/kustomize/environments/dev/ksqldb.yaml b/kustomize/environments/dev/ksqldb.yaml new file mode 100644 index 0000000..87ed05d --- /dev/null +++ b/kustomize/environments/dev/ksqldb.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KsqlDB +metadata: + name: ksqldb +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 + mds: + endpoint: https://kafka.dev.svc.cluster.local:8090 diff --git a/kustomize/environments/dev/kustomization.yaml b/kustomize/environments/dev/kustomization.yaml index eff2f03..21fdde4 100644 --- a/kustomize/environments/dev/kustomization.yaml +++ b/kustomize/environments/dev/kustomization.yaml @@ -1,4 +1,10 @@ +namespace: dev resources: - namespace.yaml - ../../base -namespace: dev +patchesStrategicMerge: + - control-centre.yaml + - kafka.yaml + - kafka-connect.yaml + - ksqldb.yaml + - schema-registry.yaml \ No newline at end of file diff --git a/kustomize/environments/dev/schema-registry.yaml b/kustomize/environments/dev/schema-registry.yaml new file mode 100644 index 0000000..38942b2 --- /dev/null +++ b/kustomize/environments/dev/schema-registry.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: SchemaRegistry +metadata: + name: registry +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 + mds: + endpoint: https://kafka.dev.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/production/control-centre.yaml b/kustomize/environments/production/control-centre.yaml new file mode 100644 index 0000000..3bb0125 --- /dev/null +++ b/kustomize/environments/production/control-centre.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ControlCenter +metadata: + name: controlcenter +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.production.svc.cluster.local:9071 + mds: + endpoint: https://kafka.production.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/production/kafka-connect.yaml b/kustomize/environments/production/kafka-connect.yaml new file mode 100644 index 0000000..610d3a5 --- /dev/null +++ b/kustomize/environments/production/kafka-connect.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Connect +metadata: + name: connect +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.production.svc.cluster.local:9071 + mds: + endpoint: https://kafka.production.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/production/kafka.yaml b/kustomize/environments/production/kafka.yaml new file mode 100644 index 0000000..9b4e762 --- /dev/null +++ b/kustomize/environments/production/kafka.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + dependencies: + zookeeper: + endpoint: zookeeper.production.svc.cluster.local:2182 + metricReporter: + bootstrapEndpoint: kafka.production.svc.cluster.local:9071 diff --git a/kustomize/environments/production/ksqldb.yaml b/kustomize/environments/production/ksqldb.yaml new file mode 100644 index 0000000..cbad49d --- /dev/null +++ b/kustomize/environments/production/ksqldb.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KsqlDB +metadata: + name: ksqldb +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.production.svc.cluster.local:9071 + mds: + endpoint: https://kafka.production.svc.cluster.local:8090 diff --git a/kustomize/environments/production/kustomization.yaml b/kustomize/environments/production/kustomization.yaml index 9927ffc..3e21d5c 100644 --- a/kustomize/environments/production/kustomization.yaml +++ b/kustomize/environments/production/kustomization.yaml @@ -1,4 +1,10 @@ +namespace: production resources: - namespace.yaml - ../../base -namespace: production +patchesStrategicMerge: + - control-centre.yaml + - kafka.yaml + - kafka-connect.yaml + - ksqldb.yaml + - schema-registry.yaml diff --git a/kustomize/environments/production/schema-registry.yaml b/kustomize/environments/production/schema-registry.yaml new file mode 100644 index 0000000..4435b13 --- /dev/null +++ b/kustomize/environments/production/schema-registry.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: SchemaRegistry +metadata: + name: registry +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.production.svc.cluster.local:9071 + mds: + endpoint: https://kafka.production.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/staging/control-centre.yaml b/kustomize/environments/staging/control-centre.yaml new file mode 100644 index 0000000..1a071ef --- /dev/null +++ b/kustomize/environments/staging/control-centre.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ControlCenter +metadata: + name: controlcenter +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.staging.svc.cluster.local:9071 + mds: + endpoint: https://kafka.staging.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/staging/kafka-connect.yaml b/kustomize/environments/staging/kafka-connect.yaml new file mode 100644 index 0000000..703ffb3 --- /dev/null +++ b/kustomize/environments/staging/kafka-connect.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Connect +metadata: + name: connect +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.staging.svc.cluster.local:9071 + mds: + endpoint: https://kafka.staging.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/staging/kafka.yaml b/kustomize/environments/staging/kafka.yaml new file mode 100644 index 0000000..2c2c250 --- /dev/null +++ b/kustomize/environments/staging/kafka.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + dependencies: + zookeeper: + endpoint: zookeeper.staging.svc.cluster.local:2182 + metricReporter: + bootstrapEndpoint: kafka.staging.svc.cluster.local:9071 diff --git a/kustomize/environments/staging/ksqldb.yaml b/kustomize/environments/staging/ksqldb.yaml new file mode 100644 index 0000000..4277f5d --- /dev/null +++ b/kustomize/environments/staging/ksqldb.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KsqlDB +metadata: + name: ksqldb +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.staging.svc.cluster.local:9071 + mds: + endpoint: https://kafka.staging.svc.cluster.local:8090 diff --git a/kustomize/environments/staging/kustomization.yaml b/kustomize/environments/staging/kustomization.yaml index 8efa5b0..1ccf259 100644 --- a/kustomize/environments/staging/kustomization.yaml +++ b/kustomize/environments/staging/kustomization.yaml @@ -1,4 +1,12 @@ +namespace: staging resources: - namespace.yaml - ../../base -namespace: staging +patchesStrategicMerge: + - control-centre.yaml + - kafka.yaml + - kafka-connect.yaml + - ksqldb.yaml + - schema-registry.yaml + + diff --git a/kustomize/environments/staging/schema-registry.yaml b/kustomize/environments/staging/schema-registry.yaml new file mode 100644 index 0000000..090e01e --- /dev/null +++ b/kustomize/environments/staging/schema-registry.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: SchemaRegistry +metadata: + name: registry +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.staging.svc.cluster.local:9071 + mds: + endpoint: https://kafka.staging.svc.cluster.local:8090 \ No newline at end of file From d3fa47b0a04805fa08920aad09d05fb73d346d18 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Wed, 19 May 2021 12:34:55 +0100 Subject: [PATCH 45/46] limit deploy to dev --- MANUAL_PROCESS.md | 19 +++ flux-system/gotk-sync.yaml | 2 +- .../base/confluent-suite/broker/kafka.yaml | 122 ++++++++++++++++++ .../confluent-suite/broker/kustomization.yaml | 11 ++ .../rolebindings/connect/connect-base.yaml | 44 +++++++ .../rolebindings/connect/connect-groups.yaml | 16 +++ .../rolebindings/connect/connect-topics.yaml | 25 ++++ .../rolebindings/connect/kustomization.yaml | 7 + .../controlcenter/controlcentre-base.yaml | 9 ++ .../controlcenter/controlcentre-clusters.yaml | 35 +++++ .../controlcenter/kustomization.yaml | 6 + .../rolebindings/ksqldb/ksqldb-base.yaml | 29 +++++ .../rolebindings/ksqldb/ksqldb-cluster.yaml | 14 ++ .../rolebindings/ksqldb/ksqldb-groups.yaml | 13 ++ .../ksqldb/ksqldb-ksqlcluster.yaml | 16 +++ .../rolebindings/ksqldb/ksqldb-topics.yaml | 19 +++ .../ksqldb/ksqldb-transaction.yaml | 13 ++ .../rolebindings/ksqldb/kustomization.yaml | 10 ++ .../rolebindings/kustomization.yaml | 9 ++ .../ldap/groups/kustomization.yaml | 5 + .../rolebindings/ldap/groups/ldap-groups.yaml | 77 +++++++++++ .../rolebindings/ldap/kustomization.yaml | 5 + .../ldap/users/kustomization.yaml | 5 + .../rolebindings/ldap/users/ldap-users.yaml | 0 .../schemaregistry/kustomization.yaml | 7 + .../schemaregistry/schemaregistry-base.yaml | 33 +++++ .../schemaregistry/schemaregistry-groups.yaml | 17 +++ .../schemaregistry/schemaregistry-topics.yaml | 14 ++ .../secrets/c3-mds-client.yaml | 7 + .../secrets/connect-mds-client.yaml | 7 + .../confluent-suite/secrets/credential.yaml | 14 ++ .../secrets/ksqldb-mds-client.yaml | 7 + .../secrets/kustomization.yaml | 11 ++ .../confluent-suite/secrets/mds-client.yaml | 7 + .../confluent-suite/secrets/mds-token.yaml | 8 ++ .../secrets/rest-credential.yaml | 9 ++ .../secrets/sr-mds-client.yaml | 7 + .../zookeeper/certificates.yaml | 108 ++++++++++++++++ .../zookeeper/kustomization.yaml | 5 + .../confluent-suite/zookeeper/zookeeper.yaml | 18 +++ 40 files changed, 789 insertions(+), 1 deletion(-) create mode 100644 MANUAL_PROCESS.md create mode 100644 kustomize/base/confluent-suite/broker/kafka.yaml create mode 100644 kustomize/base/confluent-suite/broker/kustomization.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/connect/connect-base.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/connect/connect-groups.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/connect/connect-topics.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/connect/kustomization.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-base.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-clusters.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/controlcenter/kustomization.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-base.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-cluster.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-groups.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-topics.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-transaction.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/ksqldb/kustomization.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/kustomization.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/ldap/groups/kustomization.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/ldap/groups/ldap-groups.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/ldap/kustomization.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/ldap/users/kustomization.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/ldap/users/ldap-users.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/schemaregistry/kustomization.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-base.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-groups.yaml create mode 100644 kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-topics.yaml create mode 100644 kustomize/base/confluent-suite/secrets/c3-mds-client.yaml create mode 100644 kustomize/base/confluent-suite/secrets/connect-mds-client.yaml create mode 100644 kustomize/base/confluent-suite/secrets/credential.yaml create mode 100644 kustomize/base/confluent-suite/secrets/ksqldb-mds-client.yaml create mode 100644 kustomize/base/confluent-suite/secrets/kustomization.yaml create mode 100644 kustomize/base/confluent-suite/secrets/mds-client.yaml create mode 100644 kustomize/base/confluent-suite/secrets/mds-token.yaml create mode 100644 kustomize/base/confluent-suite/secrets/rest-credential.yaml create mode 100644 kustomize/base/confluent-suite/secrets/sr-mds-client.yaml create mode 100644 kustomize/base/confluent-suite/zookeeper/certificates.yaml create mode 100644 kustomize/base/confluent-suite/zookeeper/kustomization.yaml create mode 100644 kustomize/base/confluent-suite/zookeeper/zookeeper.yaml diff --git a/MANUAL_PROCESS.md b/MANUAL_PROCESS.md new file mode 100644 index 0000000..b1ef625 --- /dev/null +++ b/MANUAL_PROCESS.md @@ -0,0 +1,19 @@ +## Deploy base Flux components +* Navigate to ./flux-system +* Run `kubectl apply -f gotk-components.yaml` + +## Add GitHub Deploy Key +* Navigate to ./resources/git +* Generate identity, identity.pub, knownhosts file +* Add identity.pub to 'deploy keys' in github +* run git_repo.sh + +## Deploy confluent-helm chart secrets +* Navigate to ./resources/confluent-helm +* Set ENV Vars +* run `senstive_secrets.sh` + +## Deploy Flux Sync +* Navigate to ./flux-system +* run `kubectl apply -f gotk-sync.yaml` + diff --git a/flux-system/gotk-sync.yaml b/flux-system/gotk-sync.yaml index a362488..7bd52f1 100644 --- a/flux-system/gotk-sync.yaml +++ b/flux-system/gotk-sync.yaml @@ -40,7 +40,7 @@ spec: dependsOn: - name: confluent-infra interval: 5m - path: ./kustomize/environments + path: ./kustomize/environments/dev prune: true sourceRef: kind: GitRepository diff --git a/kustomize/base/confluent-suite/broker/kafka.yaml b/kustomize/base/confluent-suite/broker/kafka.yaml new file mode 100644 index 0000000..013f0e5 --- /dev/null +++ b/kustomize/base/confluent-suite/broker/kafka.yaml @@ -0,0 +1,122 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + replicas: 3 + image: + application: confluentinc/cp-server-operator:6.1.1.0 + init: confluentinc/cp-init-container-operator:6.1.1.0 + dataVolumeCapacity: 40Gi + tls: + autoGeneratedCerts: true + listeners: + # internal listener is used to access the Kafka cluster from the same Kubernetes cluster, + # i.e. in the svc.cluster.local + internal: + authentication: + type: plain + jaasConfig: + secretRef: credential + tls: + enabled: true + # external listener exposes the Kafka bootstrap and brokers as LB endpoints + external: + authentication: + type: plain + jaasConfig: + secretRef: credential + tls: + enabled: true + authorization: + type: rbac + superUsers: + - User:kafka + services: + mds: + tls: + enabled: true + tokenKeyPair: + secretRef: mds-token + provider: + type: ldap + ldap: + address: ldap://ldap.tools.svc.cluster.local:389 + authentication: + type: simple + simple: + secretRef: credential + configurations: + groupNameAttribute: cn + groupObjectClass: group + groupMemberAttribute: member + groupMemberAttributePattern: CN=(.*),DC=test,DC=com + groupSearchBase: dc=test,dc=com + userNameAttribute: cn + userMemberOfAttributePattern: CN=(.*),DC=test,DC=com + userObjectClass: organizationalRole + userSearchBase: dc=test,dc=com + configOverrides: + server: + # the LDAP lookup is set by default to ONE_LEVEL + - ldap.user.search.scope=2 + - ldap.search.mode=GROUPS + + # Overwrite the default settings on the INTERNAL listener + - listener.name.internal.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER + - listener.name.internal.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; + - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler + - listener.name.internal.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; + - listener.name.internal.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler + - listener.name.internal.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler + + # Overwrite the default settings on the EXTERNAL listener + - listener.name.external.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER + - listener.name.external.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; + - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler + - listener.name.external.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; + - listener.name.external.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler + - listener.name.external.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler + + # Overwrite the default settings on the REPLICATION listener + - listener.name.replication.sasl.enabled.mechanisms=PLAIN + - listener.name.replication.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="${file:/mnt/secrets/credential/plain.txt:username}" password="${file:/mnt/secrets/credential/plain.txt:password}"; + - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler + + # log4j: + # - log4j.logger.io.confluent.security.auth.provider.ldap.LdapGroupManager=DEBUG + dependencies: + kafkaRest: + authentication: + type: bearer + bearer: + secretRef: mds-client + zookeeper: + endpoint: zookeeper.confluent.svc.cluster.local:2182 + authentication: + type: digest + jaasConfig: + secretRef: credential + tls: + enabled: true + metricReporter: + enabled: true + bootstrapEndpoint: kafka.confluent.svc.cluster.local:9071 + authentication: + type: plain + jaasConfig: + secretRef: credential + tls: + enabled: true +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaRestClass +metadata: + name: default +spec: + kafkaRest: + authentication: + type: bearer + bearer: + secretRef: rest-credential \ No newline at end of file diff --git a/kustomize/base/confluent-suite/broker/kustomization.yaml b/kustomize/base/confluent-suite/broker/kustomization.yaml new file mode 100644 index 0000000..58aea4c --- /dev/null +++ b/kustomize/base/confluent-suite/broker/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - certificates.yaml + - zookeeper.yaml + - kafka.yaml + - kafka-connect.yaml + - schema-registry.yaml + - control-centre.yaml + - rest-proxy.yaml + - ksqldb.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/connect/connect-base.yaml b/kustomize/base/confluent-suite/rolebindings/connect/connect-base.yaml new file mode 100644 index 0000000..0dfc382 --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/connect/connect-base.yaml @@ -0,0 +1,44 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: connect-cluster-base +spec: + clustersScopeByIds: + connectClusterId: confluent.connect + principal: + name: connect + type: user + role: SecurityAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: connect-resources-base +spec: + principal: + name: connect + type: user + resourcePatterns: + - name: confluent.connect + patternType: LITERAL + resourceType: Group + - name: confluent.connect- + patternType: PREFIXED + resourceType: Topic + role: ResourceOwner +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: connect-monitoring-base +spec: + principal: + name: connect + type: user + resourcePatterns: + - name: _confluent-monitoring + patternType: PREFIXED + resourceType: Topic + role: DeveloperWrite + + diff --git a/kustomize/base/confluent-suite/rolebindings/connect/connect-groups.yaml b/kustomize/base/confluent-suite/rolebindings/connect/connect-groups.yaml new file mode 100644 index 0000000..c62b7b5 --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/connect/connect-groups.yaml @@ -0,0 +1,16 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: connect-groups +spec: + principal: + name: connect + type: user + resourcePatterns: + - name: connect-cluster + patternType: LITERAL + resourceType: Group + - name: connect-secrets + patternType: LITERAL + resourceType: Group + role: ResourceOwner diff --git a/kustomize/base/confluent-suite/rolebindings/connect/connect-topics.yaml b/kustomize/base/confluent-suite/rolebindings/connect/connect-topics.yaml new file mode 100644 index 0000000..316544e --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/connect/connect-topics.yaml @@ -0,0 +1,25 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: connect-topics +spec: + principal: + name: connect + type: user + resourcePatterns: + - name: _confluent-connect-secrets + patternType: LITERAL + resourceType: Topic + - name: _confluent-connect-status + patternType: LITERAL + resourceType: Topic + - name: _confluent-connect-offsets + patternType: LITERAL + resourceType: Topic + - name: _confluent-connect-configs + patternType: LITERAL + resourceType: Topic + - name: confluent.connect- + patternType: PREFIXED + resourceType: Topic + role: ResourceOwner diff --git a/kustomize/base/confluent-suite/rolebindings/connect/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/connect/kustomization.yaml new file mode 100644 index 0000000..6275c8d --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/connect/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: confluent +resources: + - connect-base.yaml + - connect-groups.yaml + - connect-topics.yaml diff --git a/kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-base.yaml b/kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-base.yaml new file mode 100644 index 0000000..64a4063 --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-base.yaml @@ -0,0 +1,9 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: control-centre-base +spec: + principal: + name: ccc + type: user + role: SystemAdmin diff --git a/kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-clusters.yaml b/kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-clusters.yaml new file mode 100644 index 0000000..600571f --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-clusters.yaml @@ -0,0 +1,35 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: control-centre-cluster-registry +spec: + clustersScopeByIds: + schemaRegistryClusterId: schema-registry + principal: + name: ccc + type: user + role: SystemAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: control-centre-cluster-connect +spec: + clustersScopeByIds: + connectClusterId: confluent.connect + principal: + name: ccc + type: user + role: SystemAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: control-centre-cluster-ksqldb +spec: + clustersScopeByIds: + ksqlClusterId: ksqldb-cluster + principal: + name: ccc + type: user + role: SystemAdmin diff --git a/kustomize/base/confluent-suite/rolebindings/controlcenter/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/controlcenter/kustomization.yaml new file mode 100644 index 0000000..5b6c76f --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/controlcenter/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: confluent +resources: + - controlcentre-base.yaml + - controlcentre-clusters.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-base.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-base.yaml new file mode 100644 index 0000000..bc777a6 --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-base.yaml @@ -0,0 +1,29 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: ksqldb-cluster-base +spec: + clustersScopeByIds: + ksqlClusterId: confluent.ksqldb_ + principal: + name: ksql + type: user + resourcePatterns: + - name: ksql-cluster + patternType: LITERAL + resourceType: KsqlCluster + role: ResourceOwner +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: ksqldb-cluster-resources-base +spec: + principal: + name: ksql + type: user + resourcePatterns: + - name: _confluent-ksql-confluent.ksqldb_ + patternType: PREFIXED + resourceType: Topic + role: ResourceOwner diff --git a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-cluster.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-cluster.yaml new file mode 100644 index 0000000..ce34f3f --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-cluster.yaml @@ -0,0 +1,14 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: ksqldb-cluster +spec: + clustersScopeByIds: + kafkaClusterId: qrGPK1LPTaa1s9d5D4V1rw + principal: + name: ksql + type: user + resourcePatterns: + - name: kafka-cluster + resourceType: Cluster + role: DeveloperWrite \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-groups.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-groups.yaml new file mode 100644 index 0000000..04083cd --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-groups.yaml @@ -0,0 +1,13 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: ksqldb-cluster-groups +spec: + principal: + name: ksql + type: user + resourcePatterns: + - name: _confluent-ksql-ksqldb-cluster + patternType: PREFIXED + resourceType: Group + role: ResourceOwner diff --git a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml new file mode 100644 index 0000000..63e70dc --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml @@ -0,0 +1,16 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: ksqldb-cluster-ksqlcluster +spec: + clustersScopeByIds: + ksqlClusterId: confluent.ksqldb_ + principal: + name: ksql + type: user + resourcePatterns: + - name: ksql-cluster + patternType: LITERAL + resourceType: KsqlCluster + role: ResourceOwner +--- diff --git a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-topics.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-topics.yaml new file mode 100644 index 0000000..0ba6994 --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-topics.yaml @@ -0,0 +1,19 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: ksqldb-cluster-topics +spec: + principal: + name: ksql + type: user + resourcePatterns: + - name: _confluent-ksql-confluent.ksqldb_ + patternType: PREFIXED + resourceType: Topic + - name: _confluent-ksql-ksqldb-cluster_command_topic + patternType: PREFIXED + resourceType: Topic + - name: ksqldb-clusterksql_processing_log + patternType: PREFIXED + resourceType: Topic + role: ResourceOwner diff --git a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-transaction.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-transaction.yaml new file mode 100644 index 0000000..0e7910b --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-transaction.yaml @@ -0,0 +1,13 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: ksqldb-cluster-transaction +spec: + principal: + name: ksql + type: user + resourcePatterns: + - name: ksqldb-cluster + patternType: PREFIXED + resourceType: TransactionalId + role: ResourceOwner diff --git a/kustomize/base/confluent-suite/rolebindings/ksqldb/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/kustomization.yaml new file mode 100644 index 0000000..3d026df --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/ksqldb/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: confluent +resources: + - ksqldb-base.yaml + - ksqldb-cluster.yaml + - ksqldb-groups.yaml + - ksqldb-ksqlcluster.yaml + - ksqldb-topics.yaml + - ksqldb-transaction.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/kustomization.yaml new file mode 100644 index 0000000..c00c807 --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: confluent +resources: + - ldap + - controlcenter + - connect + - ksqldb + - schemaregistry \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/ldap/groups/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/ldap/groups/kustomization.yaml new file mode 100644 index 0000000..3ced4b9 --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/ldap/groups/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: confluent +resources: + - ldap-groups.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/ldap/groups/ldap-groups.yaml b/kustomize/base/confluent-suite/rolebindings/ldap/groups/ldap-groups.yaml new file mode 100644 index 0000000..755ce6e --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/ldap/groups/ldap-groups.yaml @@ -0,0 +1,77 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: admin-groups-kafka-cluster-connect +spec: + clustersScopeByIds: + connectClusterId: confluent.connect + principal: + name: admins + type: group + resourcePatterns: + - name: "*" + resourceType: Connector + role: ResourceOwner +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: admin-groups-kafka-cluster-sr +spec: + clustersScopeByIds: + schemaRegistryClusterId: schema-registry + principal: + name: admins + type: group + role: SystemAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: admin-groups-kafka-cluster-ksql +spec: + clustersScopeByIds: + ksqlClusterId: ksqldb-cluster + principal: + name: admins + type: group + role: SystemAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: admin-group-topics +spec: + principal: + name: admins + type: group + resourcePatterns: + - name: "*" + resourceType: Topic + role: ResourceOwner +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: admin-group-groups +spec: + principal: + name: admins + type: group + resourcePatterns: + - name: "*" + resourceType: Group + role: ResourceOwner +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: admin-group-transactionalid +spec: + principal: + name: admins + type: group + resourcePatterns: + - name: "*" + resourceType: TransactionalId + role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/ldap/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/ldap/kustomization.yaml new file mode 100644 index 0000000..c860fd8 --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/ldap/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - groups + - users \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/ldap/users/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/ldap/users/kustomization.yaml new file mode 100644 index 0000000..63f5568 --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/ldap/users/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: confluent +resources: + - ldap-users.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/ldap/users/ldap-users.yaml b/kustomize/base/confluent-suite/rolebindings/ldap/users/ldap-users.yaml new file mode 100644 index 0000000..e69de29 diff --git a/kustomize/base/confluent-suite/rolebindings/schemaregistry/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/schemaregistry/kustomization.yaml new file mode 100644 index 0000000..9e63810 --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/schemaregistry/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: confluent +resources: + - schemaregistry-base.yaml + - schemaregistry-groups.yaml + - schemaregistry-topics.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-base.yaml b/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-base.yaml new file mode 100644 index 0000000..3a9eea6 --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-base.yaml @@ -0,0 +1,33 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: registry-base + namespace: confluent +spec: + clustersScopeByIds: + schemaRegistryClusterId: id_registry_confluent + principal: + name: registry + type: user + role: SecurityAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: registry-mds-client-resources-base + namespace: confluent +spec: + principal: + name: registry + type: user + resourcePatterns: + - name: _confluent-license + patternType: LITERAL + resourceType: Topic + - name: _schemas_schemaregistry_confluent + patternType: LITERAL + resourceType: Topic + - name: id_schemaregistry_confluent + patternType: LITERAL + resourceType: Group + role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-groups.yaml b/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-groups.yaml new file mode 100644 index 0000000..1696c23 --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-groups.yaml @@ -0,0 +1,17 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: registry-groups + namespace: confluent +spec: + principal: + name: registry + type: user + resourcePatterns: + - name: id_schemaregistry_confluent + patternType: LITERAL + resourceType: Group + - name: schema-registry + patternType: LITERAL + resourceType: Group + role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-topics.yaml b/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-topics.yaml new file mode 100644 index 0000000..ab7d24b --- /dev/null +++ b/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-topics.yaml @@ -0,0 +1,14 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: registry-topics + namespace: confluent +spec: + principal: + name: registry + type: user + resourcePatterns: + - name: _schemas + patternType: LITERAL + resourceType: Topic + role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/confluent-suite/secrets/c3-mds-client.yaml b/kustomize/base/confluent-suite/secrets/c3-mds-client.yaml new file mode 100644 index 0000000..3d6d429 --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/c3-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9YzMKcGFzc3dvcmQ9YzMtc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: c3-mds-client diff --git a/kustomize/base/confluent-suite/secrets/connect-mds-client.yaml b/kustomize/base/confluent-suite/secrets/connect-mds-client.yaml new file mode 100644 index 0000000..3adbc0b --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/connect-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9Y29ubmVjdApwYXNzd29yZD1jb25uZWN0LXNlY3JldAo= +kind: Secret +metadata: + creationTimestamp: null + name: connect-mds-client diff --git a/kustomize/base/confluent-suite/secrets/credential.yaml b/kustomize/base/confluent-suite/secrets/credential.yaml new file mode 100644 index 0000000..053a4d6 --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/credential.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: + basic.txt: YzM6IGMzLXNlY3JldCxBZG1pbmlzdHJhdG9ycwphZG1pbjogRGV2ZWxvcGVyMSxBZG1pbmlzdHJhdG9ycwphZG1pbjE6IERldmVsb3BlcjEsQWRtaW5pc3RyYXRvcnMK + digest-users.json: ewogICJrYWZrYSI6ICJrYWZrYS1zZWNyZXQiCn0K + digest.txt: dXNlcm5hbWU9ImthZmthIgpwYXNzd29yZD0ia2Fma2Etc2VjcmV0Ig== + ldap.txt: dXNlcm5hbWU9Y249bWRzLGRjPXRlc3QsZGM9Y29tCnBhc3N3b3JkPURldmVsb3BlciEK + mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t + mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== + plain-users.json: ewogICJrYWZrYV9jbGllbnQiOiAia2Fma2FfY2xpZW50LXNlY3JldCIsCiAgImMzIjogImMzLXNlY3JldCIsCiAgImthZmthIjogImthZmthLXNlY3JldCIKfQ== + plain.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: credential diff --git a/kustomize/base/confluent-suite/secrets/ksqldb-mds-client.yaml b/kustomize/base/confluent-suite/secrets/ksqldb-mds-client.yaml new file mode 100644 index 0000000..6a053fc --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/ksqldb-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9a3NxbApwYXNzd29yZD1rc3FsLXNlY3JldAo= +kind: Secret +metadata: + creationTimestamp: null + name: ksqldb-mds-client diff --git a/kustomize/base/confluent-suite/secrets/kustomization.yaml b/kustomize/base/confluent-suite/secrets/kustomization.yaml new file mode 100644 index 0000000..5471250 --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - c3-mds-client.yaml + - connect-mds-client.yaml + - credential.yaml + - ksqldb-mds-client.yaml + - mds-client.yaml + - mds-token.yaml + - rest-credential.yaml + - sr-mds-client.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-suite/secrets/mds-client.yaml b/kustomize/base/confluent-suite/secrets/mds-client.yaml new file mode 100644 index 0000000..24de26d --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: mds-client diff --git a/kustomize/base/confluent-suite/secrets/mds-token.yaml b/kustomize/base/confluent-suite/secrets/mds-token.yaml new file mode 100644 index 0000000..ae87e43 --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/mds-token.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t + mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== +kind: Secret +metadata: + creationTimestamp: null + name: mds-token diff --git a/kustomize/base/confluent-suite/secrets/rest-credential.yaml b/kustomize/base/confluent-suite/secrets/rest-credential.yaml new file mode 100644 index 0000000..f7901ac --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/rest-credential.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + basic.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== + bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== + plain.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: rest-credential diff --git a/kustomize/base/confluent-suite/secrets/sr-mds-client.yaml b/kustomize/base/confluent-suite/secrets/sr-mds-client.yaml new file mode 100644 index 0000000..fb57182 --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/sr-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9c3IKcGFzc3dvcmQ9c3Itc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: sr-mds-client diff --git a/kustomize/base/confluent-suite/zookeeper/certificates.yaml b/kustomize/base/confluent-suite/zookeeper/certificates.yaml new file mode 100644 index 0000000..5d34267 --- /dev/null +++ b/kustomize/base/confluent-suite/zookeeper/certificates.yaml @@ -0,0 +1,108 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: ca-pair-sslcerts +type: kubernetes.io/tls +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzCnVFM0dWemp2dEFKbno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTQKakNYaEJpcU5RcXkrMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWQpKNGtNcEJGalhjNmVFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkCjJCTVhSY2pBR3dUek9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzIKYjhLV3hQTHVjUDFaY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2bwpuTTVIVW1YR212cjBPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1CkhOU2RsemhLVC9xZG5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGEKNnpCbHZhUHo3WHRST2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVgpFWi92Q2lCNHEzTEh2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxCnlvUmNpaFAyNVlUV1BjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUEKQVFLQ0FnQXZ3TktEeEw3Nnl0Rm42RGVpaUVWSVhzQWR2cHNwQm9TY3FBYTFMOG5DeVV2eTl3RDNFcE01cTJuRQorTFIzck42TkZTL084dUQzbTVEUk1Ma00vd3grclgzZVFrc2U0L2Q1OU52U0hLUVJQQmxYaEhpOGc5YWl6L0FyCmNxU2JUSGFvNTZVSExiUFlGUExMdHYvTjNUeVNFOFQvS2FZNjk5SUJrVnhzcmtwR0VUYmd0WmcvUzA5N0JxTUQKMFpZaVNUUEt5REtmaThMTngwUzdaczZYSXJLbjhES2ZsYnZUNStzaHkzYUQxd1hHRGYyQjlGV1c3MUtNMmNVYgpZMG1Yb2VNb1U5aFBXMEhWNjAydUdKRVBKMVh3T0pYTDMybGRsY1JjZVd5c0IwanNRQXphZmJQS1lOSlE2ZGJCCjlsT08wdVZ0a3FGRTgyNUp0a001Ry9iOHVkZldmdlFmcEswWU51aTBuRlVNRmowNHd4WUl1RWNvWDU0RFlzMFMKTnhxRWRqUE1VMUl4bzNXb2dvVU9CRUdLMmFVakIwSVA1SGk1QlN0Tld2bVcrTUMwN3cxUDQxWUJvaVpuT1ZleQp0ZDFoc0p1RW5LVVlCU2pDME9IRnNPMlcveEdhZEU3TVlLUzAzcWh6eVVxVmlKTmNvZkxDckNLNDkyZHJOckU1CjYvTjVvcUtpRzIySE9qejBLblV6T1I3S3QyVjVtYlVQTkQrWGxjRlBKNmo5ZU1CU0t0YlgvQnZXR0ZMSGJtL3UKOXZVQjFvSFErR0IzSlVJNTRSRGY5WXMyTlIrM0VVWmdvakcybzZXbE1PTDNMMm93OGQrYllZZEt3SHUxcVlMSQpLSWJvTnJYRTVYcmYvSUdwNmQ2WXExbURXd09PS1AxTzUvVFFqSHdQWXNNMlpObFlxUUtDQVFFQThzQmtndnB0Clo3MDlxMkZDQWRIZnBsK0RQMllPL0g5emFqc1Z5M2ZWTmtlTUQ4V2ZvQUppZnFPbEQ3d0s4SVNzTFVkRThHVnIKdzVmQjdBUTVONUZFekc1WVZFU1pTY0oydnF5RnVUVHEwcm93VFF4NDZaTWEyS25kZnRIdVJKZitjczV1eFV0YQpMZ3grNHBsK3Q1NEI3NUd2TkdOaE4wNHlPbHZUU2EzRDZYNDFGTDJ4TFRxcjA3YjVZTTZlTXNoQ1BKMWF4Ti9yCmpQb1RQUDJxYkRObE53RWlBcm9Vb3lacitrVzh6Nkx0eWxkSTBWNjhsYW53NkhabXptazNUSExVTXJzV2EvWmQKdUIybGY3UklKdHg5QVVkZm8rWHRmUk54WGgxZWtlQXkvbWh3dUN0M0JSWU13ek5weVRld3BMa0dzTUNJREZ3SwprODhjTEN4ZUtUTFpYd0tDQVFFQXhQcnlGbEhlZHBPR1JteHRaZGRRaGg3YlB5M0R1aThjZjYrdmVhT2JkN3QyCnZuQUpUaWtYT0VLOUoxU2k2S1QzbDdicm01b0dzangxZHNmV1dPQ2VCbG81NEFXQU1hUWxzR2g3RWk0Y2dNeTUKMkJFb010Q0ZrRy9PMThrSndnNnoyTEhPbSswYlh3b0Y2eTdKbTUrbCtOeCtERWxCMnFaNGEwQzZQU3NKZExvNwpsN1NtNEorc2I0TVBmaktJd1Q0eWtqS09ObE9HT0ZhckpPQnZGWENpaStaeEIwK3ZzRHpaV2lSZGVSVEM2WlRPCjJWOXkxemdpd0d2dWQ3UDFraGZJZG9XU3grYjlhVTJzZUdtTzkydkw0UDNXUHRFdGhaTXF3R0t0Tzh1U0M3Mm0KckNaZDF1MmpISWVWNXRUR0I3bUg3WlFEYU5xMnhLb2lOeFIxaGVsSFpRS0NBUUFvRVF0Rjl4R1J1dEZ2OVFpUgpCbFAwd1BVSHhNK2FhMnJnVU1wRElBOUgrejBwNlVOMGhKQS9PTUZvdkcvTnpRZ2lIUTVLNDJLTEVRUkg4VmFFClRtemRsU1R0RzdsMVRDeVBRaWg4TGpqSCtVVTVvbUplb3hJZVNzTXRTSGNjU1Q0Tk12ZGpoeEZtWWxlYkRSeTIKTDlVLzluckZtZFdVN0Vvc0NiWHhCa1k4eHNENklHa2Evd0VYVzY4RGhIYm1DTm10NllidTBjcXVKU1NCdjVpZQpiVWs2Yit4dUtNcDVOMEZCT0x0MlJmMGJsWmFHUUMyK1FpTnFLd2pDN3VqYXJHVkx6a2RnSUhUTmk4OGlLZDV5CjA1ZXFXMTUwemVHSjhHaVkwUjRuMDZwM0JVUDlrZWIrSnVxS1dYVVBhaXEwdFhsZU9SajdlVUdocmVDSGhmY3cKczV6ZkFvSUJBUUM1REVKbXcyeHBHcmYyNnA5dkgvSXV2VWdjdHlKN2d3eVR5M2plbmR0TWhOak5tTFMxTDViMwpySUxFTXhlRDFJNGdnYUFmSW5pTjhvd3JGUnNCamFvR3I3WlZCUFhrTEorWGROL0JPWDVmWlhSbFRlRGtzODMxCjNZT0VaZ0Y3dzVJaXpROGFub21ySStCaGl5ZXN3ak1LY2lFYjY2b28vV0I4NldiTVZlVGhPcDhIS3BmbXh6b1gKM0JpdTVreGd0Y3lPV1Y0T0hUTW5OQXc5YlhZTnZ5MkVuZXlyQUtvOHR6MDlHSktUVC9TM3VLc0Z2RXhIY1IzOApoS2lXM1lHaVNDTnpiSkp5cDBhREtZd1A1cUovUDA1ZHhEa0Q5RUIranIySDFHdUhrL3RVZWtyY3lJSTVpaTlFCmV2OVF4YXh2ejFTcDFQWExDRVRReGorMFhNejNDeXFkQW9JQkFDcmlMYzdocmczNHZ2Q1F6dzN0cnk3b0JYL0sKSVhzZzBPY1BtSU9BZjhiaytUd2lBOWxFMWhwOU1IYkU5bER0cmF2WmIxTE5ZOHBPbE1GcVRMNkVHV0o1a0tQSgpxdW56Y200bHBUSUNCVUtMelQxdVhYa21WUTRreWM3SDZ4QXpkRUd6bkZlYlQydnE1aXRqZzIwWEVoeTFTMzZlCnNOVjkxaHYzZWRMT096NnRYc1lEdVY0RkJWWnloTmkzTGY3UE0xMEg4dE9XRzI4UlRnSTFGSTBvVnhacE5Hd1AKSFF1dkhlMWZway9uWm9Xd3RSejBuODVJSlN0T29mejc4dzZXTmdhY084bDBzZFhlT2lWZmNrMC9ZaG9rTUNNNgo5WFY5eUJ3enJoQ1Z1a0g0WXgvS2hyL0pIMWZlTlhHMng2UFgxbXRONzQvTDArcUtvZ29ha1Q0bHpFbz0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K +--- +apiVersion: v1 +kind: Secret +metadata: + name: connect-generated-jks +type: kubernetes.io/tls +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRFlUQ0NBa2tDQVFBd1JqRUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhFREFPQmdOVkJBTVRCMk52Ym01bFkzUXdnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREVXbTNJOWREdnBGK3d1MnZEOFdaaGFOSnhjMm1vWEw2WHZhYkgKQitaUWhYR3JGSjI1UFFZNis1WE1EaW1oZUhXcytWYjB0KzYycEhydktmVnNabURsZEFkMVdnVlJIZmsyOVF1SgpRTWsyazhrVUpBL2ExQ1ZEaCtkYUQ3K0hvZGo4NmZKSDFXNlRrbUlQeU83QWFuRENGbG04cWlqVmp5YUpVNHMrCnJIN1I1MitrekVDVXJrSk1uRVNpRkxzRDFTZDMvK1dLQUpYelc2UFI0ekM1YmpiRFVvM3lRSVh6TkZrVjhhRjQKYVloVTVxY0RXSTBkK1Z5TkR6REdRWUF2REdjQzVkaGpkVDI3dWFMeFRiWmc4V1NqSTJzZGE1NHo4T3lvRzliMApxTjRBQjNBeTFWV1hISEtlSDYvRWJLMzFOVFJuOTh1WFVWbWlYNzBlaitFbWhsTEJBZ01CQUFHZ2dkVXdnZElHCkNTcUdTSWIzRFFFSkRqR0J4RENCd1RDQnZnWURWUjBSQklHMk1JR3pnZ2RqYjI1dVpXTjBnaEZqYjI1dVpXTjAKTG1OdmJtWnNkV1Z1ZElJVlkyOXVibVZqZEM1amIyNW1iSFZsYm5RdWMzWmpnaU5qYjI1dVpXTjBMbU52Ym1acwpkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJVEtpNWpiMjV1WldOMExtTnZibVpzZFdWdWRJSWxLaTVqCmIyNXVaV04wTG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJZEtpNWpiMjVtYkhWbGJuUXUKYzNaakxtTnNkWE4wWlhJdWJHOWpZV3d3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQU1CNm9uSHMwOEV0QWE0aQpCZndYNTcyNXdSdUZKWFlBS2ZtZkg1eGFlVWNobnRhNW1tV2Y4Z1NyZVd3SDJPS3BneS9tZWYzYXdyWWhZWlBlClRMM2ZTZUdGZDdlYkR4Ty9oYW9ibk81THdtc0ZyekJPeDNhNTkrdXRCUGgvSHZMNWIwWll4c1ovdzQyYUw1T1IKWWpSTmVZMmlHaFVJRHFNbm1kZFpiRkNwMXVmNUp6N3RtdGxnN2J0Szd5T1pGVFZzZHZkVFZkbGdOekx2SWNRSAo5dTRNajhkV1lQb01waER6cmRiUmtqMVlsZU1EeHQzZ0RtRlhxTXNDQlJyMXBMTXJNb0lWdmhNc1RlWmpzN1AvCmhuL0o2dDVwNDIrRVpGVmE4S2VzeGNOVzBHZmEvRmdnM0RpK0hBcWY2dU01bXZQZGRNSTFSMVNEZjEzU3JJbloKbkdod1hyMD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== + jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk + keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EtLmkQAABQEwggT9MA4GCisGAQQBKgIRAQEFAASCBOmHkf+k/dFm49XH1xNNe9kMfnhChmgsnsA/yxQZEJ70Bj3tTq1X5Q+hkKKP/HBvN2cqSMx6bMCQtLCarZuilLYBQ910wG7mMJXqJJFpFNRdN/3om4mKWKZeEgkjy+Evpo0rs7PFCVnA8lYgYYcgwwadm0cuhwxHsvyFnUwum+OTp47f/zjwG2+4YvMBWGR297Se0+KcCBRnunacRFAttiltr3SwgN7LA4WutRm8VYVLR2VmjmhfxmX91UVEmtJ5UM7X3Dl2i8ClroUTGZpAfqlEw0U7Edkhdl7Gcw5QjxHcUL7vXyrOP6zK8+h6Foi+1sdYsVmcGAftM2I4ugH9KIv8YG6eCVesqIE2I10Djer5d+qmYGO1H0525xU3y/PH06DFymA4fh0c74l9b96vPRCyydN2IjtnLi+c5IvgkwKMMjSd+1c4/MrO7JCwZBx2QkxSced0emiXDEW27DbC/KPCjPTzc6X81104om0/UqAoJ2QyGevPZL27T/AhD9N2HmNEm/IRKkDD45IWVOLmS1bB+gsmOwGsUtfykt3BPPSaiGPL9mfH3J/16QaS/NaHvvC0FEaQ43hz049W+B4W8OmPY2oRNW6J1AjVw+lh3XJtCbGN7DnVlwEV2V3eMMMqF4XZGSboFq23VvDdBM1ZqcwlH4p970AqHkTg9O+5X506dNLGpFHKJzN5JdSeY2AOzkZIxDwK17ofxR4brTWZvHKkUSXDYUJv2nMfp/IF3ZcfoFOMY72X0ojU16nf/RJejumAF4fQDKkeMGDfTmOYsL8ACNR/yl/YqAI+LBcBD2U36IYc/SBOKtjPZasH8P7d1Yk/o6b3gQNBO0EexVUIY6c4UJIL+MZYfyX0cv/xEV22dhkVU2QbTtmbKTVvs0tC8NuXhzklVQmf60mAhEoTUWmlOwpnn7/upX5OYiJjEtsupo3fB8aS6zl7bZhAxuPcU39R49oALk/+iuyffj2dW8bU0JmYCpUyhFc6F93GEKK2acK6kIPrhiZnQ+0giMNM4XWI8ioVmD2XFx2u58OBYCMF01TIOiWKWtBNWesqR84C0zZWH6NXNgSgbW1rOeUxSN9+MkTFHdrUxxr9klax1bji7WJzrzNNWhdV23qJyFUCnUBtPufwGa6KJQ1Y5MpS5gijnzH13GkOdRdoavEsiTgeXCxq64jX2FwhLmiogrge5rnNTGzFwqt3kc3OuHPxItkHzv0sXmcxWGkYPAn9ShUrXvlNPNLc/Br5+7XdcGgKVETLyvVno0eZKTTQ3fXeiuXFq/r4FXK1fVJdGpjpfKw6LgGnRe1fKSIeVL/8ydvZOFOknandg2hIHitYIPgeuVKT/SsLPzfA7rbhSCV2nrYgviv/GUumL1jj06rtrvLNTFEXBcXYL3nXRixK72XkeUZ+MOLUQmsr+0SYcBPj0O7NrOCjRBRNEhGLinoyYiEKHiJ9tTZpWI8oAwUZ8guRjz78Lu7QdZS6UxVc/H8ObExQq/cYUkCHsoOvQm80xf2pkmKYUW69e33YjXxSKfk5Bhq49/0eRPyh36mUAdPbUdap+l1KP3gu9fg56CpXGzM0KpPA0Crd9gnVr1INvMoAcrYhwA8wZtLhFqV3LS/s3giOvKpxgoF8FFUflpoWQ2nEYdhAstRnVkrc8VPaLXUKQ/URjHiyapvndxwAAAABAARYNTA5AAAFHjCCBRowggMCoAMCAQICEQDuaKmy9452uDaLdOLVW0iDMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQyNzEwMTQ0MloXDTIyMDQyMjEwMTQ0MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoTBUR1ZnJ5MRUwEwYDVQQLEwxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMTB2Nvbm5lY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEWm3I9dDvpF+wu2vD8WZhaNJxc2moXL6XvabHB+ZQhXGrFJ25PQY6+5XMDimheHWs+Vb0t+62pHrvKfVsZmDldAd1WgVRHfk29QuJQMk2k8kUJA/a1CVDh+daD7+Hodj86fJH1W6TkmIPyO7AanDCFlm8qijVjyaJU4s+rH7R52+kzECUrkJMnESiFLsD1Sd3/+WKAJXzW6PR4zC5bjbDUo3yQIXzNFkV8aF4aYhU5qcDWI0d+VyNDzDGQYAvDGcC5dhjdT27uaLxTbZg8WSjI2sda54z8OyoG9b0qN4AB3Ay1VWXHHKeH6/EbK31NTRn98uXUVmiX70ej+EmhlLBAgMBAAGjggEBMIH+MA4GA1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADCBvgYDVR0RBIG2MIGzggdjb25uZWN0ghFjb25uZWN0LmNvbmZsdWVudIIVY29ubmVjdC5jb25mbHVlbnQuc3ZjgiNjb25uZWN0LmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIITKi5jb25uZWN0LmNvbmZsdWVudIIlKi5jb25uZWN0LmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIIdKi5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWwwDQYJKoZIhvcNAQELBQADggIBAINqRb4iAE0vJ66Wvq+n3emjTv+PKNjmHn5mv4IGmubgWvoz4vLhmHxrfxHhYk81pZ5B48SWl9WyivmS523vSVrTDgjCI9Zawgblag8h+ZvxmkdkvD4M1r2gsyBaFhoERWGJb4mHvFovEtG9d9OL0ysGCpw67iOwYJf7xdPguw5oNLQVkXtzjUwAsSf8B89Rz+iisilBeGk+WzMDw91qhXb7CTFJ657400piFPI8Uj61Ua8tT5f41TojGY0Hf9DBSI9FsRtQWMmXAd1eo5jMJO2m8ui3CqEP0a/KQg/RB/v7iDtxaD5u9YYRpDf8l2UU+LmNKe7bfkhFH08uWkxSmrsMoG+8NqpJWZxw51pU5YuhZ2GZPmczQoYJsLyClUjd7+R4IpMJrjD0tfYYi4QtAjETNs3h4rIwNOXhFM1KQsJgJ0wVrYcGrLvYCiF6Q5IQUGU97Kj2jQUSk+kFEbk51jsg8HZuPREGB8IJ4X8bJOGptdc5e2i9NHih6k5U1VT7c1Ep7atWxjAY7mHNpfKyzxN7UlX223uE18jUptkGdUrcv4QN4oFmmak6+LWxFN0HQEAgKe3W/L5GUk4t+7KanMAcccr7bsPAs6D+gaJRAQlee6d+SuW2UWCIQEmjNsr0pIuNX5AMnwrpRnGiUoWt11i8EWuDo0cKfiM81l+I86HSAAAAAgACY2EAAAF5EtLmkQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGoi/Ja8QPuA/NAqzf3d5xdWvXJuUR + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZHakNDQXdLZ0F3SUJBZ0lSQU81b3FiTDNqbmE0Tm90MDR0VmJTSU13RFFZSktvWklodmNOQVFFTEJRQXcKUmpFTE1Ba0dBMVVFQmhNQ1EwZ3hEakFNQmdOVkJBb01CVVIxWm5KNU1SVXdFd1lEVlFRTERBeEpibk5wWjJoMApjeUJRVDBNeEVEQU9CZ05WQkFNTUIxSnZiM1FnUTBFd0hoY05NakV3TkRJM01UQXhORFF5V2hjTk1qSXdOREl5Ck1UQXhORFF5V2pCR01Rc3dDUVlEVlFRR0V3SkRTREVPTUF3R0ExVUVDaE1GUkhWbWNua3hGVEFUQmdOVkJBc1QKREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRUF4TUhZMjl1Ym1WamREQ0NBU0l3RFFZSktvWklodmNOQVFFQgpCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNUmFiY2oxME8ra1g3QzdhOFB4Wm1GbzBuRnphYWhjdnBlOXBzY0g1bENGCmNhc1VuYms5QmpyN2xjd09LYUY0ZGF6NVZ2UzM3cmFrZXU4cDlXeG1ZT1YwQjNWYUJWRWQrVGIxQzRsQXlUYVQKeVJRa0Q5clVKVU9INTFvUHY0ZWgyUHpwOGtmVmJwT1NZZy9JN3NCcWNNSVdXYnlxS05XUEpvbFRpejZzZnRIbgpiNlRNUUpTdVFreWNSS0lVdXdQVkozZi81WW9BbGZOYm85SGpNTGx1TnNOU2pmSkFoZk0wV1JYeG9YaHBpRlRtCnB3TllqUjM1WEkwUE1NWkJnQzhNWndMbDJHTjFQYnU1b3ZGTnRtRHhaS01qYXgxcm5qUHc3S2diMXZTbzNnQUgKY0RMVlZaY2NjcDRmcjhSc3JmVTFOR2YzeTVkUldhSmZ2UjZQNFNhR1VzRUNBd0VBQWFPQ0FRRXdnZjR3RGdZRApWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQU1CZ05WCkhSTUJBZjhFQWpBQU1JRytCZ05WSFJFRWdiWXdnYk9DQjJOdmJtNWxZM1NDRVdOdmJtNWxZM1F1WTI5dVpteDEKWlc1MGdoVmpiMjV1WldOMExtTnZibVpzZFdWdWRDNXpkbU9DSTJOdmJtNWxZM1F1WTI5dVpteDFaVzUwTG5OMgpZeTVqYkhWemRHVnlMbXh2WTJGc2doTXFMbU52Ym01bFkzUXVZMjl1Wm14MVpXNTBnaVVxTG1OdmJtNWxZM1F1ClkyOXVabXgxWlc1MExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDEKYzNSbGNpNXNiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWcycEZ2aUlBVFM4bnJwYStyNmZkNmFOTwovNDhvMk9ZZWZtYS9nZ2FhNXVCYStqUGk4dUdZZkd0L0VlRmlUeldsbmtIanhKYVgxYktLK1pMbmJlOUpXdE1PCkNNSWoxbHJDQnVWcUR5SDVtL0dhUjJTOFBneld2YUN6SUZvV0dnUkZZWWx2aVllOFdpOFMwYjEzMDR2VEt3WUsKbkRydUk3QmdsL3ZGMCtDN0RtZzB0QldSZTNPTlRBQ3hKL3dIejFIUDZLS3lLVUY0YVQ1Yk13UEQzV3FGZHZzSgpNVW5ybnZqVFNtSVU4anhTUHJWUnJ5MVBsL2pWT2lNWmpRZC8wTUZJajBXeEcxQll5WmNCM1Y2am1Nd2s3YWJ5CjZMY0tvUS9ScjhwQ0Q5RUgrL3VJTzNGb1BtNzFoaEdrTi95WFpSVDR1WTBwN3R0K1NFVWZUeTVhVEZLYXV3eWcKYjd3MnFrbFpuSERuV2xUbGk2Rm5ZWmsrWnpOQ2hnbXd2SUtWU04zdjVIZ2lrd211TVBTMTloaUxoQzBDTVJNMgp6ZUhpc2pBMDVlRVV6VXBDd21BblRCV3Rod2FzdTlnS0lYcERraEJRWlQzc3FQYU5CUktUNlFVUnVUbldPeUR3CmRtNDlFUVlId2duaGZ4c2s0YW0xMXpsN2FMMDBlS0hxVGxUVlZQdHpVU250cTFiR01CanVZYzJsOHJMUEUzdFMKVmZiYmU0VFh5TlNtMlFaMVN0eS9oQTNpZ1dhWnFUcjR0YkVVM1FkQVFDQXA3ZGI4dmtaU1RpMzdzcHFjd0J4eAp5dnR1dzhDem9QNkJvbEVCQ1Y1N3AzNUs1YlpSWUloQVNhTTJ5dlNraTQxZmtBeWZDdWxHY2FKU2hhM1hXTHdSCmE0T2pSd3ArSXp6V1g0anpvZEk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRREVXbTNJOWREdnBGK3cKdTJ2RDhXWmhhTkp4YzJtb1hMNlh2YWJIQitaUWhYR3JGSjI1UFFZNis1WE1EaW1oZUhXcytWYjB0KzYycEhydgpLZlZzWm1EbGRBZDFXZ1ZSSGZrMjlRdUpRTWsyazhrVUpBL2ExQ1ZEaCtkYUQ3K0hvZGo4NmZKSDFXNlRrbUlQCnlPN0FhbkRDRmxtOHFpalZqeWFKVTRzK3JIN1I1MitrekVDVXJrSk1uRVNpRkxzRDFTZDMvK1dLQUpYelc2UFIKNHpDNWJqYkRVbzN5UUlYek5Ga1Y4YUY0YVloVTVxY0RXSTBkK1Z5TkR6REdRWUF2REdjQzVkaGpkVDI3dWFMeApUYlpnOFdTakkyc2RhNTR6OE95b0c5YjBxTjRBQjNBeTFWV1hISEtlSDYvRWJLMzFOVFJuOTh1WFVWbWlYNzBlCmorRW1obExCQWdNQkFBRUNnZ0VBUUQwWmg5S3NQWXE0WjdpWmhDeDVBMHRvOWdiOVBVRENkaUJzN05hdnlnNHUKWnZ0Q3NyUzlVaFMzS0dCRnpIYjlnTTYrWFNmRDZHc2RjUnQ0R0xQUjVaKzFSUFpqb09zK2VuVm5CY3QxU083RwpyVmt5K3JQSFVUV29RZlcvQXArM3Z0N0hEaXRNbHVrZ1Bldk4rSk9hT2xWWG5IckxDenRmTHpSdTdOMUFUR2xwCmtIU0ZaWFJLN1daNTNrb3NrVEhVUERBbzBiclNuVjFReXYxcFFKcHRYSGVoeEphMWxyVXdEN2ZKS1BkOEptSDcKTFRza2RJbWFPZ1V1dk1YellvWlpETGhPZ3k3WUJSTDdrZk9aWlI4K09OaVhNOFNWTFFZdFpaNEY2NzBxR3I1UApLemxpVGZrT0RQMkFoRG5FK1NLdnFNUTRyL1hhUDh6SzdmZ2hEODhVVlFLQmdRRGZmM0NNSXgvL0ZyR05ka3JZCldsQ3VsQXptNE1GTjhJQ2NVRDJJUkhTcDJ1c20xU2t4TkJvYmlqQ2ZSdEtITTByVjltR0JWS2VnYXEyNzJ0a2QKNStoR1JkZ2pIaGRiL1lTQS9vbTAwUVlUSkcrak5ubmVlNUY4YXRFRlJFNTkzdm1PN09ZTnFmYlkxblk3V1lUegpPTDNIb2tWUFc1blNuTEhYTmVoaFZBYzd1d0tCZ1FEZzZHMi9ZWFBsSVEybDRwWG14dWlMeDJXRlM0TTIzUXNTCnJhcWZRRS83amY4TDhHczZ2NnFWTER6aWhVR0FwampJSGYvTk5zdEl4dXJacDlzK0NQeHIzOTJXa1dzckZ2M08KMzFOaTVmWVloNFFhMnV4dnQza2RwSXJKS3EvRk9WaStRbTREMTNqU0J3c2RwSThNOUZNZVc4c0tOKy8vK2RXbQpFZUdyV3ZROXN3S0JnQ0VDQWs1QUZjYW54RnMvSURpcHhnYXlpT0ZFU21oSFg4YzJOcEE4Zy9wZUFhSy9rcERZCndBNVhMMjBtbVlzc01SNCtnQklJdmFUOGZHSWxKVEc4Z1ZwM2tEOUhmMjJ2bUhVd29vZlk0d3ZLc3M0cENvQ28KUVVsZHdUY0U2bzYrY3A4QUw4M096MDBoQjE4bWpuTVphelhqcWxiWkVYUEFmcWRwSjhQUUZDMW5Bb0dCQUtlOAo4YzBnYzMxYUQ0Rys0aW5DQThIc0xzMGhLbldLbWkyT0ZJaTlRR25PMTM4aUNmZEE1NHBsK2VxL2s4RE5OK0FZCmI2V3Z6aUV6S2dpMjVnNzRTTHB6dGlJTHhxL1diK2tRS25MQ0s2N1RzelVNUGZaOEVmcUhzM0toUVlLSWFLVk4KaWh1WFltYlNGZm8vdHVqa2QvRldhTEh3VWpESk5neXJuWEZkWG5kOUFvR0FVMlMrYTQ1U3JGK2x1azZ1bE16ZQpDQXpYQTlpYTF4cm00ZERrRjFMRUZXdWN1WndvZEhhYWVLMDdDVzNzVHFRRG9aRjA0ZkY4c2dBc0M1SitJYU1mCngxV1ZsQnRiOHpyYlFXeG03dEV1NCtWbHFkZmhCNXZmV3JFT3crWktIOEYrOUpzZHVmNVlPU3pBbktzS3pZNjEKTXBReGtpOEdzSWdIc3F6VGpNT1k0bkE9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EtLmkQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGov70Iu1X2a5v2mcMWU/txGnyBbwK +--- +apiVersion: v1 +kind: Secret +metadata: + name: controlcenter-generated-jks +type: kubernetes.io/tls +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRGl6Q0NBbk1DQVFBd1RERUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhGakFVQmdOVkJBTVREV052Ym5SeWIyeGpaVzUwWlhJd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDdVFDUmV0Z2pyY0RYa3RuSU0vM3RWejVzM2xhTG4KTHAvWXlSMGZCVkZqd2FvMnFsRFNId29uUUJPQWl0VVUycmpjZEV5SEtUZ1Nrby9zaDdnR0ppTzZSOHdDVTJwVgp6T0NOamU1UFB2N0t3cmZsMXh2QmY1TUtzc3N4dFFPSStybjVQUFVxZU9YRDh1QXFSRXpLUTgzVWlOVFkxU3FPCnFWRnV1bjJQamIxQm1DWnpobXRMVTFseUFVRndvWXo4L2xnWVBGZzBlR2hnUzdwaERPb3Bkb3JWOG1zMDJDNzgKVWc2bUVEa0p1VVY1SXdzQyt5citNejVrdldMNmV1WnI1YVZQVVZGN0NiMHdDdDN3TkpOZWlaT1o5NHdYOFJDaQovam1IekIwU0hXUGp2UnhFbXBCUFhqMFgyRXhXdzhXOENrR2o1MzdQV25meUVGSUwvM1FIWDlGN0FnTUJBQUdnCmdma3dnZllHQ1NxR1NJYjNEUUVKRGpHQjZEQ0I1VENCNGdZRFZSMFJCSUhhTUlIWGdnMWpiMjUwY205c1kyVnUKZEdWeWdoZGpiMjUwY205c1kyVnVkR1Z5TG1OdmJtWnNkV1Z1ZElJYlkyOXVkSEp2YkdObGJuUmxjaTVqYjI1bQpiSFZsYm5RdWMzWmpnaWxqYjI1MGNtOXNZMlZ1ZEdWeUxtTnZibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzCmIyTmhiSUlaS2k1amIyNTBjbTlzWTJWdWRHVnlMbU52Ym1ac2RXVnVkSUlyS2k1amIyNTBjbTlzWTJWdWRHVnkKTG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJZEtpNWpiMjVtYkhWbGJuUXVjM1pqTG1OcwpkWE4wWlhJdWJHOWpZV3d3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUJYcUNUQ3owS2tYUzdya1dOK2dxZ1RqCmY3emp1Ujd3dTV1Zjczcko4ZnJ2c0h1OTRUajBQMVR6WkhYbWU2c0lOVXVNOEdhZFpSV1EvejlSSEJ0K3hoN1MKZkdqTmIyT01zOXRneUcrTFhjQno4eXdTaVdiK3c5bld5OW9xa3pSZzRrc2dpUGV3TnNTRGZvb1ZlazNHaVBnZgppT25rRGR0L2piVmdySzhjMkVWWE85UHdMVXdPNXNUcVpFaTNKdm9TTlpub1FuWlBxRS9qY0l2eGJWQjhmbFRzCkQwQjFUUU4vOXRjYjlpOVpTZXBQT0FBNmlZZjV3NE12YWpZRUJsODhjNnZldDdXVFIzRFhFWndzVWlMMnR2WXgKODJjTW4rWXU4RldWSWhsb0hONkxOZFFyRWNUc0ZTNDF5N3JuelBST2oxQlJZWkw5N1FxemFsVENUQ0lIM0pBPQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K + jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk + keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EtLheAAABQAwggT8MA4GCisGAQQBKgIRAQEFAASCBOiTZtkqHXnlkp0RFUJuhZVEdAuzrThfEE+7q+s+B79Pzvj2IXKtecntE44mxdcJgSwV95iKuQC7Js+Jku5hpWdS285ADZ2i8s/DdYaBy+aeZijQ4sXfx9dfzBD5cUXJUj2ZfzuPnMedm7teAWhdxt1Xqqe2MNHwqiANkjQ16OOuoNcnpJpxZFnzlHktMENLkLmErGjs3F/nwC1n7fxh0cb3AiI1LvZfbc99bfY80sBi641Fc8b10Gg+wp+TrlavC4WJEhFEAy+semupK1OakM9agOKiZY0MzEWfE5hZw7fYaGctyySa7BFu9kCl6KsGu9NENTEn/5kW6FLp42PbOOfMhJ3ptMIJ7do0gKKfrTu6xaZKHOwLC8oWjQjhNT+ylvs+74cdGCfl53cQF5ImyU9/Cx3XWtauzDQGn5ghwHn3Fk6FhIfhhgSQ3yitfOxpnkeZexkdd4pVRWHIFc/W7U0SDv7qNibih4I0IZFZod9iqDi+SW2krsNSyP1R8dmUKwpUGs5mJjqiq7s9mj8Y2LLs3PR0fm/I1M8IjyvA/Em74HxuWYLEiggqc7921CmLL+2G+gZk9Fji2YDR4llaUtTUHLpyeuIqGXH0UJM2C/5ZlQx2yfC6RJHb5SOT60mrIeeygxaLl/HQ8pcfCYiyb1qtG6mpkYY54PRaJtx1dKAW3qo1B8o3nmkuAQCH8dWBGs5n6IGqv4W7oejfQKI5rDlTJLiBgQ1HZ+JGkdWRazdMPn4CQ2gVKJ0cK25cZdCgTWG7+gWAwL+X1kPpEIG2AvK4cstU/6CbF57HjQhwFSGDxV2mQtVIY79BrLDtOw3pxqJuT5ZLArM8CMAUYZOwggHB5OnroCrNyZYTw6hJctYiG3+Qb1Ux87sm8HYgiq93qQorNZfj/rEyd0L5oTOHbTgET4FfwJ2IxBRHHm2ezOOazc57g7PFTFhDZ8EO2s0H/QFSEpvB0lAaobIMhtclAV4KjUZqJvMujlk+svYfRh4U3umJLpgpqaTWXv8TMq6PZVp/wh+nD6c5fttednxaM4MST4z27T/dwszK8k1MB04S+B3UUv2WphOe59Kf9m8VLM1E2jgnOgjGBPNhb3ym1ScGP83pcQc/5R+PPPg6fLzyAUTi1GwOjmPqLOpqKUuG1H7lLbeK0RC8eP6X1hZEt/INxiEs7S0zb6M+tPcZAQ7De5M2D5vg4x6LCWWIZLmsWDCwgTyKaYTJNr87mAhQwmD94M1QVd6e6I6+28oHxMX2z0XspGmfGs0ZH/u40GcD+GDvvEhiaB5p+YW6I/h2/AvQbsyWBzqWAIdDci7dqibeY+8hCUhquUnWpZn6bG7RkjgC9KATBM+wcE8ai29ux5/mNkLdR+P8ffl7wqmatV3qMSkvMdmXvaeFutKLVaWySYdOshooZTh/Maf11J2jjxtneksaWFAa3/eXUOiFdg0J2TpVdAMvC1kVcovrGwPwW0yNRqv50SB6QN2bhwowvowKrq7Z36ApxJZT5OzN91OfoTmOo5fcYSIIwEDmj9EOAAZTVk/lp6t8qy8MxxerXEUv+XEJMxIAra5PCkuusF/d/dUqRXWMVvDcSUFS1TKidwBGZ8a8r3eM0EKO8smYqeDAC91pExwsijc2Drk7JVrBlWBvn2nRAvqZlNsxlL+Noau9vl4hiPOT1wAAAAEABFg1MDkAAAVIMIIFRDCCAyygAwIBAgIQe6p780NWXWQRaDGqpdbG2zANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MjcxMDE0NDBaFw0yMjA0MjIxMDE0NDBaMEwxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKEwVEdWZyeTEVMBMGA1UECxMMSW5zaWdodHMgUE9DMRYwFAYDVQQDEw1jb250cm9sY2VudGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkAkXrYI63A15LZyDP97Vc+bN5Wi5y6f2MkdHwVRY8GqNqpQ0h8KJ0ATgIrVFNq43HRMhyk4EpKP7Ie4BiYjukfMAlNqVczgjY3uTz7+ysK35dcbwX+TCrLLMbUDiPq5+Tz1Knjlw/LgKkRMykPN1IjU2NUqjqlRbrp9j429QZgmc4ZrS1NZcgFBcKGM/P5YGDxYNHhoYEu6YQzqKXaK1fJrNNgu/FIOphA5CblFeSMLAvsq/jM+ZL1i+nrma+WlT1FRewm9MArd8DSTXomTmfeMF/EQov45h8wdEh1j470cRJqQT149F9hMVsPFvApBo+d+z1p38hBSC/90B1/RewIDAQABo4IBJjCCASIwDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMIHiBgNVHREEgdowgdeCDWNvbnRyb2xjZW50ZXKCF2NvbnRyb2xjZW50ZXIuY29uZmx1ZW50ghtjb250cm9sY2VudGVyLmNvbmZsdWVudC5zdmOCKWNvbnRyb2xjZW50ZXIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsghkqLmNvbnRyb2xjZW50ZXIuY29uZmx1ZW50gisqLmNvbnRyb2xjZW50ZXIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2Fsgh0qLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAt74y12o0HShVLd+8HrcR3RRdA5U4JvD7MaoYGEZ/dqGpPzmlMAzp5VsLgfvuHkZlQozi8Je+xzj8N+67N47G5liPFfH1ezh8/K9M+42sOR8YHjwuldOwIyLPQO5fBrpafyte7ojac2R10jWhv/4E3r86k3a+OijnJ+QpOHRKEu/JFanLuXigWnJ685G06otcRXmLxKNBQLg/7TJcUwImVic3kxC8x77hmWQDKuUIAeYBlofeM/iHVXadVaYNPUw10lBcljOl4vaiiFS0O4XI8A9XdTatm8FQOvNGLOPSlBtmg5mIOCm16n6o8LY4rh96WcuU5S01YsE4D2dDfqz+knD2RMKjO4Iksc/nwQS2eHHV5AhLXEKzLR8N8bbORftXFz72xcYWytyPEz8WC2nX6L5xT6mq8wtAJmHXM4w9Dbt6tSrSAWovozlQibAMdmFsw3ERZUypfPkso5g88VAtbQApT8merCyXy+eVIK2NUMgLT18qfZXw7h5nxqwDncdKxvDns4MUIMwV9OHGHa0GPzzxJ6k7DO7/gQxt+h/ldwqOEIr3msn+IQ2D1WteYzYLNTUttoHz418q9ynJ69w0czEVVdauUD35kpA8WZeqEfqqjpXyhSx5oBt3S0WfKLc7HuoMDsV+92oDNb2VTxpC8ZAw5ot9+ECJRRXGOfs5mXkAAAACAAJjYQAAAXkS0uF4AARYNTA5AAAFDDCCBQgwggLwAgkAwCk1qRAIiMUwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDE5MjExNTUyWhcNMjQwMjA3MjExNTUyWjBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALrJQmV40plWUHCZwtWRl0mRqY8RifLa6YrhemNh4GlpLT7D97hNxlc477QCZ8+9HKW+KTmRCt7t1vjbkC8Pl5Q4uVx8g7knCyMhr9SdWJnkkVQEOIwl4QYqjUKsvtWGgCaZdiJ7CtRcJVoguGaB8H8gbFeuTx/L4gNh3KzwWoS0rHAYGCeJDKQRY13OnhMmVhTunmDf9xm/Cpk91YYAXQ8X65V66ScA4wLlllmmdYMbDW3uHdgTF0XIwBsE8zm7QahAq6myjbcylSzZAqOVTtknSFpovcfaA/nqabjzrzKK5zXd9m/ClsTy7nD9WXIYa3MBjlkmBJITayw4aV/rSlBTOHehBnRL+MgOICMeCTeDLwWuqJzOR1Jlxpr69DpAZ27Iv2ZO+3P45g5C+d5/4xtVeQUd5C57dOIeMYcoiuiEzZjUeRzUnZc4Sk/6nZ3qiGKAFSELxwv8FANwfgd7rq4ba/WunC2L8mvVgQDSYEAy3Elw2uswZb2j8+17UTmjCpGOFOhQp9K+2tdq9eeAmFsI8ZGDeK+3m8cPcIFWtBpERbDBlRGf7wogeKtyx77QLuJkWAW9bKzGdeX1E59A0J+US+uRcE6bdQUX4lB4V7jVkQ83asqEXIoT9uWE1j3MluAGRhbLUwmR6Cv7EkuvvxO81Zb7d2Sq6cl4TTSN0Bt7AgMBAAEwDQYJKoZIhvcNAQELBQADggIBAHjqFcAFwJKPlw3UXj6LrzXR0RhTRKuux/9BfcggprOXe4jFtV+XWt+7pGHt0wljGBT+idhxgXWy/CGaZ66OLNiDx9hM9FYGmPeTeogZGRHQpT7IRinK5RJIHggOYAPiCtvKZfTlybX9lOAxi9CwBg7p/O/sDy7g0VZKeEnRM1WBkccuWNCIrqGIqc6Y9QCexPYN7pcBpFp7djaf+6WjcAJhA94PyByHcsN38lWxyYD47BbEZ7iyYIcCrPeVj/dn2oCWJ7qI+kU6OG6Os+s9cGL0M8s8U9ZqYE4ZtBcqkjnsrifn/rXLSW53OmnzLXpaAyiQXwDzQze3LkPGoGo+0XKpCip3TjzqsWfxuk8qkdTA0IOZgZW1le3o6AQEMIZ6Oq/HzUXo1VZpBGexfgSxklidsTxsBnBB7qA77QI0qFZaxC0kVYzilDBcIk/YO1gK5XZF1mGcO5834n76NyoS42JjlmSoc5OPvDZ8mrJSOYwk3r9MARASeV8I/JnvP8StzLv1UI8yBjuWx03E31zgmXHUE0COuXwPMg4nVu2T9g5+MjJOJqyIxsbt6o/XWsSob7wgDoW8ck2Xwm3ItW1hFOaHIU7u3LAV+DJWJYWKc4rbH8p3chWi/Vo1/LqeMvdD8Tjt0gpbdJZbX8vzVxwmWY+enJiqehXLXJT6IqbUyEaiPXVyKsVc0eiKICOAM4IvZH974W0= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZSRENDQXl5Z0F3SUJBZ0lRZTZwNzgwTldYV1FSYURHcXBkYkcyekFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjeE1ERTBOREJhRncweU1qQTBNakl4Ck1ERTBOREJhTUV3eEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1SWXdGQVlEVlFRREV3MWpiMjUwY205c1kyVnVkR1Z5TUlJQklqQU5CZ2txaGtpRwo5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBcmtBa1hyWUk2M0ExNUxaeURQOTdWYytiTjVXaTV5NmYyTWtkCkh3VlJZOEdxTnFwUTBoOEtKMEFUZ0lyVkZOcTQzSFJNaHlrNEVwS1A3SWU0QmlZanVrZk1BbE5xVmN6Z2pZM3UKVHo3K3lzSzM1ZGNid1grVENyTExNYlVEaVBxNStUejFLbmpsdy9MZ0trUk15a1BOMUlqVTJOVXFqcWxSYnJwOQpqNDI5UVpnbWM0WnJTMU5aY2dGQmNLR00vUDVZR0R4WU5IaG9ZRXU2WVF6cUtYYUsxZkpyTk5ndS9GSU9waEE1CkNibEZlU01MQXZzcS9qTStaTDFpK25ybWErV2xUMUZSZXdtOU1BcmQ4RFNUWG9tVG1mZU1GL0VRb3Y0NWg4d2QKRWgxajQ3MGNSSnFRVDE0OUY5aE1Wc1BGdkFwQm8rZCt6MXAzOGhCU0MvOTBCMS9SZXdJREFRQUJvNElCSmpDQwpBU0l3RGdZRFZSMFBBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNECkFqQU1CZ05WSFJNQkFmOEVBakFBTUlIaUJnTlZIUkVFZ2Rvd2dkZUNEV052Ym5SeWIyeGpaVzUwWlhLQ0YyTnYKYm5SeWIyeGpaVzUwWlhJdVkyOXVabXgxWlc1MGdodGpiMjUwY205c1kyVnVkR1Z5TG1OdmJtWnNkV1Z1ZEM1egpkbU9DS1dOdmJuUnliMnhqWlc1MFpYSXVZMjl1Wm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNnaGtxCkxtTnZiblJ5YjJ4alpXNTBaWEl1WTI5dVpteDFaVzUwZ2lzcUxtTnZiblJ5YjJ4alpXNTBaWEl1WTI5dVpteDEKWlc1MExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDFjM1JsY2k1cwpiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQXQ3NHkxMm8wSFNoVkxkKzhIcmNSM1JSZEE1VTRKdkQ3Ck1hb1lHRVovZHFHcFB6bWxNQXpwNVZzTGdmdnVIa1psUW96aThKZSt4emo4Tis2N040N0c1bGlQRmZIMWV6aDgKL0s5TSs0MnNPUjhZSGp3dWxkT3dJeUxQUU81ZkJycGFmeXRlN29qYWMyUjEwaldodi80RTNyODZrM2ErT2lqbgpKK1FwT0hSS0V1L0pGYW5MdVhpZ1duSjY4NUcwNm90Y1JYbUx4S05CUUxnLzdUSmNVd0ltVmljM2t4Qzh4NzdoCm1XUURLdVVJQWVZQmxvZmVNL2lIVlhhZFZhWU5QVXcxMGxCY2xqT2w0dmFpaUZTME80WEk4QTlYZFRhdG04RlEKT3ZOR0xPUFNsQnRtZzVtSU9DbTE2bjZvOExZNHJoOTZXY3VVNVMwMVlzRTREMmREZnF6K2tuRDJSTUtqTzRJawpzYy9ud1FTMmVISFY1QWhMWEVLekxSOE44YmJPUmZ0WEZ6NzJ4Y1lXeXR5UEV6OFdDMm5YNkw1eFQ2bXE4d3RBCkptSFhNNHc5RGJ0NnRTclNBV292b3psUWliQU1kbUZzdzNFUlpVeXBmUGtzbzVnODhWQXRiUUFwVDhtZXJDeVgKeStlVklLMk5VTWdMVDE4cWZaWHc3aDVueHF3RG5jZEt4dkRuczRNVUlNd1Y5T0hHSGEwR1B6enhKNms3RE83LwpnUXh0K2gvbGR3cU9FSXIzbXNuK0lRMkQxV3RlWXpZTE5UVXR0b0h6NDE4cTl5bko2OXcwY3pFVlZkYXVVRDM1CmtwQThXWmVxRWZxcWpwWHloU3g1b0J0M1MwV2ZLTGM3SHVvTURzVis5Mm9ETmIyVlR4cEM4WkF3NW90OStFQ0oKUlJYR09mczVtWGs9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ3VRQ1JldGdqcmNEWGsKdG5JTS8zdFZ6NXMzbGFMbkxwL1l5UjBmQlZGandhbzJxbERTSHdvblFCT0FpdFVVMnJqY2RFeUhLVGdTa28vcwpoN2dHSmlPNlI4d0NVMnBWek9DTmplNVBQdjdLd3JmbDF4dkJmNU1Lc3NzeHRRT0krcm41UFBVcWVPWEQ4dUFxClJFektRODNVaU5UWTFTcU9xVkZ1dW4yUGpiMUJtQ1p6aG10TFUxbHlBVUZ3b1l6OC9sZ1lQRmcwZUdoZ1M3cGgKRE9vcGRvclY4bXMwMkM3OFVnNm1FRGtKdVVWNUl3c0MreXIrTXo1a3ZXTDZldVpyNWFWUFVWRjdDYjB3Q3QzdwpOSk5laVpPWjk0d1g4UkNpL2ptSHpCMFNIV1BqdlJ4RW1wQlBYajBYMkV4V3c4VzhDa0dqNTM3UFduZnlFRklMCi8zUUhYOUY3QWdNQkFBRUNnZ0VBZldHd0NlcG9McWsyVGxVdGFjYm53MDQ0UE4zU014RXNlYnYwMVY1cE95T2UKUytsdmNGSmZadkRIVjZZT1B3eEhHbklnb3R6NCtQdzJ6WmEyeHMzb3hXQm1Ib0pSTUYzVWNtYmZSR3hxd0JFdQpiQmJGWlExY0M4V3RTaDRhNWhTcmZ2anEzRjNUenBSVDBuWUUzMEc4dUtLZ3JVbHRidXZNcWFWTk5kOWlmL0JBCk8ySWYrOFZORWw2TmZvQng1N3VHanFkVGVKak5lRGFuKzhZU0phRGdqZ1hOdGNtOCtEZHB4T042ZURFYldqZE4KWE5XS0FFSm0xaG9qNjZwVUNrYUlEcVFEY0ZLSTBJYXhUcVZPbXhkT1Bybk9Jb2VmVzU3U3NHUE91Vzl6NXBHVAo4MjZ6Tk9pQTZtN1E2S29ETHJxbENDUHNMSVZ5OEhTN0pEL3MybCtrR1FLQmdRRFJGb3NacVUrb3E4aE9ySTBrCmZPSFN4dHJCd1BSSkJscDZoN0M1bTVlZmZRbkM2Vk1TVTBMQnRIUzZ3UWJnczNMOFIvUlU3ejlWZ01HWmN3QjIKV0YzdlJYeU1PaU1nQ0hzVWxSbU5laWw5cG9jeGNQYmxpRFhsYnNveGVieVh2eCt1RTI3bVV6VXhuSkJEVGtkeQpJZ09BUUFhUUUxV3llNndTT1hxajRqTkpYd0tCZ1FEVldLQkFPVUxjQS9iOW0xRHVKMGVZZ2QyR0RwcytLaGFDCndWRHo1cmRobkl4VDlST21CeDdPRUN0anBFN2JIdm1hSWZ6TFJHMnZhMzBpMlNhOWR0VnhSYjg5Ym9OQWlvQisKc0NSMDZXaC9sUGdFZHYweXZHdWE1YldTSDdtUXR4Z2pLdkM2RW9HZXZCVytBRFo0b2M1K2Mwa1VlT0Q3cHVvMQpuemtQajdXQlpRS0JnQXh2cE5KZjZhY0VvS05kUy8vUmxiVHRzdkUzUXRCZEdtQ1RWWVdVcFk0TTU5bTUrd0RxCkJ0eHltVWJLV0ZoaEZBUEJXOXo1WmZEMStZM2c4elFXeVcrRDJJYVdwcVF2SFBMNmMweWc2WHJadnN6SUJVZGQKdEtieTBmL2pWNzVHMWVHS3NsdnNzd3RDWHFwQ0s2bTBNRFVlbWNWVUFSTGVuRHR4UThRZm5pRk5Bb0dBSUdxMAovczAwa1lXd3M5d3pzZHdhRHR3OHNxL3Blc3FlWFFQT3J5Q3hZSTJPN1ByaUgyb1pqaW42emNzYmlFUHVuVExvCjNHSHJZS291ZTJzUGJkNXVsQ1dLNTJTeFlNOHFzeFZFbE5jYVg3aGM3eUM5WEVZdyszcEgyb29qZ2crd0JUZnoKRi9MVDZ6Q2RCUiszSnlFKzVRdlRZTjcxSUllK01xT2M0Zlp1RjlrQ2dZQmVVckIwTWlCSHRYTWllTS9uZXVmYwpqYjl5OGRiSUhDTmtuVVRRalZFZDJvSmJvM0FzRklLY1pxc1crSENQN0xuem5aNGpDM2JWakZqQ0laOG1jTUx1Cm9PNnVDV3piUmdYK05XRXhaYW9pRTFUZUlTdU40QkdiczBORzQ4VjFHSVo0V21mN3ZGbUVNU3F6WTJ6YWgweHAKWnBwTGdweldmK0pwdDEwZW9BeUNjQT09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EtLheQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGogKOqbvH8v+lhm8jipCdQ4N7IngA +--- +apiVersion: v1 +kind: Secret +metadata: + name: kafka-generated-jks +type: kubernetes.io/tls +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRFV6Q0NBanNDQVFBd1JERUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhEakFNQmdOVkJBTVRCV3RoWm10aE1JSUJJakFOQmdrcWhraUc5dzBCCkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQWxnaUVnQUszSDY4MXBuaGtmaTV6YURGSC9jTVdOODd1TVowQ3dBQ1YKOEsxcnl2YTQ1cG9heWlyeDBrSTFxKyt5VWk0dkRvemQwY2NsdXJ6aVNyU2c0SHFTSUxsSW9UZ0p6aHBkdkVMOQpnMkpRVkxUeGZGSTNneTZyMG9uQlU4TTRTSlI5R3JONUhzUDNxYVYzRzdHOEJnS0FDbzNuK283QThtRnpLUzhICjJubExMbHNzalRuY0tCZHlWNzF3NFpwa2I4V0h6VnJyWUhMd1VMSzhwekVOWjYwdnhMalorQnp1R2I5MDNYVkoKdmVpQkw4M2JVRUp1VjZNSzc1S1hHTUkyKzJEajYrQTVUaEpGdSt6M3FDbGZLOFJpWUhsSjdQV1g3d0pwOVp4Twp5TmlPUThYTzM1RmZ3N09IQklETmNWWWNkNHVIN3pTcUxDdnczeHBtekVJU1RRSURBUUFCb0lISk1JSEdCZ2txCmhraUc5dzBCQ1E0eGdiZ3dnYlV3Z2JJR0ExVWRFUVNCcWpDQnA0SUZhMkZtYTJHQ0QydGhabXRoTG1OdmJtWnMKZFdWdWRJSVRhMkZtYTJFdVkyOXVabXgxWlc1MExuTjJZNEloYTJGbWEyRXVZMjl1Wm14MVpXNTBMbk4yWXk1agpiSFZ6ZEdWeUxteHZZMkZzZ2hFcUxtdGhabXRoTG1OdmJtWnNkV1Z1ZElJaktpNXJZV1pyWVM1amIyNW1iSFZsCmJuUXVjM1pqTG1Oc2RYTjBaWEl1Ykc5allXeUNIU291WTI5dVpteDFaVzUwTG5OMll5NWpiSFZ6ZEdWeUxteHYKWTJGc01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQjJ2UEhDY3RrRFVORlpiUi8wcTRGM055QXc5WEVOaThBMApwQWNjamtmc2k1bnRWY3VBVGwvWmoyMlhIc3RxdjB5Nm1MMC9TdjZmK0dRdFUzOEdCVnhXS25tOVhlb0FVSjJQCllhRFdHc3Z5aDQ5a3NYZkhVbnhxTDJOZEdKRWpqdlJTNG5xMHVwQTNtUU4remdpd0VHQ3FEanhZK1BxUUZ5YkwKWHJGbVJBUUR2SzNLcFlmZENOOFZ3bzhwbUo0a3JiOUJXRTFNNmNiQUZUUFRMT2E0VTBaOUdvcVRMdlBiT2dqcwpBUHhwejZSeHJXR3VnKzQwb1VLL2IrK3N6Rjk5Vm9ZM0s1SDcwTEhVOTVSaFBVbTRFakR0eTVDVkxEVnAydTZJClk1SERReDZzVmhlQ0xpcUdydUtka1lGQkU2NUJKOTRFdERnTHhHNi82bk52SVpBa1NidGcKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== + jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk + keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5ErDMNQAABQIwggT+MA4GCisGAQQBKgIRAQEFAASCBOoBANW4I6IZvIFa4JaoHzuQDlcZg91sQNAv9fhhDGtSf/AddlKCI0dgPljcjVPQFGXpe4vTMoec3twlAisp4gDZVpJAKaV3UMmANK/f8f6Nit2CHVebzNk+G4t3m0QA+4p0hvv36DeMknzyjp+iWvuJAAWPNQWRYCY+Ph7jjXXyjwIynY4e2GgM0Jb831kJds47USnHWAoyVNs+eEmu7HpbU4RlfgxNA/07J52r0x8hzPucAnjOujaAveJaDiKmnqdJT0j5iKGIisKdtc2RQOrTJRLr6tHqu0kHuP8c77M3LkFaNMTex9MoGh/SmCccHOmR20DAUCm7Xn6KQVXqBeGQTZZfBUbMA4VXJFXQF3YmncwERupjT50nUpFlL+hMAWww4Tl9UolaVp+GrR+j6l+yfaCDkbBFRUDXZOO/+IedN7agBn+YvpK5VV6Ak6Vuw/wXxBQQdrhxX+h8c5Ka4h/ELblCYf0A4rsZaAzpOVSbet0nBWD2uE6ERsdHjpzWyOtr2nyfI6dRrmGRYlcdENy+XSaaRpvhaiRUf5DUwSG8w7On/FDJrbvRuiyJRCJh5U25+wUUD3veDcEMqbIZ0cC1ISvg4bS0BMoYvVga2m4xlktEu5cuMut1rdRmHwDyofcg7geULxrZfvtKDx/OXcuSr/ag9oXhN4z+jzbE0+tKWiVmghgm7uDTaIjl5LnuxauIBuPl0kk2+tGqBrKcIyMbboZHfH0Zz4w6cZ93ediXfJJ9+mKGIFV0S5CCzzbaSr+t9PKtdnaLdkWLY3dyr50o0zyeizX8XoswTZ+fKd8ZZOnxDXm6NVkxIJUJZOyJtV8siJm2eqih3k0ujkzutlZYUAGkGG6BIQHjjyENXUiNhlRUsMYDniDSqrRT8vDrhgRqQk1U14cYb53WbGMwCJd6zicD1TiTzmiwriH5egYdEg7/uNbMdFZ3u1WvpPO3av1fDkL7CUWosIDY3RXFyK2tafAI4uGSnHZ+NV9kZ9RA5KcL3HXs1ZQNRFRq83WxCsAS54AbEJHyt1TZvmooD53J9mVQZDChW37pB/M64zXMSVeujB+vSvupVUQVQ1i3AsPbrujp397H3ShUdBUg5mcTSV8i9noxoYq3TRO2d+5GnmqhOM0h9lRWIA7pn7TBOyQQfx+NPmi1BwMqKCCT4UXS11FLmAZiak7nJVKgYrDjD2y+KU2o7cTbyDXfj8c687rk8haPy6Pfly+bwzs06lWYxxVEFDWjQkjwAtSMU3P8yc+TCi+cO487z5UaSBWoadFFQuSliKx5jaqTRNL9+0Riun9TYY7+CLXlAvLSct/QOE4ivONmAObOlMq9Oq3bqWmtlJ0VoX1X7eJV6dVRyugGiLaC5qrtBq3XWScGlKqTRRtQ1VJx71uz3YKi4JUqVbJmUpabtWTStxaolWJqiqYxqu8FEFbPOn5ft8koOWDP9oVJgXQ8oJiW5hXJ7OF3pxPlg1LXTJGanU1Bcy7gYt7pzQhYAMb2EEDGBl5i8v5Q52nIGhZowPybCp2+GIGj64MQfnUrg8NAAHejmgrm+TCcWtZhNsqA4/UZejLsq+LTWUsjrVVRCHSZTPUDtGOdTJdtDQW2ewfNQW3tDZEYBgTZy5rYrBM/ONzFQ+FtEWIw0AfSeBwyvuAHSjLK+qa81s2LMy72ZNnbbWcHAAAAAQAEWDUwOQAABQ8wggULMIIC86ADAgECAhEAw0UgqDhhKhtWERN8lkh/mTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MjcwOTM3MjdaFw0yMjA0MjIwOTM3MjdaMEQxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKEwVEdWZyeTEVMBMGA1UECxMMSW5zaWdodHMgUE9DMQ4wDAYDVQQDEwVrYWZrYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYIhIACtx+vNaZ4ZH4uc2gxR/3DFjfO7jGdAsAAlfCta8r2uOaaGsoq8dJCNavvslIuLw6M3dHHJbq84kq0oOB6kiC5SKE4Cc4aXbxC/YNiUFS08XxSN4Muq9KJwVPDOEiUfRqzeR7D96mldxuxvAYCgAqN5/qOwPJhcykvB9p5Sy5bLI053CgXcle9cOGaZG/Fh81a62By8FCyvKcxDWetL8S42fgc7hm/dN11Sb3ogS/N21BCblejCu+SlxjCNvtg4+vgOU4SRbvs96gpXyvEYmB5Sez1l+8CafWcTsjYjkPFzt+RX8OzhwSAzXFWHHeLh+80qiwr8N8aZsxCEk0CAwEAAaOB9TCB8jAOBgNVHQ8BAf8EBAMCAqQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwgbIGA1UdEQSBqjCBp4IFa2Fma2GCD2thZmthLmNvbmZsdWVudIITa2Fma2EuY29uZmx1ZW50LnN2Y4Iha2Fma2EuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsghEqLmthZmthLmNvbmZsdWVudIIjKi5rYWZrYS5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCHSouY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsMA0GCSqGSIb3DQEBCwUAA4ICAQBi/cIE48RiWD1DkdnskBFIrurORqWn6WsURj1GEduOWnJaTNmmdhZTNK9Rdw3N8p+bRw9O8P+qhZZuJiUMnt2mC7RvKKReQEfWIQA95/G9jxiz+Njo/z3Pxo0xmmC8Q2393jpq4cn26myETtrrlvureqaaBLNeOwP/xfI0/TccXa4yQHkLma9FDhgzK5fFDXo6BGhOjh7m+Yp4drul53zJQD+7Su2WxdxGpdhDH15T7k34RCJqJEHp4flukSkmJfoXwIL6Wq1PWNDJcVROnZ3ScoLS/VaoV2HyjdYkqrv8dnY6VgvycsAGhb3iiVcKBrIomMYwzB4SmGGqL7i1z1vJxVUfsVzbzfA4IGuL8HY6QMa96Qexj2IxwPwmXfjpCAw4y63k7TlfEZtf4PXc+FfLUSpR+XvfpZFd5ON8VtucH/4AWD2D+XxGrESudfLfzb8uTUE6KlVBgV23rsBJaOXX/SF345UxCRT6/tiZp3WZ7YyJsix3v8qJIyqRj72eAb1Ju5Ii8A6MV1HX4UsnALCAbr+v24l2InZSzZu47K5RD8EjyGcBVrXXDf9WhrMGflX+ht505EVFCDazYEKovUTItssh7Ta+x8Myf7O3sthJJYY6rPUgoJRgKWkEOibCFz5XiK3K62Bg1N95Tnxkp1yTrIIwUCh55sGbob5Z8ispIgAAAAIAAmNhAAABeRKwzDUABFg1MDkAAAUMMIIFCDCCAvACCQDAKTWpEAiIxTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yNDAyMDcyMTE1NTJaMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuslCZXjSmVZQcJnC1ZGXSZGpjxGJ8trpiuF6Y2HgaWktPsP3uE3GVzjvtAJnz70cpb4pOZEK3u3W+NuQLw+XlDi5XHyDuScLIyGv1J1YmeSRVAQ4jCXhBiqNQqy+1YaAJpl2InsK1FwlWiC4ZoHwfyBsV65PH8viA2HcrPBahLSscBgYJ4kMpBFjXc6eEyZWFO6eYN/3Gb8KmT3VhgBdDxfrlXrpJwDjAuWWWaZ1gxsNbe4d2BMXRcjAGwTzObtBqECrqbKNtzKVLNkCo5VO2SdIWmi9x9oD+eppuPOvMornNd32b8KWxPLucP1ZchhrcwGOWSYEkhNrLDhpX+tKUFM4d6EGdEv4yA4gIx4JN4MvBa6onM5HUmXGmvr0OkBnbsi/Zk77c/jmDkL53n/jG1V5BR3kLnt04h4xhyiK6ITNmNR5HNSdlzhKT/qdneqIYoAVIQvHC/wUA3B+B3uurhtr9a6cLYvya9WBANJgQDLcSXDa6zBlvaPz7XtROaMKkY4U6FCn0r7a12r154CYWwjxkYN4r7ebxw9wgVa0GkRFsMGVEZ/vCiB4q3LHvtAu4mRYBb1srMZ15fUTn0DQn5RL65FwTpt1BRfiUHhXuNWRDzdqyoRcihP25YTWPcyW4AZGFstTCZHoK/sSS6+/E7zVlvt3ZKrpyXhNNI3QG3sCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAeOoVwAXAko+XDdRePouvNdHRGFNEq67H/0F9yCCms5d7iMW1X5da37ukYe3TCWMYFP6J2HGBdbL8IZpnro4s2IPH2Ez0VgaY95N6iBkZEdClPshGKcrlEkgeCA5gA+IK28pl9OXJtf2U4DGL0LAGDun87+wPLuDRVkp4SdEzVYGRxy5Y0IiuoYipzpj1AJ7E9g3ulwGkWnt2Np/7paNwAmED3g/IHIdyw3fyVbHJgPjsFsRnuLJghwKs95WP92fagJYnuoj6RTo4bo6z6z1wYvQzyzxT1mpgThm0FyqSOeyuJ+f+tctJbnc6afMteloDKJBfAPNDN7cuQ8agaj7RcqkKKndOPOqxZ/G6TyqR1MDQg5mBlbWV7ejoBAQwhno6r8fNRejVVmkEZ7F+BLGSWJ2xPGwGcEHuoDvtAjSoVlrELSRVjOKUMFwiT9g7WArldkXWYZw7nzfifvo3KhLjYmOWZKhzk4+8NnyaslI5jCTev0wBEBJ5Xwj8me8/xK3Mu/VQjzIGO5bHTcTfXOCZcdQTQI65fA8yDidW7ZP2Dn4yMk4mrIjGxu3qj9daxKhvvCAOhbxyTZfCbci1bWEU5ochTu7csBX4MlYlhYpzitsfyndyFaL9WjX8up4y90PxOO3SClt0lltfy/NXHCZZj56cmKp6FctclPoiptTIRqJVPK9nxNuoZ39mkA+Xi/FSlKVL/Q== + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDekNDQXZPZ0F3SUJBZ0lSQU1ORklLZzRZU29iVmhFVGZKWklmNWt3RFFZSktvWklodmNOQVFFTEJRQXcKUmpFTE1Ba0dBMVVFQmhNQ1EwZ3hEakFNQmdOVkJBb01CVVIxWm5KNU1SVXdFd1lEVlFRTERBeEpibk5wWjJoMApjeUJRVDBNeEVEQU9CZ05WQkFNTUIxSnZiM1FnUTBFd0hoY05NakV3TkRJM01Ea3pOekkzV2hjTk1qSXdOREl5Ck1Ea3pOekkzV2pCRU1Rc3dDUVlEVlFRR0V3SkRTREVPTUF3R0ExVUVDaE1GUkhWbWNua3hGVEFUQmdOVkJBc1QKREVsdWMybG5hSFJ6SUZCUFF6RU9NQXdHQTFVRUF4TUZhMkZtYTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQpBNElCRHdBd2dnRUtBb0lCQVFDV0NJU0FBcmNmcnpXbWVHUitMbk5vTVVmOXd4WTN6dTR4blFMQUFKWHdyV3ZLCjlyam1taHJLS3ZIU1FqV3I3N0pTTGk4T2pOM1J4eVc2dk9KS3RLRGdlcElndVVpaE9Bbk9HbDI4UXYyRFlsQlUKdFBGOFVqZURMcXZTaWNGVHd6aElsSDBhczNrZXcvZXBwWGNic2J3R0FvQUtqZWY2anNEeVlYTXBMd2ZhZVVzdQpXeXlOT2R3b0YzSlh2WERobW1SdnhZZk5XdXRnY3ZCUXNyeW5NUTFuclMvRXVObjRITzRadjNUZGRVbTk2SUV2CnpkdFFRbTVYb3dydmtwY1l3amI3WU9QcjREbE9Fa1c3N1Blb0tWOHJ4R0pnZVVuczlaZnZBbW4xbkU3STJJNUQKeGM3ZmtWL0RzNGNFZ00xeFZoeDNpNGZ2Tktvc0svRGZHbWJNUWhKTkFnTUJBQUdqZ2ZVd2dmSXdEZ1lEVlIwUApBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CCkFmOEVBakFBTUlHeUJnTlZIUkVFZ2Fvd2dhZUNCV3RoWm10aGdnOXJZV1pyWVM1amIyNW1iSFZsYm5TQ0UydGgKWm10aExtTnZibVpzZFdWdWRDNXpkbU9DSVd0aFptdGhMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDFjM1JsY2k1cwpiMk5oYklJUktpNXJZV1pyWVM1amIyNW1iSFZsYm5TQ0l5b3VhMkZtYTJFdVkyOXVabXgxWlc1MExuTjJZeTVqCmJIVnpkR1Z5TG14dlkyRnNnaDBxTG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYkRBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FnRUFZdjNDQk9QRVlsZzlRNUhaN0pBUlNLN3F6a2FscCtsckZFWTlSaEhiamxweQpXa3pacG5ZV1V6U3ZVWGNOemZLZm0wY1BUdkQvcW9XV2JpWWxESjdkcGd1MGJ5aWtYa0JIMWlFQVBlZnh2WThZCnMvalk2UDg5ejhhTk1acGd2RU50L2Q0NmF1SEo5dXBzaEU3YTY1YjdxM3FtbWdTelhqc0QvOFh5TlAwM0hGMnUKTWtCNUM1bXZSUTRZTXl1WHhRMTZPZ1JvVG80ZTV2bUtlSGE3cGVkOHlVQS91MHJ0bHNYY1JxWFlReDllVSs1TgorRVFpYWlSQjZlSDVicEVwSmlYNkY4Q0MrbHF0VDFqUXlYRlVUcDJkMG5LQzB2MVdxRmRoOG8zV0pLcTcvSFoyCk9sWUw4bkxBQm9XOTRvbFhDZ2F5S0pqR01Nd2VFcGhocWkrNHRjOWJ5Y1ZWSDdGYzI4M3dPQ0JyaS9CMk9rREcKdmVrSHNZOWlNY0Q4SmwzNDZRZ01PTXV0NU8wNVh4R2JYK0QxM1BoWHkxRXFVZmw3MzZXUlhlVGpmRmJibkIvKwpBRmc5Zy9sOFJxeEVyblh5MzgyL0xrMUJPaXBWUVlGZHQ2N0FTV2psMS8waGQrT1ZNUWtVK3Y3WW1hZDFtZTJNCmliSXNkNy9LaVNNcWtZKzluZ0c5U2J1U0l2QU9qRmRSMStGTEp3Q3dnRzYvcjl1SmRpSjJVczJidU95dVVRL0IKSThobkFWYTExdzMvVm9hekJuNVYvb2JlZE9SRlJRZzJzMkJDcUwxRXlMYkxJZTAydnNmRE1uK3p0N0xZU1NXRwpPcXoxSUtDVVlDbHBCRG9td2hjK1Y0aXR5dXRnWU5UZmVVNThaS2RjazZ5Q01GQW9lZWJCbTZHK1dmSXJLU0k9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ1dDSVNBQXJjZnJ6V20KZUdSK0xuTm9NVWY5d3hZM3p1NHhuUUxBQUpYd3JXdks5cmptbWhyS0t2SFNRaldyNzdKU0xpOE9qTjNSeHlXNgp2T0pLdEtEZ2VwSWd1VWloT0FuT0dsMjhRdjJEWWxCVXRQRjhVamVETHF2U2ljRlR3emhJbEgwYXMza2V3L2VwCnBYY2JzYndHQW9BS2plZjZqc0R5WVhNcEx3ZmFlVXN1V3l5Tk9kd29GM0pYdlhEaG1tUnZ4WWZOV3V0Z2N2QlEKc3J5bk1RMW5yUy9FdU5uNEhPNFp2M1RkZFVtOTZJRXZ6ZHRRUW01WG93cnZrcGNZd2piN1lPUHI0RGxPRWtXNwo3UGVvS1Y4cnhHSmdlVW5zOVpmdkFtbjFuRTdJMkk1RHhjN2ZrVi9EczRjRWdNMXhWaHgzaTRmdk5Lb3NLL0RmCkdtYk1RaEpOQWdNQkFBRUNnZ0VBQ3BsemN1KytMRGplbTNJcDkxZ2t3eG1vTWw5VDlJRmtCcEZISG5Wc0ltSysKR01xeGFXazl0MGF0YXVOT2syVU52Z3lST24vdE0rTFQ0WXR5bVVDRmxSWlR1SWdlZjNWTURBbUUwY1lSenZSbApKSGJjRUtKbVZaZzRmMWxJRlRqWGd4a3FkWFowZWgzeUkwUVRWQnVNWXdoT0wzQ3pFTnFBK3g2eldoZCtnSXF4CmVUTHJYV3ZHME51RXV4UGpUZWRMbmZ1M01Ock9CV0p1bVFiaWtNUGROUGRweHZyQzFHNzdHdWFCMlJjMDJ1M3oKSFF5bUJ0RnhGdkhOUVJVU0ZGRWd4aGY5WmorVXhCMVUwbjZKcy9iNlZMSmQrSjI1ZDIwYUNLOGlETG1SMmRQYQpvRndHT1RMRUFkcThUd0hjZ0hDMkNIQkNDT2pYT1ozYXRXZUxwWHdxZ1FLQmdRREJBTGdOdDE5TWk1a1lqYndKCjZJNTNPd0lkLy96S1RlckRTenZhSFltU2FkTEdrTWY3b2JWSFRnbkY0dTE2b1B0cFN1ellxbDJpMTdjY0taU04Kd2FINUpXS1pOZUt4NklDMDZqNDZScmZhZTV4RkY5TFM4YWpEV3ZOaWlyZ3hPMVU1TGZjSmc5ZUIrWTNwcmNyRgpkOElyS0RhOUxxaHVnczlZUmxGMWM5eGlmUUtCZ1FESEFVV0pNcEhsRHBqTmlXUUZjelV6V3cvZk5jSW9sT0pwCnBweldaSlhKNXUyY2ZlUXBkOCs4WGJOdU12cnQyUHZNYTgyMW1kNmJmRGtiMTZyc24yRnM0SFRkY1FyMnhWUUgKbUZOR3pzWEVMa3NoMzdsQ1pCbjk4c09TR0wrenBiOCtTeEtqQW9xVXFPNVFZeFpFQVVCdEdYWU5KZWQwNnhsWAo4bGZlWU93b0VRS0JnR3JteHd0eDRpczN0MWpPU0xVRVJzVHJ2a1Izb2NFOFh5aEU1NlhzYm1MV2twVEJaTU9QCjBpVG9xS2tmQklMRDMvMTJMckhqeTNHRElqMUxHcWxaOHlsWTk3LzlCTStlQkl3d29yOE1wSkV6bmw3Mnp5TmcKRHlZRm5vR2FiR040aGIvaUljNzNZOHJ1T3hpUDFweUJ0TjdLcTJjbURNMEpUMmVKcTF6dkM4YlJBb0dCQUtMRQpYSDZKMlNDVFh0R0YxVVJMNWJDYWc1SGFvM0tUeTlnRUNYV2xrWW94RWhtVU1tRGtlUW1sVGhRTktJWVBtbXVwCnBQZ3E0Uk1sZUlSWVVwbjFCamVLSXF2WVFOSnp0WFg4MWVndFNUNWJhdUpLM1hqNjdQTnpjeGgwbTU4eEt3bWwKVjVueWd5eHlPM0dPaWZDWFlYMmFmSjdtYUxpTmJnNHJ6a2k1MTQ0eEFvR0JBSXprRDB6blpjbVdMdTkwenpLLwpZdVRLdmExQnNyQWZhaTM5Q0d5MXpwaTlVbDN0M2dDdE92ZFVBYk16ejkxdzdLc1pINkdvZWFROWJWWU9DNlBUCkFJbDMwZmhkWENGSDUvQmg4K1RialJBcjhTeE9INmtST0pSSUVRamt2ZXdWZ29OUndBYXFPK0V3M2pmZVZ0NUkKV2l5d3ArMDFzTkJJWlQrT0h2eVVRbklMCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5ErDMNQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGorfYhYy08EA34Sz0atRhctmkVr8A +--- +apiVersion: v1 +kind: Secret +metadata: + name: ksqldb-generated-jks +type: kubernetes.io/tls +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRFdqQ0NBa0lDQVFBd1JURUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhEekFOQmdOVkJBTVRCbXR6Y1d4a1lqQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOVXVDZ0NiNmQ1U1BHTUNGWXZ6cytaUFJma1FZY2xIRFRPOTYrejgKaTUvOEJ0TGVHMlVMQzczaXJZdWtSdi9CZ0R6dmdkZURzdmJsRGMvZStQcUcvTllMejg0M1ZiNlJsc2xESTRRQwo0U0h4TEsrUUlUZ2VMZkg1Q0tDVFQyVDlNWVpzTlMzelpLQW94Wk1ORnlJWTdwNDhsTDdUV2RUK0NOYSs4K09jCmFSZnRHc3NIUU9KZW5pbFhzdC9CTWR4MC92ajhsYk0zNmJJekVXMzRFNHIxdTJwYS81bUpveVVIeTFwVjk0REIKZmc1aVVvSitSYWxCclFrUVp4MkdEekdsbkFHYzZ6R1JrdFA4Ujk5c1hFU2pGL2xrWlRFOEI0aXdtL3o0RmRpdAp3Vlo1WFRlYWY0TFNHZVV4TXU1ZlhyUm9yRUUrR2F5ZVdqaHdnNVlRTTZSdnhLc0NBd0VBQWFDQnp6Q0J6QVlKCktvWklodmNOQVFrT01ZRytNSUc3TUlHNEJnTlZIUkVFZ2JBd2dhMkNCbXR6Y1d4a1lvSVFhM054YkdSaUxtTnYKYm1ac2RXVnVkSUlVYTNOeGJHUmlMbU52Ym1ac2RXVnVkQzV6ZG1PQ0ltdHpjV3hrWWk1amIyNW1iSFZsYm5RdQpjM1pqTG1Oc2RYTjBaWEl1Ykc5allXeUNFaW91YTNOeGJHUmlMbU52Ym1ac2RXVnVkSUlrS2k1cmMzRnNaR0l1ClkyOXVabXgxWlc1MExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDEKYzNSbGNpNXNiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQVR3MVhQR3B3ejVDR2pXZmYraXMyUXMrbwp3eFl5Z2FMN1k2Q3BnTTc2eCtidjZySVFxNE9odWVtK1VRMTJueGdsTW04a2xFczY5dnk2alNja3pNekhweFkvCkljREdDNVZQQTQrNWVoVmpybzgrU2F3dzY4aWdXL3lEellMU2h0N2RmYVRZbHpWUFEwVVlMNGFOSEJ4U0wyVi8KV2dpa0daL2R3RzVqR3B5NmM4UEtTVGpQcWxwOVErQnRwcnVpbnlySWlwYmhYRGtVbnZkaitMM0QyVElDVGZlYgpldm5xQllWRURvWnJTbTlWU1l0RTQrMEM0WndZMFdWT0YwV09Sb2RoeldGdWtOeTJEYTMySFJwSGo3T2U2bmVjCnBVK01UbytpcERmbjF5ZnQ4S1p4SDh3cTI2aGZYZWFNWDZ3VE9RVEVDT3R1SERhd1YxNXd3SEoyeWpjV0VRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== + jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk + keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EtLiRAAABQEwggT9MA4GCisGAQQBKgIRAQEFAASCBOl9GF22s8Ef9INR47xmKtIlr4BrJ/dZZ3IYnYCI1nKOJRLLt513S1TwKQpT4PSqhzN/1Mx4qevsM0fm6bGWJw9hAqjyUKehRN9mcEoyYC7AMZUcwUp7Xw/B5mLgcuX0jeuPzMimdkLXw1m8mUx1XqcH58a+HI+I5upeQn8HWqsS4BsM/fSiOjAmyDMZ/aSQd9tB/E+0+ToghX8sFzQgH48UyniEYXcxR9rd/ja8KxHapKc24X7twPL9q7EjQI/83xu7ahpbwFSPv1Xk0fpp9YhZP/DUwCh5OCjI24xc8Bk/HgbSPec6hi69QuHAfgKNfOYhVnyCd6PKBQo3OMrPER6y7QL6pQvhaFoxC2faSfxJXLVpIgfOWgaBvRK2IU0df/4ptTJjJjqrJr/iq56W4Cn9NX9FhL5JKOcc6b250J6d6kRR93MKNwZxQoN0AczJKX1DpChfyDzl6znl6MWoFwHBW1kKoCLW0wthv/SNkBcJoctpy3hbxUE+CgythJ9wSofEx2MJt4pvwskgxgRmUUpAVIDPZjio2sdniRrdnGvcvYVVuCB0ed+rsYOFd9odKll1ykMf0NTjXLpTucTd8Oz+X++Up7RuFk/dPEtTnAX9BuRPhm+00twaH2E4egcDpwOATiwgjP1AadKZZv0texjG6opxU94rgVJwaoNB5zw423SCWNcyPyl7YGybI8kJhYJIuupCMPP0Ab6aK/gFTsVRlQrKaKLwigca9AeyhPyM3MPzTT2cIDdF9YLI6EuMw5wbZoJ2hSqTFEY1nP8m0+lbJJBzlxMtUmKOiEpSyb1yXSRB+JR+9dnfhKMRTyTfQ7DpbJW04Fa8oPTUK2FWEuuzw6jln0+1HEUpU/jpdUvobYiqv6xKsoJjzXQTWqzukn4FckX/bYEHoWKuSLDWDZOYdFM7A4VzHZ8Z1+No3aaS4ezqahSRULSz0Xg/Nti6znuFfbVp+9i9Wl9lOPYfnqTAf6kRx38usP+DAFZsK7kqRB30pFusSRkF2HOCZQ4OGgxUJXewyz2PJaBv/q1EnY4/ZOojmSxyRJnyzPz5rtW46bX/ZICqdpJ87IkoLWiEtvz43MY4iQh6QeUgbwwGptc1lN4/xDosoT9ty2WkeRiB3Jaria4xQNNDZh/D82hT62AyStiA6wdO4Bcj2c8dz/2TAfg3pxiGnPJEanAWXmSS87BtZDlAnyADJXH1PF9dL5xa0tFFfIQua46xDfe16GF4kU/ZNRya1kpRpYdbIk9mVncmb+ZO7jH+jAFdhnRKCX8cdwC4/kmSp+w/sOSeT9hg4qmr3pZHUXZRYoOVpM4U4HOsvY1Y3TKu8n01FRZMUNX9DhzmxClB9GGex9d2DeR949jfo7bQXf1eeaWTAQ/Vc/1j3woOaDaXhDd6rdoi/6em9JATed/qSrU58juucruVmMDFu8C9q0kFxfJO3JnfBQrqY4bJcNtdx2WiDhtaDLr0LZe8Gsm1HlDuYf2ev2XEA3iyUb/EqroezIEPAse5gG89Y4c4YVgLOoSXjI1P+ej2uG8FRjA+jAOF0/9wgG90JYeB1aZ4eAKG7cNWU/o0BdZRtIQH2qKogIoEig3/Ukx/xX9zOUUm04+7VdyVtdTKzc6rdDrAxQJVHz3BeZqrdwJK4mdxm2y/SM2YKruNs4pw5DmzKLsu+BYAAAABAARYNTA5AAAFFTCCBREwggL5oAMCAQICEGSSOmeurnqTa3lIjrqZWMMwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDI3MTAxNDQwWhcNMjIwNDIyMTAxNDQwWjBFMQswCQYDVQQGEwJDSDEOMAwGA1UEChMFRHVmcnkxFTATBgNVBAsTDEluc2lnaHRzIFBPQzEPMA0GA1UEAxMGa3NxbGRiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1S4KAJvp3lI8YwIVi/Oz5k9F+RBhyUcNM73r7PyLn/wG0t4bZQsLveKti6RG/8GAPO+B14Oy9uUNz974+ob81gvPzjdVvpGWyUMjhALhIfEsr5AhOB4t8fkIoJNPZP0xhmw1LfNkoCjFkw0XIhjunjyUvtNZ1P4I1r7z45xpF+0aywdA4l6eKVey38Ex3HT++PyVszfpsjMRbfgTivW7alr/mYmjJQfLWlX3gMF+DmJSgn5FqUGtCRBnHYYPMaWcAZzrMZGS0/xH32xcRKMX+WRlMTwHiLCb/PgV2K3BVnldN5p/gtIZ5TEy7l9etGisQT4ZrJ5aOHCDlhAzpG/EqwIDAQABo4H7MIH4MA4GA1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADCBuAYDVR0RBIGwMIGtggZrc3FsZGKCEGtzcWxkYi5jb25mbHVlbnSCFGtzcWxkYi5jb25mbHVlbnQuc3ZjgiJrc3FsZGIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsghIqLmtzcWxkYi5jb25mbHVlbnSCJCoua3NxbGRiLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIIdKi5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWwwDQYJKoZIhvcNAQELBQADggIBACq2FIEHRRMafIdY3Y4bynUKyfjBI+09yyxNubu1Rx0DLG7jEsUcGqpbFE/zDOGQ0SZzwbVGEFhAbyYeGpqZZy4gJ0N36b1lpe8HDL5RBNuEG8CsSiWuQi2dmi7pgLbJu16CPFcuGJEQKMnGH7hPOCuVqcx0/jkTqFpEbJaGsl4HVLRMSIBY4/eV3PkHZh5v3vtZC5m/IkMjaTFiF+YO5ZH/C9dFIZnxwRD+u/UG1oF71lqvuhkmEkcmSWWHwBMS71O4CEMiOGwQ9kaBAMvg61gAS4mGBJjw5UpGValPFr+Zw/RfcV2OI8GWF75O77nsp2kOUcTqBH8PreYzvYfBGVazBCvc+RFnRnrZ41rQTn/Q/bXuNrOmkiu2G1w0pQIL2F4a3CFaRJrB9JB59dzHwQGaGgOMiBkCtkyuVoKh138WMKPbjI12PMAcpX9QQlG5y8k6pTI4vJQC8+vQpKmHgtTaO48A5hC5+Ioifye0oQJow6MwpiZWve7vEKc+JgiqV5V5HD+HBOLiUwmDc2Jgg5KbxJWpmYfxjtaRO1x2lkT9zQDnVFD3JyTr6ZtIltgPLMwfTTFVR3sQFEyMKaWf36goVRV7wI3YGyGGzUPXE2k5FWqL8TiOH/w6p079nh0KeQRDeaPfuv+3OE+0p/Qlvxk69SsNknAEJN1LvIn9RMbyAAAAAgACY2EAAAF5EtLiRAAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGohGNcwaQ8wkWlh4HRH6NNI1nRPM7 + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZFVENDQXZtZ0F3SUJBZ0lRWkpJNlo2NnVlcE5yZVVpT3VwbFl3ekFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjeE1ERTBOREJhRncweU1qQTBNakl4Ck1ERTBOREJhTUVVeEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1ROHdEUVlEVlFRREV3WnJjM0ZzWkdJd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQpBNElCRHdBd2dnRUtBb0lCQVFEVkxnb0FtK25lVWp4akFoV0w4N1BtVDBYNUVHSEpSdzB6dmV2cy9JdWYvQWJTCjNodGxDd3U5NHEyTHBFYi93WUE4NzRIWGc3TDI1UTNQM3ZqNmh2eldDOC9PTjFXK2taYkpReU9FQXVFaDhTeXYKa0NFNEhpM3grUWlnazA5ay9UR0diRFV0ODJTZ0tNV1REUmNpR082ZVBKUyswMW5VL2dqV3Z2UGpuR2tYN1JyTApCMERpWHA0cFY3TGZ3VEhjZFA3NC9KV3pOK215TXhGdCtCT0s5YnRxV3YrWmlhTWxCOHRhVmZlQXdYNE9ZbEtDCmZrV3BRYTBKRUdjZGhnOHhwWndCbk9zeGtaTFQvRWZmYkZ4RW94ZjVaR1V4UEFlSXNKdjgrQlhZcmNGV2VWMDMKbW4rQzBobmxNVEx1WDE2MGFLeEJQaG1zbmxvNGNJT1dFRE9rYjhTckFnTUJBQUdqZ2Zzd2dmZ3dEZ1lEVlIwUApBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CCkFmOEVBakFBTUlHNEJnTlZIUkVFZ2JBd2dhMkNCbXR6Y1d4a1lvSVFhM054YkdSaUxtTnZibVpzZFdWdWRJSVUKYTNOeGJHUmlMbU52Ym1ac2RXVnVkQzV6ZG1PQ0ltdHpjV3hrWWk1amIyNW1iSFZsYm5RdWMzWmpMbU5zZFhOMApaWEl1Ykc5allXeUNFaW91YTNOeGJHUmlMbU52Ym1ac2RXVnVkSUlrS2k1cmMzRnNaR0l1WTI5dVpteDFaVzUwCkxuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDFjM1JsY2k1c2IyTmgKYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUtyWVVnUWRGRXhwOGgxamRqaHZLZFFySitNRWo3VDNMTEUyNQp1N1ZISFFNc2J1TVN4UndhcWxzVVQvTU00WkRSSm5QQnRVWVFXRUJ2Smg0YW1wbG5MaUFuUTNmcHZXV2w3d2NNCnZsRUUyNFFid0t4S0phNUNMWjJhTHVtQXRzbTdYb0k4Vnk0WWtSQW95Y1lmdUU4NEs1V3B6SFQrT1JPb1drUnMKbG9heVhnZFV0RXhJZ0Zqajk1WGMrUWRtSG0vZSsxa0xtYjhpUXlOcE1XSVg1Zzdsa2Y4TDEwVWhtZkhCRVA2Nwo5UWJXZ1h2V1dxKzZHU1lTUnlaSlpZZkFFeEx2VTdnSVF5STRiQkQyUm9FQXkrRHJXQUJMaVlZRW1QRGxTa1pWCnFVOFd2NW5EOUY5eFhZNGp3WllYdms3dnVleW5hUTVSeE9vRWZ3K3Q1ak85aDhFWlZyTUVLOXo1RVdkR2V0bmoKV3RCT2Y5RDl0ZTQyczZhU0s3WWJYRFNsQWd2WVhocmNJVnBFbXNIMGtIbjEzTWZCQVpvYUE0eUlHUUsyVEs1VwpncUhYZnhZd285dU1qWFk4d0J5bGYxQkNVYm5MeVRxbE1qaThsQUx6NjlDa3FZZUMxTm83andEbUVMbjRpaUovCko3U2hBbWpEb3pDbUpsYTk3dThRcHo0bUNLcFhsWGtjUDRjRTR1SlRDWU56WW1DRGtwdkVsYW1aaC9HTzFwRTcKWEhhV1JQM05BT2RVVVBjbkpPdnBtMGlXMkE4c3pCOU5NVlZIZXhBVVRJd3BwWi9mcUNoVkZYdkFqZGdiSVliTgpROWNUYVRrVmFvdnhPSTRmL0RxblR2MmVIUXA1QkVONW85KzYvN2M0VDdTbjlDVy9HVHIxS3cyU2NBUWszVXU4CmlmMUV4dkk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRFZMZ29BbStuZVVqeGoKQWhXTDg3UG1UMFg1RUdISlJ3MHp2ZXZzL0l1Zi9BYlMzaHRsQ3d1OTRxMkxwRWIvd1lBODc0SFhnN0wyNVEzUAozdmo2aHZ6V0M4L09OMVcra1piSlF5T0VBdUVoOFN5dmtDRTRIaTN4K1FpZ2swOWsvVEdHYkRVdDgyU2dLTVdUCkRSY2lHTzZlUEpTKzAxblUvZ2pXdnZQam5Ha1g3UnJMQjBEaVhwNHBWN0xmd1RIY2RQNzQvSld6TitteU14RnQKK0JPSzlidHFXditaaWFNbEI4dGFWZmVBd1g0T1lsS0Nma1dwUWEwSkVHY2RoZzh4cFp3Qm5Pc3hrWkxUL0VmZgpiRnhFb3hmNVpHVXhQQWVJc0p2OCtCWFlyY0ZXZVYwM21uK0MwaG5sTVRMdVgxNjBhS3hCUGhtc25sbzRjSU9XCkVET2tiOFNyQWdNQkFBRUNnZ0VBTFRYOVl4R3Q4THVLR1FsWkhueEoyLzlWL0xOdnVhczY3bzFKMnRIWW5zNXAKZUJFb3lDNG1pRmZwckdManQ5d0c0V1YrS1FIQ1U4QlNSSktxUlIrWndaOXhxKzlxWE9jdGpuT1J0YTZTcG9zcQppZlZNUmtXSVF2Z296ejFPcWtGVVhvaldZbTlyR05oc3hub1JQT2NDdkVabTJXMmpjSnVMcmxlREMvT2hDalNZCmtJMGdSWWl6M3YycGJESTYxTEk0T0VnMjlVQ0ZzV216cU01V1RwTDRQZTVvTExiRDhObGNSdWxvK1N1bGxEVHMKVG5RNVhkaStzc3JJMkV2Rk51ajYweEJSWXVuL0l1MEdEZ3cxb3dzcHdnNnRSUnJpeWJTUEdXeDBLSSs4a0phNwpWclJuQmNPLzBHcVF2MWs1Q3FWb0RCWHN0L1pUZ1dFUWhzdzQ0T0dXK1FLQmdRRFpaUThWSkY4dzdYcDlKNlRJCjVvdTdvYWNYT1NVTkt6dW41VE1GMUJYUDJqa2xsRHlpcCtZKzJ3K1UzL1poMUVXSFA5V1pSVGxnSEJxSEU0YWMKUWNNanJ5RmdkSEFZaCt1U2w1MkNmbkxkc0swUHkvc2QxVWcwcVpmWFV0Qk0vU2VaSzMweWlKZXlNN0d1VlZTZgpVSmVITzBraDk3QkdCQUlpQVFIb2lncVNSd0tCZ1FEN0NWM08wNThsTDVzZHh4TENGdXFYT29Udm1HRy8wRmErCjI3VnV1Z21malNMdnR6QkxMdXVQeFVvdWZpZXZ6S2p6TkEvRCs5Rm5MajdXZnlwa1NCL2g2a2syelE1STNQRmwKbWJFejJ0YmRSQjgxV2VlajFBVlFzSWJwbk9pZEk5ejVrRTg0V0hZOGhHSk5sVVJIdFZSVDFaSmdZYmJIRjNLLwpoUVNUQnByb2ZRS0JnUURKZDBWZUE0SVFOdFNnTGVBaHFyNXVXV1lmT0g4azBCOE4vbk9sZ0NIaXFVcnlqNGtOCitHbUJjTVBrNVJWUkhrWjlDK1Jva1dXVnN4WEdmb3J1UG1lWXAxRllNVEE5RzZGdURnSVRrQm5sWnpsSy9XK3YKK3h0YWFwemtHTVFmeFRBd1c4US8wNlE1cW55TW9sbTA5eHdtWUFQcmJiNjNkRG1CeDhzNzlNbk5Pd0tCZ0RrbQpnTHk5WU5YT2FMbjJ3RVovZ1JpOHNkYjZFZ2JoSDE2RUZtSUc2SG55WDZuRFFyTmJFelcvN0l0NUhQL2d6L1hPClBHaVp3NnFCMUx4d1p1NDluVVNKV2ZHbjdVQ1pURHVkS2NKc1o4NG4zQk1CVE1MM1dkNXMwY29OZHNlUGlwY20KUzJMQWdPcDJHUXNnbUZMYTdUL0l0M0pKekpxMnMrRDJIM3g1WEhyaEFvR0FOS3hrSm8xT0VMWGdlZmRKbVltdwpZNVlEK0x5ZmNMKzdGUlNHbTVqdjdMQ1FYbTZqTjRqTHFDNUc3WTEwZjg0UGE3a3NrSkJsNCt6NHh3Q0NHZlk4CkNFdDNYNFhNMVhGMDRNSDB0U1ZYN21IY3ZLbVgwRW1vVVFTMXVsaXJUYjNTSXVQMjQrdlArYkJKSC9aZzYzN0QKdWRYTTFFN3NFSHAxc2NpUG1ZMTJaY0k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EtLiRAAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGoqypfVz1zt0phuvrz37eH0Xveps6 +--- +apiVersion: v1 +kind: Secret +metadata: + name: registry-generated-jks +type: kubernetes.io/tls +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRGFEQ0NBbEFDQVFBd1J6RUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhFVEFQQmdOVkJBTVRDSEpsWjJsemRISjVNSUlCSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5YytJcXFLaXZrWk96a1BIeXBtdTd3ajZndHB1QUE1K2J4UlUKSkJ6WjFlNHFtcUFEbVpIOE1PTzJrSDlUV2FvZTFDWXFBN0xnT01tSTlWR1N0UC9EK0RranlhZFlUUDJuSmk2QwpXUFNtRFlzck1KNHlPbWRZcDdMdHB1NWdhQ1BPN0toV255eTdGbnA1SDY4RzVySnRqQm5HS2lJZ3dTbHNmOUxnCkZIS0psYTlIWGlyeEJBM3g3Wk4vYjl5Z0NLdndMWDU3M2lpNW5QVHdIcldxNDFLT1dGYkFKZG9qWGRiYlBYMUcKZFUzNmdINDdJR3pvaFlRdHBldTh5VXVsV21QNFZRVnR4eVBOaW5TVFYvY0g1NzFONlNZbDRzb3JaUDdXTko3YwpzUi95UWJWZDZUVDhHZ0NzNDk1UTk1SzN0UUxpNlBWZ2xnQ0hFbEVJVWdwU1h4MCtKUUlEQVFBQm9JSGJNSUhZCkJna3Foa2lHOXcwQkNRNHhnY293Z2Njd2djUUdBMVVkRVFTQnZEQ0J1WUlJY21WbmFYTjBjbm1DRW5KbFoybHoKZEhKNUxtTnZibVpzZFdWdWRJSVdjbVZuYVhOMGNua3VZMjl1Wm14MVpXNTBMbk4yWTRJa2NtVm5hWE4wY25rdQpZMjl1Wm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNnaFFxTG5KbFoybHpkSEo1TG1OdmJtWnNkV1Z1CmRJSW1LaTV5WldkcGMzUnllUzVqYjI1bWJIVmxiblF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDSFNvdVkyOXUKWm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJQSE9xZwpZNUhUSDVIamx5SFhxa2I5UEVWUEllVHFOSWdLYkZOdWVQcVpKKzcvUEFkNmUyUS9ERlRHQ3Zmb3BUcWNoYVBtCmo2YzY0V0pqQlAySVM2U1B3MVRnQ0hqVmVmU2UrUzdFUUhaS3ZwS1NucWVFaEhkcGRQdVJ2RDc5aEVqbDFQNFEKQTJyVk1pTzkzdmVWS2JYWVpOUENlNDFsRmVWaHdveFNuQWNHYmdJeXVPOW1KZEZLVjV3czR3eEdKOHhrTE1waAp2bUNkcG9BNllVbjE4aVMrd2o2aTA1enBVbXh5aFhXS3IzMjhOdjBGQUozQUlqaVo2TlJucEpUU2piVkFuNHVDCkRJeGxDa2F4V3NwSXhwUk9HWWFiV0JZblJOTzNFTDdKcGg4R3U5alE1SHF3ZStFYUV6K2gvYWtqZ0w5UHJzNGMKa1AraGV0R1c1VjVXSnVxdgotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K + jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk + keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5ErpCCgAABQIwggT+MA4GCisGAQQBKgIRAQEFAASCBOrWJqMF9Cux5JN17Z5f866XfWbVPU7Ii1Px81GcL1CBiF/tW/AO7mWHLBSrXNy1+c0husWdd058SGkcFY153mUluN1X+rJ6djc659fyN+gjLG0nf1nrjyf8abG/mvLg4s4cd5Z6i+RHTNlGAa7YiBJghaGdENrjvOdSwc5IoJt4kX5S24msdq/C9Po+ROvyP+lMETpd58yVLBl681FAn+0KvbjDTO1xLcVgn3tYWryt6bCFO1U4AwrzxGyXkQDldAmTQj4EvuBk7sJoErhr7nvwxFDfjA1aynw8hsvLVDYVscrVjRpLFU+Db90A+eVKdU5a/Bb97wb7u3kEdL4wi69LVYOzr+bNJJ7Yb7zb5mjJy12cHg+ZghImIGdCABbpbKrIjpfKKJYoNJFMkGGNLaFeUy+VB7t/gqSrFIu+4BlgBALnFN037ijw7RKEt3SKneqTEPg/41hriV9UjQsdpLMXv3uLPP8uzHXr71U0JuN6neGClaUUViEzpEw1Zwwfbw0+lrObyEKB4INPQgmi7UlL+wNdGrW/wHGpqmgO2AUt9Rxly1r9A736edEM8857VRU3Md9WAANimptiuNfHsjhoLh9i2fqu51AHcQev2MYAYI5G8nFA0EHOJB1uSErn8SoTcRmv819gTNRrkzNTQuBNY5iLmb+z7s+5lqInQjRQNqZ3bwC9Lqa9PYEOrS6H82LVQZoWSBnEkHnXyjWWuQEdEIUCTSv3XbcQ7VkNFMYl88jFiZApI1rZNzO5GlmX0BM8eDJHhF6SdG2EoxntwpIvFi7SR66nWGxpt1MtxH2t+A1v0rX0LRhLbvt3OzFTCZY/EW0HMHD7wzesmzNXgLDHi5fzX+dHLrGNg5C1q1zQy7phdI1omW5HSxAxuqWyypqAql2y/DBLwFozEm/ftzr+ERKd9qF92Z8YggKRUsRu8qqMHBkp80Yzzx2jakg+0Cy+f+We7c23jxyVR4CvinBHepatm3Y1mjLzx2UM+FgLxzavqV0BvZiOrlyKru3TO7O3a7dOlHyci1+R86y16yeukn88V4ayAhwqrbLqa2oOhgHGvobUt8wngU7VCNQg0kNn7QuTfyyFOTOxuCswRLyNjp0uPTmbgEYKnckXZ2bo7G0A6U1HwE/h9wnOiOKcVeMA2tevUFayqlyC15caMv666z4+4EkfnzN/ANWDGYAheOXqfDynUgLACTgvDlUPIAl2g7bSA9dGoCvJAqyxAJ8FSd27QhqCxiWuV/LEPDiOI1R9Qos6AMtzCFK7XIOqeUCEpXdvxHgB1VjsPxgk0nd8FemizX0LXFLyBatEh53CyMRJGovdHztwKr12/6T3ClYh7DbjGLw8WnqqGN6m4LBmWJ92haDUnVpDb9WeeGHopZxk8iVXofdVcXEiVRaJWOYV/h/oTjDrXX39/UZZ6MlrirGe3lkxbgtqMa3atlTL2wg+r3C9rDLsS5sq247xU3y6Sv+XtTbJ91WVBPJVbcMioImJ68zBDC6AJehY40ytl3fOiuqzE0lbbsmnuX6yD+Yjwvlp1Vpf/0pv4b3zSEohU2kBlA8LW3HwFscNdbs5BKaOABxRbJ7NX3PNl416XG/rtBHevMuRm2+wWaNY5RrU+vP2SO/OYKS2cKUOEfhfgfgPmkoNDSHG9HnAUnD4mg/ze5MzWkw3DJTNAAAAAQAEWDUwOQAABSUwggUhMIIDCaADAgECAhBwLrRcWC1rU7wsX52RZHicMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQyNzA5NDc0N1oXDTIyMDQyMjA5NDc0N1owRzELMAkGA1UEBhMCQ0gxDjAMBgNVBAoTBUR1ZnJ5MRUwEwYDVQQLEwxJbnNpZ2h0cyBQT0MxETAPBgNVBAMTCHJlZ2lzdHJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyc+IqqKivkZOzkPHypmu7wj6gtpuAA5+bxRUJBzZ1e4qmqADmZH8MOO2kH9TWaoe1CYqA7LgOMmI9VGStP/D+DkjyadYTP2nJi6CWPSmDYsrMJ4yOmdYp7Ltpu5gaCPO7KhWnyy7Fnp5H68G5rJtjBnGKiIgwSlsf9LgFHKJla9HXirxBA3x7ZN/b9ygCKvwLX573ii5nPTwHrWq41KOWFbAJdojXdbbPX1GdU36gH47IGzohYQtpeu8yUulWmP4VQVtxyPNinSTV/cH571N6SYl4sorZP7WNJ7csR/yQbVd6TT8GgCs495Q95K3tQLi6PVglgCHElEIUgpSXx0+JQIDAQABo4IBCDCCAQQwDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMIHEBgNVHREEgbwwgbmCCHJlZ2lzdHJ5ghJyZWdpc3RyeS5jb25mbHVlbnSCFnJlZ2lzdHJ5LmNvbmZsdWVudC5zdmOCJHJlZ2lzdHJ5LmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIIUKi5yZWdpc3RyeS5jb25mbHVlbnSCJioucmVnaXN0cnkuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2Fsgh0qLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAJADP27b6KzRx4mHtqp14fJMMe66xZZGrUc3uOEGnG9f7uxsr+mN/8kPUqwIUkXYCSBoql2l4kcqSJPDyOAn9g5N87i/6JyYXogCypQhMkGjUZh3Oej6nJ9/lsKwnke3t8qimRBm6wQrMwLQIH8AZQGnTzIhbNj4xRVNEeFVTEIDYum/DZY6NA/sRFzyDbs8rHvOdbJxoVHGvuK/nu/7AGjnGneqN1iRYv8rxvBcly8jxMtYD0wu41VijyD0cA8fnFOeiyTIOjQ0QuCPq7tE2hKi53U/GE1/mSgk2FX6QlqIuVFnAwFlNxxOamm2Sqd+S0vpFj8KJ2YMDHBLHepq3P0va8l+STeKVbghBZD0w7xv2ypq4oViRZUYV8nXm5uUf+3xZe5nVbhmUdOrFDTi8dE0ywZNoNyY7fiwcA/8b8sJZ8NyHuocIWsY1OD6PkDKjWPQsmZ061abiCVzyzZfscRdP29jRO4EZy9XBeSLC3cUP9tIpMmVy9St94tQTuYzQtPVpGStJ5QO9mUKUHzAM8ZZ/F8gDE1yHxql004YGSGqe1TuX/5oX0U+9k9ReCLhT0R13uvdOmCqOeYfqcr7RPtYocPRfauogKkj3U3kKlGS9zMBIkr7gh4SuraerNUzpAaYQ4LgQx188ZvTkpK07ufxcWE4hZignCUKJjW765hMAAAACAAJjYQAAAXkSukIKAARYNTA5AAAFDDCCBQgwggLwAgkAwCk1qRAIiMUwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDE5MjExNTUyWhcNMjQwMjA3MjExNTUyWjBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALrJQmV40plWUHCZwtWRl0mRqY8RifLa6YrhemNh4GlpLT7D97hNxlc477QCZ8+9HKW+KTmRCt7t1vjbkC8Pl5Q4uVx8g7knCyMhr9SdWJnkkVQEOIwl4QYqjUKsvtWGgCaZdiJ7CtRcJVoguGaB8H8gbFeuTx/L4gNh3KzwWoS0rHAYGCeJDKQRY13OnhMmVhTunmDf9xm/Cpk91YYAXQ8X65V66ScA4wLlllmmdYMbDW3uHdgTF0XIwBsE8zm7QahAq6myjbcylSzZAqOVTtknSFpovcfaA/nqabjzrzKK5zXd9m/ClsTy7nD9WXIYa3MBjlkmBJITayw4aV/rSlBTOHehBnRL+MgOICMeCTeDLwWuqJzOR1Jlxpr69DpAZ27Iv2ZO+3P45g5C+d5/4xtVeQUd5C57dOIeMYcoiuiEzZjUeRzUnZc4Sk/6nZ3qiGKAFSELxwv8FANwfgd7rq4ba/WunC2L8mvVgQDSYEAy3Elw2uswZb2j8+17UTmjCpGOFOhQp9K+2tdq9eeAmFsI8ZGDeK+3m8cPcIFWtBpERbDBlRGf7wogeKtyx77QLuJkWAW9bKzGdeX1E59A0J+US+uRcE6bdQUX4lB4V7jVkQ83asqEXIoT9uWE1j3MluAGRhbLUwmR6Cv7EkuvvxO81Zb7d2Sq6cl4TTSN0Bt7AgMBAAEwDQYJKoZIhvcNAQELBQADggIBAHjqFcAFwJKPlw3UXj6LrzXR0RhTRKuux/9BfcggprOXe4jFtV+XWt+7pGHt0wljGBT+idhxgXWy/CGaZ66OLNiDx9hM9FYGmPeTeogZGRHQpT7IRinK5RJIHggOYAPiCtvKZfTlybX9lOAxi9CwBg7p/O/sDy7g0VZKeEnRM1WBkccuWNCIrqGIqc6Y9QCexPYN7pcBpFp7djaf+6WjcAJhA94PyByHcsN38lWxyYD47BbEZ7iyYIcCrPeVj/dn2oCWJ7qI+kU6OG6Os+s9cGL0M8s8U9ZqYE4ZtBcqkjnsrifn/rXLSW53OmnzLXpaAyiQXwDzQze3LkPGoGo+0XKpCip3TjzqsWfxuk8qkdTA0IOZgZW1le3o6AQEMIZ6Oq/HzUXo1VZpBGexfgSxklidsTxsBnBB7qA77QI0qFZaxC0kVYzilDBcIk/YO1gK5XZF1mGcO5834n76NyoS42JjlmSoc5OPvDZ8mrJSOYwk3r9MARASeV8I/JnvP8StzLv1UI8yBjuWx03E31zgmXHUE0COuXwPMg4nVu2T9g5+MjJOJqyIxsbt6o/XWsSob7wgDoW8ck2Xwm3ItW1hFOaHIU7u3LAV+DJWJYWKc4rbH8p3chWi/Vo1/LqeMvdD8Tjt0gpbdJZbX8vzVxwmWY+enJiqehXLXJT6IqbUyEainAPfsldpFZUDJvjAsK9p1TsHj8g= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZJVENDQXdtZ0F3SUJBZ0lRY0M2MFhGZ3RhMU84TEYrZGtXUjRuREFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjd09UUTNORGRhRncweU1qQTBNakl3Ck9UUTNORGRhTUVjeEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1SRXdEd1lEVlFRREV3aHlaV2RwYzNSeWVUQ0NBU0l3RFFZSktvWklodmNOQVFFQgpCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNblBpS3Fpb3I1R1RzNUR4OHFacnU4SStvTGFiZ0FPZm04VVZDUWMyZFh1CktwcWdBNW1SL0REanRwQi9VMW1xSHRRbUtnT3k0RGpKaVBWUmtyVC93L2c1SThtbldFejlweVl1Z2xqMHBnMkwKS3pDZU1qcG5XS2V5N2FidVlHZ2p6dXlvVnA4c3V4WjZlUit2QnVheWJZd1p4aW9pSU1FcGJIL1M0QlJ5aVpXdgpSMTRxOFFRTjhlMlRmMi9jb0FpcjhDMStlOTRvdVp6MDhCNjFxdU5TamxoV3dDWGFJMTNXMnoxOVJuVk4rb0IrCk95QnM2SVdFTGFYcnZNbExwVnBqK0ZVRmJjY2p6WXAwazFmM0IrZTlUZWttSmVMS0syVCsxalNlM0xFZjhrRzEKWGVrMC9Cb0FyT1BlVVBlU3Q3VUM0dWoxWUpZQWh4SlJDRklLVWw4ZFBpVUNBd0VBQWFPQ0FRZ3dnZ0VFTUE0RwpBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEClZSMFRBUUgvQkFJd0FEQ0J4QVlEVlIwUkJJRzhNSUc1Z2doeVpXZHBjM1J5ZVlJU2NtVm5hWE4wY25rdVkyOXUKWm14MVpXNTBnaFp5WldkcGMzUnllUzVqYjI1bWJIVmxiblF1YzNaamdpUnlaV2RwYzNSeWVTNWpiMjVtYkhWbApiblF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDRkNvdWNtVm5hWE4wY25rdVkyOXVabXgxWlc1MGdpWXFMbkpsCloybHpkSEo1TG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJZEtpNWpiMjVtYkhWbGJuUXUKYzNaakxtTnNkWE4wWlhJdWJHOWpZV3d3RFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUNRQXo5dTIraXMwY2VKaAo3YXFkZUh5VERIdXVzV1dScTFITjdqaEJweHZYKzdzYksvcGpmL0pEMUtzQ0ZKRjJBa2dhS3BkcGVKSEtraVR3CjhqZ0ovWU9UZk80ditpY21GNklBc3FVSVRKQm8xR1lkem5vK3B5ZmY1YkNzSjVIdDdmS29wa1FadXNFS3pNQzAKQ0IvQUdVQnAwOHlJV3pZK01VVlRSSGhWVXhDQTJMcHZ3MldPalFQN0VSYzhnMjdQS3g3em5XeWNhRlJ4cjdpdgo1N3Yrd0JvNXhwM3FqZFlrV0wvSzhid1hKY3ZJOFRMV0E5TUx1TlZZbzhnOUhBUEg1eFRub3NreURvME5FTGdqCjZ1N1JOb1NvdWQxUHhoTmY1a29KTmhWK2tKYWlMbFJad01CWlRjY1RtcHB0a3FuZmt0TDZSWS9DaWRtREF4d1MKeDNxYXR6OUwydkpma2szaWxXNElRV1E5TU84YjlzcWF1S0ZZa1dWR0ZmSjE1dWJsSC90OFdYdVoxVzRabEhUcQp4UTA0dkhSTk1zR1RhRGNtTzM0c0hBUC9HL0xDV2ZEY2g3cUhDRnJHTlRnK2o1QXlvMWowTEptZE90V200Z2xjCjhzMlg3SEVYVDl2WTBUdUJHY3ZWd1hraXd0M0ZEL2JTS1RKbGN2VXJmZUxVRTdtTTBMVDFhUmtyU2VVRHZabEMKbEI4d0RQR1dmeGZJQXhOY2g4YXBkTk9HQmtocW50VTdsLythRjlGUHZaUFVYZ2k0VTlFZGQ3cjNUcGdxam5tSAo2bksrMFQ3V0tIRDBYMnJxSUNwSTkxTjVDcFJrdmN6QVNKSys0SWVFcnEybnF6Vk02UUdtRU9DNEVNZGZQR2IwCjVLU3RPN244WEZoT0lXWW9Kd2xDaVkxdSt1WVQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRREp6NGlxb3FLK1JrN08KUThmS21hN3ZDUHFDMm00QURuNXZGRlFrSE5uVjdpcWFvQU9aa2Z3dzQ3YVFmMU5acWg3VUppb0RzdUE0eVlqMQpVWkswLzhQNE9TUEpwMWhNL2FjbUxvSlk5S1lOaXlzd25qSTZaMWluc3UybTdtQm9JODdzcUZhZkxMc1dlbmtmCnJ3Ym1zbTJNR2NZcUlpREJLV3gvMHVBVWNvbVZyMGRlS3ZFRURmSHRrMzl2M0tBSXEvQXRmbnZlS0xtYzlQQWUKdGFyalVvNVlWc0FsMmlOZDF0czlmVVoxVGZxQWZqc2diT2lGaEMybDY3ekpTNlZhWS9oVkJXM0hJODJLZEpOWAo5d2ZudlUzcEppWGl5aXRrL3RZMG50eXhIL0pCdFYzcE5Qd2FBS3pqM2xEM2tyZTFBdUxvOVdDV0FJY1NVUWhTCkNsSmZIVDRsQWdNQkFBRUNnZ0VCQUx5aVdmSjFObjE0Sm0weWVldHNIMUdiS04xcTRtcjNJVU1lMDA4MkVIK2cKc1AzN0Y2SlNERkorWnNWRjNsanZaUVdUN3EycVkxOXhNYTFzWkI3Kyt1Um9OSVZuQUdobXAvaE9mTlE5U1lGYgpWakdKalJWK1NDWG9YNjhySGIzNXlvNzNBcENpTlBYYjRKKzI4Rkp1OFdxRkpPOTVHdml5aVpJcFAvNmMyUEdwClRMVUx2OWdTOFNwd0I2aUtkQ0lZUnNBdHI1TUhRNjFDcGM4MUxsMGYrUzRlVmw0QXlMbUI3eC9oMVBoWTNScTgKU2E0N0w0VEpEclJCbmdZMzh5YjE0VHFvdWZERkpaK3lDMjJlOWx1VXArMWxMVjE2MXR2YWNxdElZV0dlTzNZNgpFNm9uZmZUcTFRdXZvbzhzdklEcFdmSzQ4TjNtYm5xN09lMk1BNzdoajRFQ2dZRUExQ29icFptSTdwczV5cVl5Ck1LL2JtSXhBUU5yQnVjVWtzSXExcE5PV2JCa28yVFZ6dG1PTWcrSTMxUlJEZXZ3WlZBa1ZoZmpXV1ZWR3NDbnMKWjI4eG1Pd2I3TXNYSi9ycFJyOHZyQWdpQURvbHNjK2dwbnRYVGpaZy9OWk5rOEVRbGFEMTJHb0lqZEdXc05pcAptWEJOU05TcTU4d2c1d1o1N2l3eDVqNGN6UEVDZ1lFQTg0SEp3R1dOTlFOY2grVGhGZkFwRTU0L3d0Wnd6eEFoCkFoUnprM3FtYzV6SW1abW5yc0V4aWtaWTBsMlpJWmxWYmgwdUZyTXcwY3N5dFoyUkdidVZzeEJPNUxMZXFLcVoKeFU1RjZLbkxBM1NHSVNzT254WmRZRVNydzR2QmZWbXVJSTBTR09Edm5Pem1TVDVNVnFkUGRsK0krOVRpVXNFTgpvc3lsNkxYODFIVUNnWUJDVzlFOTRHRzF6NU1wMFFXTnVOTkVTVW1uZjBSc2FEN3JnTmNEY0xKeHFRVGZ1eG93CkI3N2hXUllCYlU4VjNsZkZzdm1xWjRRVGVOcWRLdCtvRWwwKzZVcHFxN0xZYkdBZUlwbzBnbTZ3QjMvV3Q0d1YKeGlvdWFrKzNoUWZLbU80by9xa21RVFBmdDVnY1JBZjMxK28wUjJBVkZBR09nTFlPU29CbzlUQm80UUtCZ0NlZQplMXZ4YWVzeE05SHNmRzdjVjJLWXdka0ttT29udnFjZStyc0pIcUg2NVd5UVlvYjlhZmtNZnhFakozSWZCNVpWCjZ4VEliTzRGZUtleURsUzRmNS9WekhCTFpnemRUUTJjTWFXc1VwcXFUOVIvcys1UWJqcm1rV2ZNaWx2QnhxSUgKTWVXWVc0UVZ5MVlwYTdSQm5wMHM2QlhKU2xXYWtZUm1kYXdLU0N1dEFvR0JBTXM0SkFUTlNOTFJhU3JmaENwRgpIRVZxNGNUL2dBUWNiNTRHaG10STBxa1Rzek1NL1UwTElRaWZBWk9ZM3djM2VYUUc4YkRGUmR4VXpPL2RyM3A3CnhqNVlQZWpGSUxlRG9wekx2Y0o5RldBQlVBMXVXUFk0eVE2elZVNVNZVkd1eVh5OWJNcGNIeUdHNysyRHhlaWcKVEh3L2prblRGZkRybUNydjNJc0hrZmoxCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5ErpCCgAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGop0nmg8QgU4VXD1zTfkq5kZ392GD +--- +apiVersion: v1 +kind: Secret +metadata: + name: rest-sslcerts +type: kubernetes.io/tls +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2lEQ0NBWEFDQVFBd1F6RUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9NQlVSMVpuSjVNUlV3RXdZRApWUVFMREF4SmJuTnBaMmgwY3lCUVQwTXhEVEFMQmdOVkJBTU1CSEpsYzNRd2dnRWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDdWpiK1drYjlNTGxtQnpRbTVTZ1hBeTVrNmRPNjM5bHlZSUl3K1c1TUgKTEZUQ2diN3lSQUhOY2N3a0RsaG9oVFJpY0tYc0Q3cHBzNEJtK2hsNlVta0FuZDR4NzJ6OC82dXNkMENnT1hlTwowZG04SmFxdWQrVW11cnk3Y0U1VEtTaElGL2tacmEzMFlEemRVSjhFNTFPR29NYk9lZlZRMlMwQlVTeHRRTmFLCm1aYnRoNWRQbUJEckcwamFycDhDZDRZY1BpdHRjSTNiNFdXRXZ1WHpCa2hmN21TRUpSdnBRUkI3YTgvdldMTVoKL0FoblpFRnh0UDEvSHZpckJYa0ZUNXd6MEhuY3NXcGtwd2JWbDJhYVRST0JzMTJUUGJJOXRpMnU2MnJGRHJlYgppRkZERlVVWFVjRitrYXAwRUtSYVNHRHZpai9CZkdkVHZUMFd0N1lGekE5cEFnTUJBQUdnQURBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFrOHRIQXpXY3ZTaFFJRGN3b3pzSHNpYThkNlZnNlJrbG5hbEt0SFgzY0FqRitvOWkKMnU5aWczbVFDRGVGUEpmdDlmSnlLM1gwUDUzSU9TM3VWWDRnRmpkTnU2aVNRY3ZKOXVnbWZ6cUZybWNheEg1ZgozVlZQZm9WdUpEaVpxc0FlZTJJNWhhMzEwMUNsTWdiU3A2YmZBSVNMQ0xoUiswaHVaNnYzQ0FFN2dsUHNZMnhFCjFOSE9ka1dDYm5NcU5Ib3ZWOCt6WlhEYUt3RXQxanVUeW0zMEp2VjluL1hTWGVMQVF4ZkpyMTBkWEkvc00rbzQKTWJNOW5WZzh4cVkwdit0b3NwbEwvbjdNWkNENTRIaXpsbW1KbHpRZDVSUElGaGc4UWZVd0ZHejZydzJKSWE4dQpYeGcwVURDaS8ybHlMUkR0S0QzMUVqWWhud0EzQVMyM0JMbkJ4dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo= + jksPassword.txt: amtzUGFzc3dvcmQ9Y2hhbmdlaXQKCg== + keystore.jks: /u3+7QAAAAIAAAABAAAAAQAEcmVzdAAAAXj0oI9WAAAFATCCBP0wDgYKKwYBBAEqAhEBAQUABIIE6XptDRk9DByyOU1E+J4F19K6tGx3lmtyQYXswcmvhuig4zbLvi7baWqFV9pZrCP1O2vcfsfkByXTezKCLPoJUsT6dmpGzjscwZ90kSkjWytZkvz9xLlEGAwE7DurmXgOXu+ucXtXRvdYMSb9kJsk7zsH37fFoyHxPSAMG2DdHw3yV4ysaGCTHzx56VoaQWz3Ett+Q28hltmfamyzyyGFS4osSQi9Ll/ZW/LJJXOjR5kGG8JTZevBKdEACusMG2RELbg4STBMef2LEwF0TDvCiAK+k6J5pixVP0x0+/JmA4cA/P8Vxc2nu8DapAKuWbQdzpZ3We+O5TRPhdyuFFTtJFicWQnvX3J4/82POM6rDlDI0MtgOL7mmj9mij/2OG7Fqan9eFpFuS4RUfBcTnsOhKku3wDsaAqrwlMm9n8cHk6GBkmYKj1FILYJ9HjS+m60wFdWHA1QTCSWYCCZet8m+K8eyZgI1ZxTFeogL4rgiev8aMw2ZxFphxWCjI2KZ7FsGqPnrVmWAyzjY8gOSfABpDewYTwTmieEvipPojkAEyVNyZXaNEr+bBBzHxduLY9nAL8v+LtZBKUCXpr7eZ9zY2yEBjIb2iBAOHt/+bG/kGZkpgPmJCrgPyRi1ESP+x4+nNr0fQdfgfYDL0qDYlT6971Tln3pvQwUrl3t5QQjBSKlDMa/KNl/uJEM123UodEsT27Rpl6+mLEFGbhcKGkuLfkdxMlytB+jGSdtN/CMF4o6IawvJfIuUavb4YHq/lVDdiEP7Bxi0fuTC/vE7+FR5wlnvF2ZQCk/WowGwTzw/LvBgTk3lO52mhp+lZiz3r1+dZAVwnbUNkcQjBBQqbHF3pk91SL7FXaUZTauNJZxZn+eeNMjR+VtwOpNSnKHeTabGbJczgCVOKU16hO0WqYfshg2GaxqKohOiz9XYkEkGpNQPrG9eqSlwjVOdT8CB7TE3HO5cj7Hd7XeWrY+IxiJ7J6Y1ZKmg78Ru8H0IiOAkuxKWRQamORgckWmj7T5ZJkum4pbcfhsPYrXS2qv9DcfaWmlGB6jbyo8ezLCp+wz2cbwQyXwmS3zmbcS/MftsNej72tdNLtwJHhyCEIyXgAG73AvTxu7qDPf7vKBik94ETVG9mzecJM382GcavV8JvYHGIjZEqunJxQv/MUApL3//ObYzVfYlb206YcjQnTTOFYYEvk05jaCOydOtQdCaWMOBq6jZER3VirFS22digpCpcq80eT25el7yj0b7Leigk/t7oM3hcSQP2K9FYXik6Jr80tkA3K9Zrqd5XqY417OeADFfP9itgq47tvu509/lJi8irloo6IZSkkCrrlOiKU2GJdfFXYQvh/kVkd3vFKpnYllKAjX3CQ9R0Afr200Vc/fnBAhdwe6RXePBGK2rvE5faiiVowm2aUj5cMsdLtM9RiGm05EcM5eIC6kdOJdhq1KCzRZLERCtH5zIM0ttRlE5f5SHNmk74GCui7HjyNhe+r2pa4dkev4/SuOU8gJ+8w6NJsNY01h5uvKjp8IhVU+9UMHZftsXy2aRBPtKBDb1cz1A8ouwpyuJeyy47GOmn7EIQ4OGnpBkrcp+ewLMIkCT+GF1RxUbTmiRMUTkOiY21VXGS/Azh4aRbMdAbXH7AAh3pwnO26cbfAzDYmihBWCxRuZoOibtt4WUAAAAAMABVguNTA5AAAD9DCCA/AwggLYoAMCAQICCQDoW62bU8ygFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEPMA0GA1UEAwwGU1NMIENBMB4XDTIxMDQyMTEzMzEwNVoXDTIyMDQyMTEzMzEwNVowQzELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxDTALBgNVBAMMBHJlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCujb+Wkb9MLlmBzQm5SgXAy5k6dO639lyYIIw+W5MHLFTCgb7yRAHNccwkDlhohTRicKXsD7pps4Bm+hl6UmkAnd4x72z8/6usd0CgOXeO0dm8Jaqud+Umury7cE5TKShIF/kZra30YDzdUJ8E51OGoMbOefVQ2S0BUSxtQNaKmZbth5dPmBDrG0jarp8Cd4YcPittcI3b4WWEvuXzBkhf7mSEJRvpQRB7a8/vWLMZ/AhnZEFxtP1/HvirBXkFT5wz0HncsWpkpwbVl2aaTROBs12TPbI9ti2u62rFDrebiFFDFUUXUcF+kap0EKRaSGDvij/BfGdTvT0Wt7YFzA9pAgMBAAGjgeQwgeEwgacGA1UdEQSBnzCBnIIEcmVzdIIOcmVzdC5jb25mbHVlbnSCEnJlc3QuY29uZmx1ZW50LnN2Y4IgcmVzdC5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCECoucmVzdC5jb25mbHVlbnSCIioucmVzdC5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCGCoucmVzdC5zdmMuY2x1c3Rlci5sb2NhbDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAHGKR7zEIgFLos6RAIXfwO+EYne3Q8pHB890YSchc+yW0rgDONPPGcl/k6XmsL9+Zs6AIIcO5VVBkFqusrS/h1Zt5yvY+r3elrXa5/xNa3SFLVDRqVDzowpibS7RkCc3bkdYtrOZ7kKYMmV2degBd4sih3lTLd7Qb4y5jKwFkOyvcKiWJ0dVUhRNeCL4DZcR/POA6JtrG7a6TYcz/TNUyudLfO+RFKXuC5GsmeQxVW6qLCcD7QLUBuRQshJW6nLDswnYUgNFM/84Iy8wcAC4/W4guRqj0vnIl8WC3VrFdGSbHLwfvlJqe73l77Q6e4nzxoD73UwZPMycno4KAF2MZBUABVguNTA5AAAELzCCBCswggIToAMCAQICCQCU4on800qmnDANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yMjA0MTkyMTE1NTJaMEUxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMQ8wDQYDVQQDDAZTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWuUSwQ2cXcKxH165cnuaVq07De/UGa2vFbjdkhR5A6TOU074uOqfZTiLPHhKSZ4YYH1+L4K9Q+lbat3gqhvpnUtP+n307YR1eoTyKdd6EYb8vEue4TG6DSPzgatMxsiliqpee5Q0IJQU2ng6Bb7UUR8ooudtYc7nJVi1GvxmuFejF44g/0db7hUSUvmNyDuxaipGtVj9yZqJf5Kc7JCHqih80/7WcWxIalzYMdqvVti5BVvs2bbLIqS/DSRoFy+jO/m6y0YaXi/0bWbjd6pm6noE7t0tTY2jXxmGDMyuOa9acTFWu/hS5TOTnA27p3xAWga+/w30TKvHM7l6jyaSxAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgKEMA0GCSqGSIb3DQEBCwUAA4ICAQAcfOCVH7IEzAauOklzSeDYqIYkvNKFbWtBhUqm3P5jsZoa6+RMkCe6imbNR7wYlzzF+lXuLWkCIQI10WC/dc7RjKDB3Ra6p0fsARa26C+5OaD/prPraOBnZpIP27iXeCOORETZCuePTIodzximX/mxfDp8jE3utuW1qXmxjc6gLChX/IUbHfgWiJz4fU9crSaynqzBBZCaMMpZPEgJXy00kX6tsWKIlVbVULW9KYw1AD+8lNxUzWuceIngm/XYyOM+vmZMDZ0pv+Th9YbtwRlVCAzRyBM5muC2uxg9//VsFs19mqhPr6AISj4IKoxBOCaVUn6L8STM6XhNeO9boW6NPXuaWyCeRaLKOyeMfpBdPfo+CujVacPSQ2YNKMU/a4QE3j/BSuG/P1dlFprbb8ZzGBOvfxqv01zgETfvqS9RgNkqa1D4KRKkOZLYGsuU6jdpq/UB9PXWZETAKu2QA1ckWtNLz9FMPrviGYj1HsazaCYcx7FhEzFejoIsmlarmtpZQH9taLf2cn/ZJrDDncdJBOvyZsmtefS/+k/hKLrgUKEm6QdwVR0BbFc/5GatihCwi3hgoEj0r4F0PYnbp96MLlhKO3kdO02lrXnPzgEG+j6S7dNhTreBBybtMpLl0BAdCnzeOXqQMoeGKQZXoLwn7xReGmzJYcECVzGNqezAcgAFWC41MDkAAAUMMIIFCDCCAvACCQDAKTWpEAiIxTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yNDAyMDcyMTE1NTJaMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuslCZXjSmVZQcJnC1ZGXSZGpjxGJ8trpiuF6Y2HgaWktPsP3uE3GVzjvtAJnz70cpb4pOZEK3u3W+NuQLw+XlDi5XHyDuScLIyGv1J1YmeSRVAQ4jCXhBiqNQqy+1YaAJpl2InsK1FwlWiC4ZoHwfyBsV65PH8viA2HcrPBahLSscBgYJ4kMpBFjXc6eEyZWFO6eYN/3Gb8KmT3VhgBdDxfrlXrpJwDjAuWWWaZ1gxsNbe4d2BMXRcjAGwTzObtBqECrqbKNtzKVLNkCo5VO2SdIWmi9x9oD+eppuPOvMornNd32b8KWxPLucP1ZchhrcwGOWSYEkhNrLDhpX+tKUFM4d6EGdEv4yA4gIx4JN4MvBa6onM5HUmXGmvr0OkBnbsi/Zk77c/jmDkL53n/jG1V5BR3kLnt04h4xhyiK6ITNmNR5HNSdlzhKT/qdneqIYoAVIQvHC/wUA3B+B3uurhtr9a6cLYvya9WBANJgQDLcSXDa6zBlvaPz7XtROaMKkY4U6FCn0r7a12r154CYWwjxkYN4r7ebxw9wgVa0GkRFsMGVEZ/vCiB4q3LHvtAu4mRYBb1srMZ15fUTn0DQn5RL65FwTpt1BRfiUHhXuNWRDzdqyoRcihP25YTWPcyW4AZGFstTCZHoK/sSS6+/E7zVlvt3ZKrpyXhNNI3QG3sCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAeOoVwAXAko+XDdRePouvNdHRGFNEq67H/0F9yCCms5d7iMW1X5da37ukYe3TCWMYFP6J2HGBdbL8IZpnro4s2IPH2Ez0VgaY95N6iBkZEdClPshGKcrlEkgeCA5gA+IK28pl9OXJtf2U4DGL0LAGDun87+wPLuDRVkp4SdEzVYGRxy5Y0IiuoYipzpj1AJ7E9g3ulwGkWnt2Np/7paNwAmED3g/IHIdyw3fyVbHJgPjsFsRnuLJghwKs95WP92fagJYnuoj6RTo4bo6z6z1wYvQzyzxT1mpgThm0FyqSOeyuJ+f+tctJbnc6afMteloDKJBfAPNDN7cuQ8agaj7RcqkKKndOPOqxZ/G6TyqR1MDQg5mBlbWV7ejoBAQwhno6r8fNRejVVmkEZ7F+BLGSWJ2xPGwGcEHuoDvtAjSoVlrELSRVjOKUMFwiT9g7WArldkXWYZw7nzfifvo3KhLjYmOWZKhzk4+8NnyaslI5jCTev0wBEBJ5Xwj8me8/xK3Mu/VQjzIGO5bHTcTfXOCZcdQTQI65fA8yDidW7ZP2Dn4yMk4mrIjGxu3qj9daxKhvvCAOhbxyTZfCbci1bWEU5ochTu7csBX4MlYlhYpzitsfyndyFaL9WjX8up4y90PxOO3SClt0lltfy/NXHCZZj56cmKp6FctclPoiptTIRqJD+Ym0Ks9Ms0nrQbI6SbeWkhpv4w== + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ4RENDQXRpZ0F3SUJBZ0lKQU9oYnJadFR6S0FYTUEwR0NTcUdTSWIzRFFFQkN3VUFNRVV4Q3pBSkJnTlYKQkFZVEFrTklNUTR3REFZRFZRUUtEQVZFZFdaeWVURVZNQk1HQTFVRUN3d01TVzV6YVdkb2RITWdVRTlETVE4dwpEUVlEVlFRRERBWlRVMHdnUTBFd0hoY05NakV3TkRJeE1UTXpNVEExV2hjTk1qSXdOREl4TVRNek1UQTFXakJECk1Rc3dDUVlEVlFRR0V3SkRTREVPTUF3R0ExVUVDZ3dGUkhWbWNua3hGVEFUQmdOVkJBc01ERWx1YzJsbmFIUnoKSUZCUFF6RU5NQXNHQTFVRUF3d0VjbVZ6ZERDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQwpnZ0VCQUs2TnY1YVJ2MHd1V1lITkNibEtCY0RMbVRwMDdyZjJYSmdnakQ1Ymt3Y3NWTUtCdnZKRUFjMXh6Q1FPCldHaUZOR0p3cGV3UHVtbXpnR2I2R1hwU2FRQ2Qzakh2YlB6L3E2eDNRS0E1ZDQ3UjJid2xxcTUzNVNhNnZMdHcKVGxNcEtFZ1grUm10cmZSZ1BOMVFud1RuVTRhZ3hzNTU5VkRaTFFGUkxHMUExb3FabHUySGwwK1lFT3NiU05xdQpud0ozaGh3K0syMXdqZHZoWllTKzVmTUdTRi91WklRbEcrbEJFSHRyeis5WXN4bjhDR2RrUVhHMC9YOGUrS3NGCmVRVlBuRFBRZWR5eGFtU25CdFdYWnBwTkU0R3pYWk05c2oyMkxhN3Jhc1VPdDV1SVVVTVZSUmRSd1g2UnFuUVEKcEZwSVlPK0tQOEY4WjFPOVBSYTN0Z1hNRDJrQ0F3RUFBYU9CNURDQjRUQ0Jwd1lEVlIwUkJJR2ZNSUdjZ2dSeQpaWE4wZ2c1eVpYTjBMbU52Ym1ac2RXVnVkSUlTY21WemRDNWpiMjVtYkhWbGJuUXVjM1pqZ2lCeVpYTjBMbU52CmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJUUtpNXlaWE4wTG1OdmJtWnNkV1Z1ZElJaUtpNXkKWlhOMExtTnZibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSVlLaTV5WlhOMExuTjJZeTVqYkhWegpkR1Z5TG14dlkyRnNNQWtHQTFVZEV3UUNNQUF3Q3dZRFZSMFBCQVFEQWdXZ01CMEdBMVVkSlFRV01CUUdDQ3NHCkFRVUZCd01CQmdnckJnRUZCUWNEQWpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWNZcEh2TVFpQVV1aXpwRUEKaGQvQTc0UmlkN2REeWtjSHozUmhKeUZ6N0piU3VBTTQwODhaeVgrVHBlYXd2MzVtem9BZ2h3N2xWVUdRV3E2eQp0TCtIVm0zbks5ajZ2ZDZXdGRybi9FMXJkSVV0VU5HcFVQT2pDbUp0THRHUUp6ZHVSMWkyczVudVFwZ3laWFoxCjZBRjNpeUtIZVZNdDN0QnZqTG1NckFXUTdLOXdxSlluUjFWU0ZFMTRJdmdObHhIODg0RG9tMnNidHJwTmh6UDkKTTFUSzUwdDg3NUVVcGU0TGtheVo1REZWYnFvc0p3UHRBdFFHNUZDeUVsYnFjc096Q2RoU0EwVXovemdqTHpCdwpBTGo5YmlDNUdxUFMrY2lYeFlMZFdzVjBaSnNjdkIrK1VtcDd2ZVh2dERwN2lmUEdnUHZkVEJrOHpKeWVqZ29BClhZeGtGUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcm8yL2xwRy9UQzVaZ2MwSnVVb0Z3TXVaT25UdXQvWmNtQ0NNUGx1VEJ5eFV3b0crCjhrUUJ6WEhNSkE1WWFJVTBZbkNsN0ErNmFiT0Fadm9aZWxKcEFKM2VNZTlzL1ArcnJIZEFvRGwzanRIWnZDV3EKcm5mbEpycTh1M0JPVXlrb1NCZjVHYTJ0OUdBODNWQ2ZCT2RUaHFER3pubjFVTmt0QVZFc2JVRFdpcG1XN1llWApUNWdRNnh0STJxNmZBbmVHSEQ0cmJYQ04yK0ZsaEw3bDh3WklYKzVraENVYjZVRVFlMnZQNzFpekdmd0laMlJCCmNiVDlmeDc0cXdWNUJVK2NNOUI1M0xGcVpLY0cxWmRtbWswVGdiTmRrejJ5UGJZdHJ1dHF4UTYzbTRoUlF4VkYKRjFIQmZwR3FkQkNrV2toZzc0by93WHhuVTcwOUZyZTJCY3dQYVFJREFRQUJBb0lCQVFDTmFaejdlTnhIOVl6aQpFYUI5RWpFUy9sOEc4dENyRE5YN0VQTk5XWmNGeXE1b1hnQzUrTXFWREVwY001c0FJbHBNSGdMdCtkZ0Y1anh5Ck1OQVBQMUIrQldlTGdQTUZESVNpVm9KdXk5L0dQdEJ0RXY3eUZZUDZHbkxvVDVYRTNhVWFzd0ZHQW1UWmhGWUsKM2xQVi95cTErTzdYUEFxNEV4blk1VkJldXBhVTlYNlFpUG0xYlNNSnloT0RGMVdxL2c2U3FJWW5MOVVYYUw2MgpUalRpdDFRN043VTUveFBtTW9zWDYxUDdzUm5rdE9PQTZPSVIxYWJIUnJLY083UWlPTkJaTXpIU1VKRlc1STJvCjNJbVdTYnl1dEFuVGZYdFo0dm9aRDlsMmc3V2VpZTQ1VENsSmJyN01UVVF1Zzc4MjhUckdXRVd5ZmVRR3dCbkkKSThFb2dsTjVBb0dCQU5xckdFcEhuaFhSaVB2UVF6VS9kYVorZVVnRzlxa1FqMDhtcVFYZjJTWllSdVpVeVBuUwpMOWlNUlFYNWQ1Zmt6dWEzdis2aWFaWEtsM2hYT2gyNWdqa2x5OGxaY2tKcUJjZU5EZjhoSDNmWnYxUk9ScVFuCmVRQncwYVJkL0p6MFY1aUZ2ZkZTeGdTaVo2cG9kZXVoTnFKT1VFZERXRTdoWTF0dVMwRTlIZVFuQW9HQkFNeGEKbjFCSGJOYnowb1RVd0N5QmowdFJqWklQaUU4ZjV4RFR4SDF0N1prMVg1SThHMW1qakdCTWQ2cmlpaEZ1TElYbQpaUUJDaGZ3ckoxdSs4dXZVY1dNcEtCMHM2eEdJTm9ORmNMY2FnUFcyWlRuMTV6ZDZsZFpKKzBCalpvOHI3Q24zCkMyd1VsYm9nUEZIdjQ5UWJRNzhUVDV3bm1xK2NqeUVLdjZ2ZjZkbnZBb0dBY1pZc3NQRVF5aTZrNUlGalYvYVYKNjUySTdJUkpmcnJPWm9RamlweWoxUXBJRWY5NndtS1BYZ0pISEhwZ3lETWYwck1pYlJoS2xuZTlSTkt5cXB3aApiQVFaSG9kckZkcXpFOXhPcC9lUnZCVU5FUUwwS1BNa0pMbDEvTmFoa1BwUHdqZSsyZXR3VnhueGxaQmJxTUYrCmVzTUphbXN1SlJOcEpDWmZ5d3l2U1VNQ2dZQkVMTmVKaU1xZXk2a245M0pGWnRQUFpOMitKTUJzNVUvSkpWMGcKRzFSeEVJVlozQU9qM0JRdzdGSGdDTVBYSE5KdHVYZG9wc2pjWCtrNWluS3dpcWRwVlltMGNnL2FRWDh1UERSbQpZY2swTUMyRk1LeDZyY0xmUXI4M3MvRzdRZ1AvM0JOTGMzS2dMYkR5QlA0VS9TT1UwM1J6dkNLM0E1d2NnZUdBCkRhdU9zUUtCZ0g1WEtuYzU0bWRaMzBnN0hhUlF4T1BvZWRKK21zVjlCQnpYR2hpVUFtcWhva2dpc2dVRmQ5Y24KczNCcVYxektSY1V1UEVhc3RsRTdtaVpUSFhESklOeGp5cDdLd0xtK2M0YVJzemhXTUF1NzRsbDZ5QWMwak91WAo0cnVBdVBrY0pIbzhhRSsvY3I5NXo1MlZRRDVVdTgwWDU5R21HMnFsZ015ZFRLKys5RGlkCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF47AJ+MgAFWC41MDkAAAUMMIIFCDCCAvACCQDAKTWpEAiIxTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yNDAyMDcyMTE1NTJaMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuslCZXjSmVZQcJnC1ZGXSZGpjxGJ8trpiuF6Y2HgaWktPsP3uE3GVzjvtAJnz70cpb4pOZEK3u3W+NuQLw+XlDi5XHyDuScLIyGv1J1YmeSRVAQ4jCXhBiqNQqy+1YaAJpl2InsK1FwlWiC4ZoHwfyBsV65PH8viA2HcrPBahLSscBgYJ4kMpBFjXc6eEyZWFO6eYN/3Gb8KmT3VhgBdDxfrlXrpJwDjAuWWWaZ1gxsNbe4d2BMXRcjAGwTzObtBqECrqbKNtzKVLNkCo5VO2SdIWmi9x9oD+eppuPOvMornNd32b8KWxPLucP1ZchhrcwGOWSYEkhNrLDhpX+tKUFM4d6EGdEv4yA4gIx4JN4MvBa6onM5HUmXGmvr0OkBnbsi/Zk77c/jmDkL53n/jG1V5BR3kLnt04h4xhyiK6ITNmNR5HNSdlzhKT/qdneqIYoAVIQvHC/wUA3B+B3uurhtr9a6cLYvya9WBANJgQDLcSXDa6zBlvaPz7XtROaMKkY4U6FCn0r7a12r154CYWwjxkYN4r7ebxw9wgVa0GkRFsMGVEZ/vCiB4q3LHvtAu4mRYBb1srMZ15fUTn0DQn5RL65FwTpt1BRfiUHhXuNWRDzdqyoRcihP25YTWPcyW4AZGFstTCZHoK/sSS6+/E7zVlvt3ZKrpyXhNNI3QG3sCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAeOoVwAXAko+XDdRePouvNdHRGFNEq67H/0F9yCCms5d7iMW1X5da37ukYe3TCWMYFP6J2HGBdbL8IZpnro4s2IPH2Ez0VgaY95N6iBkZEdClPshGKcrlEkgeCA5gA+IK28pl9OXJtf2U4DGL0LAGDun87+wPLuDRVkp4SdEzVYGRxy5Y0IiuoYipzpj1AJ7E9g3ulwGkWnt2Np/7paNwAmED3g/IHIdyw3fyVbHJgPjsFsRnuLJghwKs95WP92fagJYnuoj6RTo4bo6z6z1wYvQzyzxT1mpgThm0FyqSOeyuJ+f+tctJbnc6afMteloDKJBfAPNDN7cuQ8agaj7RcqkKKndOPOqxZ/G6TyqR1MDQg5mBlbWV7ejoBAQwhno6r8fNRejVVmkEZ7F+BLGSWJ2xPGwGcEHuoDvtAjSoVlrELSRVjOKUMFwiT9g7WArldkXWYZw7nzfifvo3KhLjYmOWZKhzk4+8NnyaslI5jCTev0wBEBJ5Xwj8me8/xK3Mu/VQjzIGO5bHTcTfXOCZcdQTQI65fA8yDidW7ZP2Dn4yMk4mrIjGxu3qj9daxKhvvCAOhbxyTZfCbci1bWEU5ochTu7csBX4MlYlhYpzitsfyndyFaL9WjX8up4y90PxOO3SClt0lltfy/NXHCZZj56cmKp6FctclPoiptTIRqJdoke9keGfFxrWEUmg0Pk60kFs3A== +--- +apiVersion: v1 +kind: Secret +metadata: + name: zookeeper-generated-jks +type: kubernetes.io/tls +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRGJ6Q0NBbGNDQVFBd1NERUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhFakFRQmdOVkJBTVRDWHB2YjJ0bFpYQmxjakNDQVNJd0RRWUpLb1pJCmh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTWp2RlhTSDQ1YmRRb1NsUjNxekhkSjliWjJZZU5PZXhYYjcKSmdiOXpIKzlJT1BIaTFFOEJrbFZHRVFJOS82RUlNckVDaSsrWmRqS01Kc01jS25KazBBc2VjU3BlRVdhS0dhMQo0TEwyVTg2YzNqRHB3bG45SUxFWmd3OTNEWXBpYmNOcEFsbW5BUmVOZDdoaFczdStpKzVsS0JGT2dXbVR3WHhsCktNOUZhL1BlbGFZc1ZXTVlpa1ZGbmNRNjg3WnpWejZqenlsb2p1QjJwK3JudHZ0Vkg2RFpGQ2xUekdsY2xJSnIKRXRFNHVNMm1DbW9BSmVRUHhDVWxWZmJGbS9GYUlSbFJ5cUE4WUZQT1gxUmlYdlJ0dXBxblh0eHhaTWhIWkRyTQpmOXBpaTRKL2lmQUx0RTIvZFB2ekViclQ5UzM2dkVKekphRVFML2lhVjQ0RFR5YTlycFVDQXdFQUFhQ0I0VENCCjNnWUpLb1pJaHZjTkFRa09NWUhRTUlITk1JSEtCZ05WSFJFRWdjSXdnYitDQ1hwdmIydGxaWEJsY29JVGVtOXYKYTJWbGNHVnlMbU52Ym1ac2RXVnVkSUlYZW05dmEyVmxjR1Z5TG1OdmJtWnNkV1Z1ZEM1emRtT0NKWHB2YjJ0bApaWEJsY2k1amIyNW1iSFZsYm5RdWMzWmpMbU5zZFhOMFpYSXViRzlqWVd5Q0ZTb3VlbTl2YTJWbGNHVnlMbU52CmJtWnNkV1Z1ZElJbktpNTZiMjlyWldWd1pYSXVZMjl1Wm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnMKZ2gwcUxtTnZibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQwpBUUVBSEJqN2x0Uk9Nc1FVTWlVOUZZUFRQSTJ5NW1iQlk3WGNZNk9tVUE0ampLZ1hZVFlrSU5Cc1htcFBZTGw1CmtRTVR0VTNFSUZrdklwUEVLUE0vTFFLSjNlcHkwUTMybmh6TWFTaTdUdWg2WmpyUzRaMGxvVmpRZU9TTzJ6QVcKaGgvdU15TFBrWUlTbndZbVpqeSsrMDBYeDhRYnlNMjZtVE5FNUt4d2dNaU9HbG1ON2tvU1JGWTdob3BmcWJWeApGUVBGMUpyNm5DTFV0bTRFMVZvN0tMQVJpbGo3QXVmSGNoYVpmZ3RiS2U5Q25mQTc5cTJpYkdtbDNncDEycTZVClZkUWVLUzU1eGJvUDdBc0VycmtwR3UzQm9xMjk0RGJtTW1lV3ovYW9IdDl4N29vRFBGNW9TYlF4eVRkcUNmWXcKSnpNY3Q1Z2l0cjluRGRwNFc5WkxSbEdMWlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K + jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk + keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EqeFjgAABQEwggT9MA4GCisGAQQBKgIRAQEFAASCBOkcB/nfvwtr736A0LeqwWYJXKcMrOGsloCjEpUx2PIsz3f+CGcsbMp1mYGxsgXflHxRpfDgqhFdpwjbVIfQ0zvb4p5S/oWePL5vcynIAxAcqO6rsK08cHmN+AE2R+u5kBh0tqFW/cyl0aUA7GcNlojgoazZavgWHPhh9yqHSA/5lUOlGky6sYFhty2o7NJHDhWd++WRnEssifDmmHHEkv36EaVKpsWtgwYz5EwFWTi2CUl4K5Z0/ZmvMJqSGyMq3Dehl1y1jrwogdwEWQk7kgjcwP00NIEkAWj1OUm0P43wLahMFoxQfpLCEuZABPSePPh52AFQ9EA6x9k4+j/DZ4d9e3i6rWpFiJeCekvJt+8nvxFVa0H+d7V6cBP84NHZWfNtv5vfUdB4yIaonvkCpgvmX0QYrco1S45dc7A54HKW14FcbZmARQl+NBsyhkDR4ykqlG/fr+as2mfIGh3CQBgvNNEsRGvDEaa9yPvLTzDk7b7h6VgGYv/vLNHuwXV3KBgFvN5XMvI66iByU7f/Gep8rj1VpHr7D9uTTkusdxz8b8+DGJUQ1lq+yb1OgjKkEdpQhc/Dm4HEvXUP2A+044MH+Z6WfsYV80w5r76wG2lDsVAOXnkvyjNa0GaertgzagKMyzreT6XXtBpl7xkzsTx1Kresoz5lq0JBuEc97MRThRaQLy2sMK0/3K6K2XT6WcAPdsU7mAZb8Z4RktV0Zoj+ey1esLUTyV81uniZ8tV4pO60m9aNkm1c3FMx2xA/ruPGr9+WceQQ+bjPcmpuLM7bicrhnYTaPRmMfHsK2Bq1C9qMwvLXnQ/6jubL+CjkdR9T8WiY8SauC6FDJ2Z+a8NAZqK5E7eDFKEcKMiDt7Y7YUuF8DAkFYdvp/Pf+/k+aPI1CkZclMzIcngXwokh7aRX5PHJh+WjZa8JbG4zjupspl9m2E1WNgSGyAzeCFBtJk/S7rbK8N/vTuaaN0jXJ5kpGdTjGX6wOdGQhkfWp1FPssciLZxmvfMkU4dxanOlIDIGk7Cba+vXAIMdTbn3Ztj6BQOZI6hCi/PuRbJT6F0kc9XoWXoLvPKCg2mJVXwx1/iExMTYF0awaEQR9s30Q9f85BGy9YERk4kiKjsy4m+CcwkdjC/2aDPrB2oVdGFDvKWamPAfQuoMcfLoXdznpR2+WmLvT/zLEA37a0sfF5hX2AFDtUS/ntwCQxVpEb0nl/8nxf/g+EN28fkxEAK8tjPupU9O+9Ze4sT9Hw/2V9ddvUDLpWSqeEmvQxcB6M9wBzUlbSQ8GTftWuLS9XIRLS1mldVrNoG9BYqDeeDqeI7zomwpOSaCND4Ey12JbeFdUgWENn9lmvDJoQBkoOtMutTSrLmyDjS16j+7/ZH5dmrcijBnBAkT4nDa53fmuq8NGWVkxv5XjrF37Wj59wwPNJ1GaYOSRGRKoNRb8rEciPuFh8voGBgewZmcwuAC3XQpgq+bdXbLUghdFRA0ON1/Al1Nd0ZRTdxiqaJ8wsPnFu6y+ygcC8OIzuSj3ezmjq+ds+ci+fQOIj04jVBIMgAii2fAohm+RlGjA8xnytmkq7l+V+hYMlB42gj+f8WbefK019SYEjAOgWn9Z/pHbzgzIGAd9JYFLpyrTW3cwjHEDzDtB3EHJCEpDJdKDAE5IF8QhrklgKfyP+MxngwAAAABAARYNTA5AAAFLDCCBSgwggMQoAMCAQICEGdpJ7rgx1Lwc4iZOyigcn4wDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDI3MDkyNzE5WhcNMjIwNDIyMDkyNzE5WjBIMQswCQYDVQQGEwJDSDEOMAwGA1UEChMFRHVmcnkxFTATBgNVBAsTDEluc2lnaHRzIFBPQzESMBAGA1UEAxMJem9va2VlcGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyO8VdIfjlt1ChKVHerMd0n1tnZh4057FdvsmBv3Mf70g48eLUTwGSVUYRAj3/oQgysQKL75l2MowmwxwqcmTQCx5xKl4RZooZrXgsvZTzpzeMOnCWf0gsRmDD3cNimJtw2kCWacBF413uGFbe76L7mUoEU6BaZPBfGUoz0Vr896VpixVYxiKRUWdxDrztnNXPqPPKWiO4Han6ue2+1UfoNkUKVPMaVyUgmsS0Ti4zaYKagAl5A/EJSVV9sWb8VohGVHKoDxgU85fVGJe9G26mqde3HFkyEdkOsx/2mKLgn+J8Au0Tb90+/MRutP1Lfq8QnMloRAv+JpXjgNPJr2ulQIDAQABo4IBDjCCAQowDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMIHKBgNVHREEgcIwgb+CCXpvb2tlZXBlcoITem9va2VlcGVyLmNvbmZsdWVudIIXem9va2VlcGVyLmNvbmZsdWVudC5zdmOCJXpvb2tlZXBlci5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCFSouem9va2VlcGVyLmNvbmZsdWVudIInKi56b29rZWVwZXIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2Fsgh0qLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAc/mIXN8mtOfOY+/yEVKUEi01ZC0qyEg0frpdHQJjeaenynKyvVEbQUHQ4UT6Of4IS4Q1FunsLCvqWMLe0hkFmuj59sK+CtwKfq5cc2jTlq1BACyTJB/peTsJHUL/CQKenMlRJMJS64tRDzYIdndQSG4M0LRrfnuiw6nkPIBNhb0Ud4hv3Fu4W2TKADGGGdfxd5gGCwB6o4hMp0/0Xaj9Mks5fqQq1Gc8AeLDTnw8GgZmUzBuH071rJxM5nENAlzP2mb/FqbbwmYkZArAslTFh+ngfYa/p7YzYxsKrS6Al22IncYwk26bs8f0fMnrlClj/4BJw6PishPY2p7HuChtLEkeUG+8ITBYLUeEvHlqZ3D7cYYbtbwYkqTNRx16sNe3cYGBSpDtbT/+89CUPGdWEKckaKCKXx+LYSy8nJrmJ4yEnuixRZgdqv8fptFabZqCKjQDGJF1gr/xgobyg12k75rE6oSIrZpfG/fAagRXADRQwWU/krtKMvh6kJh3HK8JxsuYBshsK43fdBgm3Y+aCteS80SdiZGkYelM3LLMxba7tA2JlPiMTMRK2eFgzjhy9Zu4sStFLentbNAUUJtT+xRP+Y1g0e1qgu9zprH91hdX6b2StyV3MIilbmrZ23XNYFEZH3cHiqMXuCyFICh7IllqYLxVd/r5FlURFHSuqYEAAAACAAJjYQAAAXkSp4WPAARYNTA5AAAFDDCCBQgwggLwAgkAwCk1qRAIiMUwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDE5MjExNTUyWhcNMjQwMjA3MjExNTUyWjBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALrJQmV40plWUHCZwtWRl0mRqY8RifLa6YrhemNh4GlpLT7D97hNxlc477QCZ8+9HKW+KTmRCt7t1vjbkC8Pl5Q4uVx8g7knCyMhr9SdWJnkkVQEOIwl4QYqjUKsvtWGgCaZdiJ7CtRcJVoguGaB8H8gbFeuTx/L4gNh3KzwWoS0rHAYGCeJDKQRY13OnhMmVhTunmDf9xm/Cpk91YYAXQ8X65V66ScA4wLlllmmdYMbDW3uHdgTF0XIwBsE8zm7QahAq6myjbcylSzZAqOVTtknSFpovcfaA/nqabjzrzKK5zXd9m/ClsTy7nD9WXIYa3MBjlkmBJITayw4aV/rSlBTOHehBnRL+MgOICMeCTeDLwWuqJzOR1Jlxpr69DpAZ27Iv2ZO+3P45g5C+d5/4xtVeQUd5C57dOIeMYcoiuiEzZjUeRzUnZc4Sk/6nZ3qiGKAFSELxwv8FANwfgd7rq4ba/WunC2L8mvVgQDSYEAy3Elw2uswZb2j8+17UTmjCpGOFOhQp9K+2tdq9eeAmFsI8ZGDeK+3m8cPcIFWtBpERbDBlRGf7wogeKtyx77QLuJkWAW9bKzGdeX1E59A0J+US+uRcE6bdQUX4lB4V7jVkQ83asqEXIoT9uWE1j3MluAGRhbLUwmR6Cv7EkuvvxO81Zb7d2Sq6cl4TTSN0Bt7AgMBAAEwDQYJKoZIhvcNAQELBQADggIBAHjqFcAFwJKPlw3UXj6LrzXR0RhTRKuux/9BfcggprOXe4jFtV+XWt+7pGHt0wljGBT+idhxgXWy/CGaZ66OLNiDx9hM9FYGmPeTeogZGRHQpT7IRinK5RJIHggOYAPiCtvKZfTlybX9lOAxi9CwBg7p/O/sDy7g0VZKeEnRM1WBkccuWNCIrqGIqc6Y9QCexPYN7pcBpFp7djaf+6WjcAJhA94PyByHcsN38lWxyYD47BbEZ7iyYIcCrPeVj/dn2oCWJ7qI+kU6OG6Os+s9cGL0M8s8U9ZqYE4ZtBcqkjnsrifn/rXLSW53OmnzLXpaAyiQXwDzQze3LkPGoGo+0XKpCip3TjzqsWfxuk8qkdTA0IOZgZW1le3o6AQEMIZ6Oq/HzUXo1VZpBGexfgSxklidsTxsBnBB7qA77QI0qFZaxC0kVYzilDBcIk/YO1gK5XZF1mGcO5834n76NyoS42JjlmSoc5OPvDZ8mrJSOYwk3r9MARASeV8I/JnvP8StzLv1UI8yBjuWx03E31zgmXHUE0COuXwPMg4nVu2T9g5+MjJOJqyIxsbt6o/XWsSob7wgDoW8ck2Xwm3ItW1hFOaHIU7u3LAV+DJWJYWKc4rbH8p3chWi/Vo1/LqeMvdD8Tjt0gpbdJZbX8vzVxwmWY+enJiqehXLXJT6IqbUyEaieC/K8+LUymGYeLMd7VgAaaZu7jQ= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZLRENDQXhDZ0F3SUJBZ0lRWjJrbnV1REhVdkJ6aUprN0tLQnlmakFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjd09USTNNVGxhRncweU1qQTBNakl3Ck9USTNNVGxhTUVneEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1SSXdFQVlEVlFRREV3bDZiMjlyWldWd1pYSXdnZ0VpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREk3eFYwaCtPVzNVS0VwVWQ2c3gzU2ZXMmRtSGpUbnNWMit5WUcvY3gvCnZTRGp4NHRSUEFaSlZSaEVDUGYraENES3hBb3Z2bVhZeWpDYkRIQ3B5Wk5BTEhuRXFYaEZtaWhtdGVDeTlsUE8Kbk40dzZjSlovU0N4R1lNUGR3MktZbTNEYVFKWnB3RVhqWGU0WVZ0N3ZvdnVaU2dSVG9GcGs4RjhaU2pQUld2egozcFdtTEZWakdJcEZSWjNFT3ZPMmMxYytvODhwYUk3Z2RxZnE1N2I3VlIrZzJSUXBVOHhwWEpTQ2F4TFJPTGpOCnBncHFBQ1hrRDhRbEpWWDJ4WnZ4V2lFWlVjcWdQR0JUemw5VVlsNzBiYnFhcDE3Y2NXVElSMlE2ekgvYVlvdUMKZjRud0M3Uk52M1Q3OHhHNjAvVXQrcnhDY3lXaEVDLzRtbGVPQTA4bXZhNlZBZ01CQUFHamdnRU9NSUlCQ2pBTwpCZ05WSFE4QkFmOEVCQU1DQXFRd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHCkExVWRFd0VCL3dRQ01BQXdnY29HQTFVZEVRU0J3akNCdjRJSmVtOXZhMlZsY0dWeWdoTjZiMjlyWldWd1pYSXUKWTI5dVpteDFaVzUwZ2hkNmIyOXJaV1Z3WlhJdVkyOXVabXgxWlc1MExuTjJZNElsZW05dmEyVmxjR1Z5TG1OdgpibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSVZLaTU2YjI5clpXVndaWEl1WTI5dVpteDFaVzUwCmdpY3FMbnB2YjJ0bFpYQmxjaTVqYjI1bWJIVmxiblF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDSFNvdVkyOXUKWm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUJ6K1loYwozeWEwNTg1ajcvSVJVcFFTTFRWa0xTcklTRFIrdWwwZEFtTjVwNmZLY3JLOVVSdEJRZERoUlBvNS9naExoRFVXCjZld3NLK3BZd3Q3U0dRV2E2UG4yd3I0SzNBcCtybHh6YU5PV3JVRUFMSk1rSCtsNU93a2RRdjhKQXA2Y3lWRWsKd2xMcmkxRVBOZ2gyZDFCSWJnelF0R3QrZTZMRHFlUThnRTJGdlJSM2lHL2NXN2hiWk1vQU1ZWVoxL0YzbUFZTApBSHFqaUV5blQvUmRxUDB5U3psK3BDclVaendCNHNOT2ZEd2FCbVpUTUc0ZlR2V3NuRXptY1EwQ1hNL2FadjhXCnB0dkNaaVJrQ3NDeVZNV0g2ZUI5aHIrbnRqTmpHd3F0TG9DWGJZaWR4akNUYnB1engvUjh5ZXVVS1dQL2dFbkQKbytLeUU5amFuc2U0S0cwc1NSNVFiN3doTUZndFI0UzhlV3BuY1B0eGhodTF2QmlTcE0xSEhYcXcxN2R4Z1lGSwprTzF0UC83ejBKUThaMVlRcHlSb29JcGZINHRoTEx5Y211WW5qSVNlNkxGRm1CMnEveCttMFZwdG1vSXFOQU1ZCmtYV0N2L0dDaHZLRFhhVHZtc1RxaElpdG1sOGI5OEJxQkZjQU5GREJaVCtTdTBveStIcVFtSGNjcnduR3k1Z0cKeUd3cmpkOTBHQ2JkajVvSzE1THpSSjJKa2FSaDZVemNzc3pGdHJ1MERZbVUrSXhNeEVyWjRXRE9PSEwxbTdpeApLMFV0NmUxczBCUlFtMVA3RkUvNWpXRFI3V3FDNzNPbXNmM1dGMWZwdlpLM0pYY3dpS1Z1YXRuYmRjMWdVUmtmCmR3ZUtveGU0TElVZ0tIc2lXV3BndkZWMyt2a1dWUkVVZEs2cGdRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRREk3eFYwaCtPVzNVS0UKcFVkNnN4M1NmVzJkbUhqVG5zVjIreVlHL2N4L3ZTRGp4NHRSUEFaSlZSaEVDUGYraENES3hBb3Z2bVhZeWpDYgpESENweVpOQUxIbkVxWGhGbWlobXRlQ3k5bFBPbk40dzZjSlovU0N4R1lNUGR3MktZbTNEYVFKWnB3RVhqWGU0CllWdDd2b3Z1WlNnUlRvRnBrOEY4WlNqUFJXdnozcFdtTEZWakdJcEZSWjNFT3ZPMmMxYytvODhwYUk3Z2RxZnEKNTdiN1ZSK2cyUlFwVTh4cFhKU0NheExST0xqTnBncHFBQ1hrRDhRbEpWWDJ4WnZ4V2lFWlVjcWdQR0JUemw5VQpZbDcwYmJxYXAxN2NjV1RJUjJRNnpIL2FZb3VDZjRud0M3Uk52M1Q3OHhHNjAvVXQrcnhDY3lXaEVDLzRtbGVPCkEwOG12YTZWQWdNQkFBRUNnZ0VBYWh3ZjkyNy9tQjcyVHJnOW5DVlUzV0NSYjRVaVlaYlo3ckJJYjY2OXZNTnkKeC9jTHNuV0JXRjZRdHZVSmlhWGE3MWxCaTk3L1I5SFdnenE1a0dBNzI4cmc3eU1UdWFYa0tnRm9UUG5hWGlUbgpEV3VVMEJMbG5jQzhQb0YvYkJINHB4WWdRSm41OEtjcmp2b1M1ckZFa2p0blFtUno0UDQvVW1MVmYwZkk3M292ClkrUll3UCtXVjhXcHBlbjdETk00VE41T2dsVTZQUVNpcDhhRXdHWUxjZS9BTVV4TnhrWjZsVmtFZ2NLaStWdXYKTTI4YUZiV1A0bk5zWjEwQnIvZTVYSHluakV6MkxtZ1J3RGdYMTloUy9VYWc3KzFqTGwrNjMzZGhNTkR1U0lQZApOdm9rNlVSWGZPbVh2dnpBd1dvWnU1b3krSUtGL3pJSVNQNVdCT0xGb1FLQmdRRGNFT3JMUWw5UUIyZkxJYldCCjRhUU90Y0w3U3hRRGpPRGxPeHFCbjJIUzlFbFV2T1NjNklPVmp3WUlscmRBemh2VFM3d2FERExpbFQ5QzhKSngKRUdxV3IxNCt2bkZSbGdZYkgrU09kOGxOczFETklTMHFyZ1FPNlo2NjcvUW5JMjUwLzhsWitNVGFNMEk5YThhaQp5T2JtSjBRZzQwUDVpT3RCYjlVaFlRMVUyUUtCZ1FEcHZtb1hrNXBDOEJLelJJUTlQWm1RNUFUQ1VYai8yeE5ICi81VmZZYmJQQSt6U2ZoS0NUcnRNWGtMTStlMzMvcHBmbWNiL1c4M2wzOW1Kb01Vd2tTdnk2bjZ5YjJHYWdOL0wKZkRTc1ZxNFlLdUhiN1FmVWp6ZGtqNHBVVTJabkZTMkVmaDFhc3VHR0F2TEN0dklMUGh5UVNmS1BLMlRyRmY3OQo1STNFNDhCaUhRS0JnUUNmS2YwbmxaR3FLREVCMGhlZElMMnZoZmJJR2IwWDlFU1VodkxjM1pHN0tjUC83YjdMClhjQU40NnZSZW5DQUJwSkplSFZMd1pic0dsWHU3R0IrTmdsaGd1VC9MRzU1TzdDZTNhcEpBSW93RUlsWVU2NS8KTit6bmZFQzVvK05LaTIzUVlWQVlLcnoxdEMwc2owN1RYY3JpbTNQQzlaeXNWa01ReVBtMWNxUlp3UUtCZ0VWUgpGWTgyVTNua1RmZGhxMEdxQWQ5bzcweGM4dUFWTEt1ZVRNTERiSDRKc1BKZk5zZno1ekZuaHJIWXNFeHA4WWZHClI3QTBubU84Tlh2TjlJeEprTm54MW02OS94amRmUUNRTGVLcHRla3UxbG5zK2ZSOElEWXZKeHVJdkFaM3prN0wKUTVOQkZ3WXgyNklJdE5ER3M1dktnaWNZL0UyRzhWNkRwOU1xbzBPMUFvR0FKUEU1M0t0NnFDazhJT1BhYkN2ZwpHVHJXbGMvOVN4b3prb1NyMzZIc3JaZHcva2wvRHhMc0tnL0JsK0swb3NVMy9oZTl0N2tRUWFxTVNqWUp5WG1oCndvOUFjMnpWcHR4SzZtWStaNklmQ3ord21kVW1VVSt3cnNIbFoyWlNxaVdUMHZ4Ujl0a1d0eHVUWTZTZHk3NGsKMlJ5UmdNVHo0UC9FV2pzRkVubnJDMDg9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EqeFjwAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGonq6PS2Q0EZUlgvokUMUzxA3ONO3 +--- \ No newline at end of file diff --git a/kustomize/base/confluent-suite/zookeeper/kustomization.yaml b/kustomize/base/confluent-suite/zookeeper/kustomization.yaml new file mode 100644 index 0000000..672d237 --- /dev/null +++ b/kustomize/base/confluent-suite/zookeeper/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - certificates.yaml + - zookeeper.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-suite/zookeeper/zookeeper.yaml b/kustomize/base/confluent-suite/zookeeper/zookeeper.yaml new file mode 100644 index 0000000..fbe052f --- /dev/null +++ b/kustomize/base/confluent-suite/zookeeper/zookeeper.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Zookeeper +metadata: + name: zookeeper +spec: + replicas: 3 + image: + application: confluentinc/cp-zookeeper-operator:6.1.1.0 + init: confluentinc/cp-init-container-operator:6.1.1.0 + dataVolumeCapacity: 10Gi + logVolumeCapacity: 10Gi + authentication: + type: digest + jaasConfig: + secretRef: credential + tls: + autoGeneratedCerts: true \ No newline at end of file From e92d5036897c57ef1a71c64496d4c9e226ead59c Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Wed, 19 May 2021 14:51:06 +0100 Subject: [PATCH 46/46] move to GA confluent operator --- MANUAL_PROCESS.md | 11 +++++--- .../confluent-operator-credentials.yaml | 4 +-- .../confluent-operator-helm-release-dev.yaml | 2 +- ...uent-operator-helm-release-production.yaml | 2 +- ...nfluent-operator-helm-release-staging.yaml | 2 +- kustomize/infrastructure/kustomization.yaml | 2 +- kustomize/infrastructure/namespace.yaml | 4 --- kustomize/infrastructure/namespaces.yaml | 19 ++++++++++++++ resources/application-secrets/README.md | 2 ++ resources/confluent-helm/sensitive_secrets.sh | 25 ------------------- resources/git/git_repo.sh | 5 ++-- 11 files changed, 35 insertions(+), 43 deletions(-) delete mode 100644 kustomize/infrastructure/namespace.yaml create mode 100644 kustomize/infrastructure/namespaces.yaml create mode 100644 resources/application-secrets/README.md delete mode 100755 resources/confluent-helm/sensitive_secrets.sh diff --git a/MANUAL_PROCESS.md b/MANUAL_PROCESS.md index b1ef625..ba07cab 100644 --- a/MANUAL_PROCESS.md +++ b/MANUAL_PROCESS.md @@ -8,10 +8,13 @@ * Add identity.pub to 'deploy keys' in github * run git_repo.sh -## Deploy confluent-helm chart secrets -* Navigate to ./resources/confluent-helm -* Set ENV Vars -* run `senstive_secrets.sh` +[comment]: <> (## Deploy confluent-helm chart secrets) + +[comment]: <> (* Navigate to ./resources/confluent-helm) + +[comment]: <> (* Set ENV Vars) + +[comment]: <> (* run `senstive_secrets.sh`) ## Deploy Flux Sync * Navigate to ./flux-system diff --git a/kustomize/infrastructure/confluent-operator-credentials.yaml b/kustomize/infrastructure/confluent-operator-credentials.yaml index 2ffeb32..c366c6e 100644 --- a/kustomize/infrastructure/confluent-operator-credentials.yaml +++ b/kustomize/infrastructure/confluent-operator-credentials.yaml @@ -4,7 +4,5 @@ metadata: name: confluent-private namespace: flux-system spec: - url: https://confluent.jfrog.io/confluent/helm-early-access-operator-2 - secretRef: - name: https-credentials + url: https://packages.confluent.io/helm interval: 1m diff --git a/kustomize/infrastructure/confluent-operator-helm-release-dev.yaml b/kustomize/infrastructure/confluent-operator-helm-release-dev.yaml index 76b31ec..de8b74f 100644 --- a/kustomize/infrastructure/confluent-operator-helm-release-dev.yaml +++ b/kustomize/infrastructure/confluent-operator-helm-release-dev.yaml @@ -14,4 +14,4 @@ spec: namespace: flux-system values: image: - registry: confluent-docker-internal-early-access-operator-2.jfrog.io \ No newline at end of file + registry: docker.io \ No newline at end of file diff --git a/kustomize/infrastructure/confluent-operator-helm-release-production.yaml b/kustomize/infrastructure/confluent-operator-helm-release-production.yaml index 6528066..d8336cb 100644 --- a/kustomize/infrastructure/confluent-operator-helm-release-production.yaml +++ b/kustomize/infrastructure/confluent-operator-helm-release-production.yaml @@ -14,4 +14,4 @@ spec: namespace: flux-system values: image: - registry: confluent-docker-internal-early-access-operator-2.jfrog.io \ No newline at end of file + registry: docker.io \ No newline at end of file diff --git a/kustomize/infrastructure/confluent-operator-helm-release-staging.yaml b/kustomize/infrastructure/confluent-operator-helm-release-staging.yaml index a26230c..9f3302c 100644 --- a/kustomize/infrastructure/confluent-operator-helm-release-staging.yaml +++ b/kustomize/infrastructure/confluent-operator-helm-release-staging.yaml @@ -14,4 +14,4 @@ spec: namespace: flux-system values: image: - registry: confluent-docker-internal-early-access-operator-2.jfrog.io \ No newline at end of file + registry: docker.io \ No newline at end of file diff --git a/kustomize/infrastructure/kustomization.yaml b/kustomize/infrastructure/kustomization.yaml index 0aa4abd..4f8b62d 100644 --- a/kustomize/infrastructure/kustomization.yaml +++ b/kustomize/infrastructure/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - namespace.yaml + - namespaces.yaml - proxy.yaml - ldap.yaml - confluent-operator-credentials.yaml diff --git a/kustomize/infrastructure/namespace.yaml b/kustomize/infrastructure/namespace.yaml deleted file mode 100644 index 11152f6..0000000 --- a/kustomize/infrastructure/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: tools \ No newline at end of file diff --git a/kustomize/infrastructure/namespaces.yaml b/kustomize/infrastructure/namespaces.yaml new file mode 100644 index 0000000..acdfcd1 --- /dev/null +++ b/kustomize/infrastructure/namespaces.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: tools +--- +apiVersion: v1 +kind: Namespace +metadata: + name: dev +--- +apiVersion: v1 +kind: Namespace +metadata: + name: staging +--- +apiVersion: v1 +kind: Namespace +metadata: + name: production \ No newline at end of file diff --git a/resources/application-secrets/README.md b/resources/application-secrets/README.md new file mode 100644 index 0000000..a5a8d30 --- /dev/null +++ b/resources/application-secrets/README.md @@ -0,0 +1,2 @@ +### Application Secrets +The script populate_secrets.sh \ No newline at end of file diff --git a/resources/confluent-helm/sensitive_secrets.sh b/resources/confluent-helm/sensitive_secrets.sh deleted file mode 100755 index 5cb6c64..0000000 --- a/resources/confluent-helm/sensitive_secrets.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -kubectl create namespace dev --dry-run=client --output=yaml > ./sensitive-ns-dev.yaml -kubectl create namespace staging --dry-run=client --output=yaml > ./sensitive-ns-staging.yaml -kubectl create namespace production --dry-run=client --output=yaml > ./sensitive-ns-production.yaml -kubectl create namespace flux-system --dry-run=client --output=yaml > ./sensitive-ns-flux-system.yaml -kubectl create secret docker-registry confluent-registry -n dev \ - --docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ - --docker-username=$USER \ - --docker-password=$APIKEY \ - --docker-email=$EMAIL --dry-run=client --output=yaml > ./sensitive-docker-registry-dev.yaml && \ -kubectl create secret docker-registry confluent-registry -n staging \ - --docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ - --docker-username=$USER \ - --docker-password=$APIKEY \ - --docker-email=$EMAIL --dry-run=client --output=yaml > ./sensitive-docker-registry-staging.yaml && \ -kubectl create secret docker-registry confluent-registry -n production \ - --docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ - --docker-username=$USER \ - --docker-password=$APIKEY \ - --docker-email=$EMAIL --dry-run=client --output=yaml > ./sensitive-docker-registry-production.yaml && \ -kubectl create secret -n flux-system generic https-credentials \ ---from-literal=username=$USER \ ---from-literal=password=$APIKEY \ ---dry-run=client --output=yaml > ./sensitive-https-credential.yaml -kubectl apply -f . \ No newline at end of file diff --git a/resources/git/git_repo.sh b/resources/git/git_repo.sh index 00b5a5b..fa0c801 100755 --- a/resources/git/git_repo.sh +++ b/resources/git/git_repo.sh @@ -1,7 +1,6 @@ #!/bin/bash +kubectl create ns flux-system && kubectl create secret -n flux-system generic flux-system \ --from-file=identity=./identity \ --from-file=identity.pub=./identity.pub \ ---from-file=known_hosts=./known_hosts \ ---dry-run=client --output=yaml > ./sensitive-git-flux-secrets.yaml -kubectl apply -f sensitive-git-flux-secrets.yaml \ No newline at end of file +--from-file=known_hosts=./known_hosts \ No newline at end of file