From fdfcf0ffbd2f85a5c2dc58c0be4323b59d81680e Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Mon, 24 May 2021 13:38:47 +0100 Subject: [PATCH] removing helm dependency from deployment --- kustom.yaml | 32 - kustomization.yaml | 4 - kustomize/base/confluent/control-centre.yaml | 26 + kustomize/base/confluent/kafka.yaml | 43 +- kustomize/base/kustomization.yaml | 1 + .../base/operator/crds/kustomization.yaml | 13 + ...rm.confluent.io_confluentrolebindings.yaml | 249 + .../crds/platform.confluent.io_connects.yaml | 3103 ++++++++++ .../platform.confluent.io_controlcenters.yaml | 3032 ++++++++++ ...latform.confluent.io_kafkarestclasses.yaml | 361 ++ .../crds/platform.confluent.io_kafkas.yaml | 4981 +++++++++++++++++ .../platform.confluent.io_kafkatopics.yaml | 287 + .../crds/platform.confluent.io_ksqldbs.yaml | 2719 +++++++++ .../platform.confluent.io_migrationjobs.yaml | 669 +++ ...latform.confluent.io_schemaregistries.yaml | 2333 ++++++++ .../platform.confluent.io_zookeepers.yaml | 1551 +++++ kustomize/base/operator/kustomization.yaml | 5 + .../base/operator/resources/clusterrole.yaml | 116 + .../resources/clusterrolebinding.yaml | 19 + .../base/operator/resources/deployment.yaml | 95 + .../operator/resources/kustomization.yaml | 8 + .../base/operator/resources/service.yaml | 22 + .../operator/resources/serviceaccount.yaml | 14 + kustomize/base/secrets/c3-mds-client.yaml | 1 + kustomize/base/secrets/confluent-license.yaml | 7 + .../base/secrets/connect-mds-client.yaml | 1 - kustomize/base/secrets/kustomization.yaml | 1 + .../production/control-centre.yaml | 10 +- .../production/schema-registry.yaml | 4 + ...luent-operator-helm-release-confluent.yaml | 19 + ...uent-operator-helm-release-production.yaml | 6 +- kustomize/infrastructure/kustomization.yaml | 7 +- .../licensing/license-key.txt | 1 + .../licensing/license-pem.txt | 9 + .../application-secrets/populate_secrets.sh | 9 +- 35 files changed, 19692 insertions(+), 66 deletions(-) delete mode 100644 kustom.yaml delete mode 100644 kustomization.yaml create mode 100644 kustomize/base/operator/crds/kustomization.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_connects.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_controlcenters.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_kafkarestclasses.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_kafkas.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_kafkatopics.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_ksqldbs.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_migrationjobs.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_schemaregistries.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_zookeepers.yaml create mode 100644 kustomize/base/operator/kustomization.yaml create mode 100644 kustomize/base/operator/resources/clusterrole.yaml create mode 100644 kustomize/base/operator/resources/clusterrolebinding.yaml create mode 100644 kustomize/base/operator/resources/deployment.yaml create mode 100644 kustomize/base/operator/resources/kustomization.yaml create mode 100644 kustomize/base/operator/resources/service.yaml create mode 100644 kustomize/base/operator/resources/serviceaccount.yaml create mode 100644 kustomize/base/secrets/confluent-license.yaml create mode 100644 kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml create mode 100644 resources/application-secrets/licensing/license-key.txt create mode 100644 resources/application-secrets/licensing/license-pem.txt diff --git a/kustom.yaml b/kustom.yaml deleted file mode 100644 index 283e1ef..0000000 --- a/kustom.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -kind: Kustomization -metadata: - name: shared - namespace: flux-system -spec: - interval: 5m - path: "./shared" - prune: true - sourceRef: - kind: GitRepository - name: flux-system - healthChecks: - - apiVersion: apps/v1 - kind: Deployment - name: cert-manager - namespace: cert-manager ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -kind: Kustomization -metadata: - name: certs - namespace: flux-system -spec: - dependsOn: - - name: shared - interval: 5m - path: "./environments" - prune: true - sourceRef: - kind: GitRepository - name: flux-system \ No newline at end of file diff --git a/kustomization.yaml b/kustomization.yaml deleted file mode 100644 index 609d5bb..0000000 --- a/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -resources: -- shared -#- environments - diff --git a/kustomize/base/confluent/control-centre.yaml b/kustomize/base/confluent/control-centre.yaml index d708c6a..1f21341 100644 --- a/kustomize/base/confluent/control-centre.yaml +++ b/kustomize/base/confluent/control-centre.yaml @@ -41,3 +41,29 @@ spec: secretRef: c3-mds-client tls: enabled: true + connect: + - name: connect + url: https://connect.confluent.svc.cluster.local:8083 + authentication: + type: basic + basic: + secretRef: c3-mds-client + tls: + enabled: true + ksqldb: + - name: ksqldb + url: https://ksqldb.confluent.svc.cluster.local:8088 + authentication: + type: basic + basic: + secretRef: c3-mds-client + tls: + enabled: true + schemaRegistry: + url: https://schemaregistry.confluent.svc.cluster.local:8081 + authentication: + type: basic + basic: + secretRef: c3-mds-client + tls: + enabled: true diff --git a/kustomize/base/confluent/kafka.yaml b/kustomize/base/confluent/kafka.yaml index acc4591..c929437 100644 --- a/kustomize/base/confluent/kafka.yaml +++ b/kustomize/base/confluent/kafka.yaml @@ -59,30 +59,27 @@ spec: configOverrides: server: # the LDAP lookup is set by default to ONE_LEVEL - - ldap.user.search.scope=2 - - ldap.search.mode=GROUPS - +# - ldap.user.search.scope=2 +# - ldap.search.mode=GROUPS + - confluent.schema.registry.url=registry.production.svc.cluster.local:8081 # Overwrite the default settings on the INTERNAL listener - - listener.name.internal.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER - - listener.name.internal.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; - - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.internal.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; - - listener.name.internal.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler - - listener.name.internal.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler - - # Overwrite the default settings on the EXTERNAL listener - - listener.name.external.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER - - listener.name.external.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; - - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.external.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; - - listener.name.external.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler - - listener.name.external.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler - - # Overwrite the default settings on the REPLICATION listener - - listener.name.replication.sasl.enabled.mechanisms=PLAIN - - listener.name.replication.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="${file:/mnt/secrets/credential/plain.txt:username}" password="${file:/mnt/secrets/credential/plain.txt:password}"; - - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - +# - listener.name.internal.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER +# - listener.name.internal.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; +# - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler +# - listener.name.internal.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; +# - listener.name.internal.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler +# - listener.name.internal.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler +# # Overwrite the default settings on the EXTERNAL listener +# - listener.name.external.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER +# - listener.name.external.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; +# - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler +# - listener.name.external.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; +# - listener.name.external.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler +# - listener.name.external.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler +# # Overwrite the default settings on the REPLICATION listener +# - listener.name.replication.sasl.enabled.mechanisms=PLAIN +# - listener.name.replication.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="${file:/mnt/secrets/credential/plain.txt:username}" password="${file:/mnt/secrets/credential/plain.txt:password}"; +# - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler # log4j: # - log4j.logger.io.confluent.security.auth.provider.ldap.LdapGroupManager=DEBUG dependencies: diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index 731dc8c..7a392bb 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - secrets + - operator - confluent - rolebindings - topics diff --git a/kustomize/base/operator/crds/kustomization.yaml b/kustomize/base/operator/crds/kustomization.yaml new file mode 100644 index 0000000..2ad3673 --- /dev/null +++ b/kustomize/base/operator/crds/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - platform.confluent.io_confluentrolebindings.yaml + - platform.confluent.io_connects.yaml + - platform.confluent.io_controlcenters.yaml + - platform.confluent.io_kafkarestclasses.yaml + - platform.confluent.io_kafkas.yaml + - platform.confluent.io_kafkatopics.yaml + - platform.confluent.io_ksqldbs.yaml + - platform.confluent.io_migrationjobs.yaml + - platform.confluent.io_schemaregistries.yaml + - platform.confluent.io_zookeepers.yaml diff --git a/kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml b/kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml new file mode 100644 index 0000000..6ccc8de --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml @@ -0,0 +1,249 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: confluentrolebindings.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .status.kafkaClusterId + name: KafkaClusterId + type: string + - JSONPath: .status.principal + name: Principal + type: string + - JSONPath: .status.role + name: Role + type: string + - JSONPath: .status.kafkaRestClass + name: KafkaRestClass + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.clusterRegistryName + name: ClusterRegistryName + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ConfluentRolebinding + listKind: ConfluentRolebindingList + plural: confluentrolebindings + shortNames: + - cfrb + - confluentrolebinding + singular: confluentrolebinding + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ConfluentRolebinding is the Schema for the confluentrolebinding + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfluentRolebindingSpec defines the desired state of rolebinding + for cp component when rbac is enabled + properties: + clustersScopeByIds: + description: ClusterScope defines the scope of clustersId + properties: + connectClusterId: + minLength: 1 + type: string + kafkaClusterId: + minLength: 1 + type: string + ksqlClusterId: + minLength: 1 + type: string + schemaRegistryClusterId: + minLength: 1 + type: string + type: object + clustersScopeByRegistryName: + description: ClusterRegistryName defines the unique cluster name customer + registered in cluster registry + minLength: 1 + type: string + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + principal: + description: Principal defines the confluent rolebinding principal name + and the binding details. + properties: + name: + description: Name defines the name of the principal(user/group) + minLength: 1 + type: string + type: + enum: + - user + - group + type: string + required: + - name + - type + type: object + resourcePatterns: + description: ResourcePatterns define the qualified resources associated + with this rolebinding + items: + description: ResourcePattern define the qualified resource info associated + with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + description: Role defines the name of the Role + minLength: 1 + type: string + required: + - principal + - role + type: object + status: + description: ConfluentRolebindingStatus defines the observed state of ConfluentRolebinding + properties: + clusterRegistryName: + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaClusterId: + type: string + kafkaRestClass: + type: string + mdsEndpoint: + type: string + principal: + type: string + resourcePatterns: + items: + description: ResourcePattern define the qualified resource info associated + with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + type: string + state: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_connects.yaml b/kustomize/base/operator/crds/platform.confluent.io_connects.yaml new file mode 100644 index 0000000..b94a2ea --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_connects.yaml @@ -0,0 +1,3103 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: connects.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Connect + listKind: ConnectList + plural: connects + shortNames: + - connect + singular: connect + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Connect is the Schema for the Connects API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConnectSpec defines the desired state of Connect + properties: + authentication: + description: Rest server security fields + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + connectorOverridePolicy: + description: ConnectorOverridePolicy allows policy to permit per-connector + override configuration for producer/consumer/admin prefix. More information + can be found here, https://docs.confluent.io/platform/current/connect/security.html#separate-principals + enum: + - All + - Principal + type: string + dependencies: + description: ConnectDependencies holds dependencies a connect requires + or can enable + properties: + admin: + description: configure admin client If bootstrapEndpoint is not + configured, the security is configured based on the kafka dependencies + configuration. Configure if different bootstrapEndpoint is required + for admin client + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + consumer: + description: Consumer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for sink connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if different + bootstrapEndpoint is required for consumer + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + interceptor: + description: configure confluent monitoring interceptor + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: Connect dependency for connecting to kafka. Uses discovery + if that specified + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: Mds configurations for when RBAC is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + producer: + description: Producer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for source connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if different + bootstrapEndpoint/security is required for producer + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + schemaRegistry: + description: configure connect dependency for schemaregistry + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + enableSchemas: + description: EnableSchemas defines whether to enable scheme or not + type: boolean + externalAccess: + description: CPExternalAccess holds all external access policies for + non-kafka components + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: ' InternalTopicReplicationFactor defines internal topic + replication factor If not configured, it will be configured as 3' + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + keyConverterType: + description: KeyConverter defines the supported converters package for + CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage class used for creating pvc's of created connect + pods + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS allows configuring CP Component's server configuration + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + valueConverterType: + description: ValueConverter defines the supported converters package + for CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + required: + - image + - replicas + type: object + status: + description: ConnectStatus defines the observed state of Connect + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_controlcenters.yaml b/kustomize/base/operator/crds/platform.confluent.io_controlcenters.yaml new file mode 100644 index 0000000..b2c2a1d --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_controlcenters.yaml @@ -0,0 +1,3032 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: controlcenters.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ControlCenter + listKind: ControlCenterList + plural: controlcenters + shortNames: + - controlcenter + - c3 + singular: controlcenter + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: ControlCenter is the Schema for the controlcenter API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControlCenterSpec defines the desired state of ControlCenter + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + ldap: + description: C3LdapAuthentication defines ldap authentication + properties: + property: + additionalProperties: + type: string + description: Property defines all the properties for LDAP configuration + Make sure to use secret object to pass username/password + type: object + restrictedRoles: + description: RestrictedRoles defines restricted access roles + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. + items: + type: string + minItems: 1 + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - ldap + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data size for PV + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + connect: + description: Connect defines connect worker dependencies configuration + items: + description: ControlCenterConnectDependency + properties: + authentication: + description: Authentication defines the authentication for + the connect cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for connect cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + ksqldb: + description: KsqlDB defines ksqldb dependencies configuration + items: + description: ControlCenterKSQLDependency + properties: + advertisedUrl: + description: AdvertisedURL defines the advertised url to use + in browser. + minLength: 1 + pattern: ^https?://.* + type: string + authentication: + description: Authentication defines the authentication for + the ksqldb cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for ksqldb cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistry defines schema registry dependencies + configuration + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + clusters: + items: + description: ControlCenterMultiSchemaRegistryDependency + properties: + authentication: + description: Authentication defines the authentication + for the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to + pass basic credential through directory path + in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted + roles on the server side only. Changes will + be only reflected in ControlCenter (C3). This + configuration is ignored on the client side + configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration + is ignored on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication + scheme for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side + TLS setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + id: + description: ControlCenterID identifier used as a prefix so that multiple + instances of Control Center can co-exist. + format: int32 + type: integer + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + mail: + description: ControlCenterSMTPServer, these settings control the SMTP + server and account used when an alerts triggers the email action. + properties: + authentication: + description: Authentication SMTP supports basic authentication support + only For other types of authentication use config overrides capability. + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for + Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + checkServerIdentity: + description: CheckServerIdentity forces validation of server’s certificate + when using STARTTLS or SSL. + type: boolean + hostname: + description: Hostname of outgoing SMTP server + minLength: 1 + type: string + mailBounceAddress: + description: MailBounceAddress override for MailFrom config to send + message + minLength: 1 + type: string + mailFrom: + description: MailFrom the originating address for emails sent from + Control Center. + minLength: 1 + type: string + port: + description: Port SMTP port open on for hostname + format: int32 + type: integer + startTLSRequired: + description: StartTLSRequired forces using STARTTLS. + type: boolean + required: + - hostname + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + monitoringKafkaClusters: + description: MonitoringKafkaClusters defines configuring monitoring + clusters + items: + description: MonitoringKafkaClusters kafka cluster configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS setting + for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + type: object + type: array + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + name: + description: ControlCenterName name of the cluster + type: string + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines user provided storage class reference + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: ControlCenterStatus defines the observed state of ControlCenter + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + controlCenterName: + type: string + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + id: + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + required: + - id + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_kafkarestclasses.yaml b/kustomize/base/operator/crds/platform.confluent.io_kafkarestclasses.yaml new file mode 100644 index 0000000..2158aca --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_kafkarestclasses.yaml @@ -0,0 +1,361 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkarestclasses.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaRestClass + listKind: KafkaRestClassList + plural: kafkarestclasses + shortNames: + - krc + - kafkarestclass + singular: kafkarestclass + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KafkaRestClass is the Schema for the kafkarestclasses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaRestClassSpec defines the desired state of KafkaRestClass + properties: + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestApiInfo defines Kafka Rest API configuration + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: BearerAuthentication used by MDS clients + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + secondaryKafkaClusterRef: + description: SecondaryKafkaClusterRef defines the name of the secondary + kafka cluster when using centralized RBAC + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + secondaryKafkaRest: + description: SeconaryKafkaRestApiInfo defines secondary Kafka Rest API + configuration when using centralized RBAC + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: BearerAuthentication used by MDS clients + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + status: + description: KafkaRestClassStatus defines the observed state of KafkaRestClass + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + endpoint: + description: Endpoint defines the kafkarest/mds endpoint + type: string + kafkaClusterId: + description: KafkaClusterId defines the cluster id of kafka cluster + If using centralized RBAC and kafkarestclass is for secondary kafka + cluster, it will be clusterId of secondary kafka cluster + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_kafkas.yaml b/kustomize/base/operator/crds/platform.confluent.io_kafkas.yaml new file mode 100644 index 0000000..00cfcb9 --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_kafkas.yaml @@ -0,0 +1,4981 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkas.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.zookeeperConnect + name: Zookeeper + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Kafka + listKind: KafkaList + plural: kafkas + shortNames: + - kafka + - broker + singular: kafka + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Kafka is the Schema for the kafkas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authorization: + description: Authorization defines authorization support + properties: + superUsers: + description: SuperUsers defines list of supers user to give admin + privilege on the Kafka Cluster This list takes the format as User: + items: + type: string + type: array + type: + enum: + - rbac + - simple + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the PV capacity. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the kafka dependencies like zookeeper + and centralized MDS settings + properties: + kafkaRest: + description: KafkaRestApiClientDep provides rest client auth for + MDS when RBAC is enabled + properties: + authentication: + description: Authentication defines authentication of Kafka + Rest API + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API + is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls + configuration to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: KafkaPrimaryMetaDataServerDep configure a secondary + Kafka cluster managed by the MDS of the primary Kafka cluster + properties: + endpoint: + description: URLEndpoint defines the URL endpoint in format + http|s://:port + minLength: 1 + pattern: ^https?://.* + type: string + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef or + directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - endpoint + - kafka + - tokenKeyPair + type: object + zookeeper: + description: KafkaZookeeperDependencies + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + discovery: + description: Discovery discover structure used by Confluent + platform (CP) + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + endpoint: + description: Endpoint defines the endpoint for service is format + endpoint:port + minLength: 1 + pattern: .+:[0-9]+ + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + listeners: + description: Listeners defines listeners configurations + properties: + custom: + items: + description: KafkaCustomListener ... + properties: + authentication: + description: KafkaZkAuthentication defines authentication + structure for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the + user wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least + one of 'backend' or 'rules' must be specified. + This field is optional to allow the loadbalancer + controller or defaulting logic to specify a + global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of + the Ingress object. If resource is specified, + serviceName and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is the group for + the resource being referenced. If APIGroup + is not specified, the specified Kind + must be in the core API group. For any + other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used + to set a default value for this field. For more + information, refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then + routed to the backend associated with the + matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to + \ the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected + because ports are not allowed. \t Currently + the port of an Ingress is implicitly :80 + for http and \t :443 for https. Both + these may change in the future. Incoming + requests are matched against the host + before the IngressRuleValue. If the host + is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a + domain name without the terminating dot + of a network host (e.g. \"foo.bar.com\") + or \"wildcard\", which is a domain name + prefixed with a single wildcard label + (e.g. \"*.foo.com\"). The wildcard character + '*' must appear by itself as the first + DNS label and matches only a single label. + You cannot have a wildcard label by itself + (e.g. Host == \"*\"). Requests will be + matched against the Host field in the + following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a + list of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource + will be used to match against everything + after the last ''/'' and before the first + ''?'' or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming + urls matching the path are forwarded + to the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint + to which the traffic will be + forwarded to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not + be specified. + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not specified, + the specified Kind must + be in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the + name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the + port of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a + URL path prefix split by ''/''. + Matching is done on a path + element by element basis. A + path element refers is the list + of labels in the path split + by the ''/'' separator. A request + is a match for path p if every + p is an element-wise prefix + of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request + path, it is not a match (e.g. + /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). + * ImplementationSpecific: Interpretation + of the Path matching is up to the + IngressClass. Implementations + can treat this as a separate + PathType or treat it identically + to Prefix or Exact path types. + Implementations are required + to support all path types. Defaults + to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the + Ingress only supports a single TLS port, 443. + If multiple members of this list specify different + hosts, they will be multiplexed on the same + port according to the hostname specified through + the SNI TLS extension, if the ingress controller + fulfilling the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in + this list must match the name/s used in + the tlsSecret. Defaults to the wildcard + host setting for the loadbalancer controller + fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for + termination and value of the Host header + is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing + order with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used + in the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to + be used and will go in the increasing order with + respect to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + name: + description: Name defines the name of the custom listener + internal/external/token can't be used as they are reserved + by the Operator + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: Port will bind given port to the custom listener. + Port < 9093 is reserved by the Operator + format: int32 + minimum: 9093 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + - port + type: object + type: array + external: + description: KafkaExternalAccessListener is the kafka specific external + listener + properties: + authentication: + description: KafkaZkAuthentication defines authentication structure + for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added as + bootstrapPrefix.domain If not configured it will be + the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added as + bootstrapPrefix.domain If not configured it will be + the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used in + the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to be + used and will go in the increasing order with respect + to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + internal: + description: Listener is the base fields for component listener + configuration + properties: + authentication: + description: KafkaZkAuthentication defines authentication structure + for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + metricReporter: + description: MetricsReporter defines the metric reporter configuration + which will be enabled by default, and piggyback internal listener's + authentication and TLS if it is not set + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + type: string + enabled: + type: boolean + replicationFactor: + format: int32 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - enabled + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + rackAssignment: + description: RackAssignment defines the rack awareness capability for + kafka + properties: + availabilityZoneCount: + description: AvailabilityZoneCount if configured will configure + broker.rack with formula (pod_id % azCount) this is mainly for + backwards compatibility with Operator 1.0 + format: int32 + type: integer + nodeLabels: + description: NodeLabels if configured uses the kubernetes node APIs + to to retrieve the value to be used in the broker.rack. This feature + requires Confluent Operaotr to run in cluster-level access + items: + type: string + minItems: 1 + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + services: + description: KafkaServices defines services supported part of kafka + properties: + kafkaRest: + description: RestApiServer embedded rest api server + properties: + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MetaDataServer + properties: + authentication: + description: MDSAuthentication supported MDS server configuration + properties: + type: + enum: + - bearer + type: string + required: + - type + type: object + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + provider: + properties: + ldap: + description: LdapService LDAP configuration for RBAC + properties: + address: + type: string + authentication: + description: LdapAuthentication supported ldap configuration + for RBAC + properties: + simple: + description: LdapSimpleAuthentication load credential + either for secret or directory path in container + for RBAC + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - simple + - mtls + type: string + required: + - type + type: object + configurations: + description: LdapSettings ldap configurations for CP + RBAC. Anything missing can be passed through configOverride + capability + properties: + groupMemberAttribute: + minLength: 1 + type: string + groupMemberAttributePattern: + minLength: 1 + type: string + groupNameAttribute: + minLength: 1 + type: string + groupObjectClass: + minLength: 1 + type: string + groupSearchBase: + minLength: 1 + type: string + groupSearchFilter: + minLength: 1 + type: string + groupSearchScope: + format: int32 + type: integer + userMemberOfAttributePattern: + minLength: 1 + type: string + userNameAttribute: + minLength: 1 + type: string + userObjectClass: + minLength: 1 + type: string + userSearchBase: + minLength: 1 + type: string + userSearchFilter: + minLength: 1 + type: string + userSearchScope: + format: int32 + type: integer + type: object + tls: + description: ClientTLSConfig defines TLS configuration + for CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name + referenced for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be + found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - address + - authentication + - configurations + type: object + type: + enum: + - ldap + type: string + required: + - ldap + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef or + directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - provider + - tokenKeyPair + type: object + type: object + storageClass: + description: StorageClass defines the user provided storage class. If + not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines the global level TLS configuration which can + be used by listeners and services if they all want to share same certificate. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KafkaStatus defines the observed state of KafkaServer + properties: + authorizationType: + type: string + brokerIdOffset: + format: int32 + type: integer + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + externalClient: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + listeners: + additionalProperties: + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + client: + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + minISR: + format: int32 + type: integer + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + replicationFactor: + format: int32 + type: integer + services: + additionalProperties: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + zookeeperConnect: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_kafkatopics.yaml b/kustomize/base/operator/crds/platform.confluent.io_kafkatopics.yaml new file mode 100644 index 0000000..e6afabd --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_kafkatopics.yaml @@ -0,0 +1,287 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkatopics.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.partitionCount + name: Partition + type: string + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .status.kafkaClusterId + name: ClusterId + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaTopic + listKind: KafkaTopicList + plural: kafkatopics + shortNames: + - kt + - topic + singular: kafkatopic + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KafkaTopic is the Schema for the kafkatopics API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaTopicSpec defines the desired state of KafkaTopic + properties: + configs: + additionalProperties: + type: string + description: Configs allows passing configs for topic More information + about topic configs is available here https://docs.confluent.io/current/installation/configuration/topic-configs.html + type: object + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestRef defines the Kafka Rest API configuration + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: BearerAuthentication used by MDS clients + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + name: + description: Name defines the topic name. If not configured uses the + CR name as topic name. + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + partitionCount: + description: PartitionCount defines the partition count + format: int32 + minimum: 1 + type: integer + replicas: + description: Replicas defines the replication factor for a topic + format: int32 + minimum: 1 + type: integer + type: object + status: + description: KafkaTopicStatus defines the observed state of KafkaTopic + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaClusterId: + type: string + kafkaRestEndpoint: + type: string + partitionCount: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_ksqldbs.yaml b/kustomize/base/operator/crds/platform.confluent.io_ksqldbs.yaml new file mode 100644 index 0000000..5f99859 --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_ksqldbs.yaml @@ -0,0 +1,2719 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: ksqldbs.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KsqlDB + listKind: KsqlDBList + plural: ksqldbs + shortNames: + - ksqldb + - ksql + singular: ksqldb + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: KsqlDB is the Schema for the ksql API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authentication: + description: Authentication specifies whether auth is needed when accessing + the ksqlDB rest server. + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization configuration defines RBAC configuration + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: Data volume + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines dependencies Kafka, interceptor, schemaregistry, + mds dependencies + properties: + interceptor: + description: InterceptorDependency defines interceptor settings + for CP component + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines MDS configure when CP RBAC + is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring CP + component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: Provides configuring endpoints and services to make ksqlDB + accessible from outside the cluster + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: Replication factor for internal topics + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage class used for creating pvc's of created ksqlDB + pods + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: Specifies TLS configurations for the ksqlDB rest server. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KsqlDBStatus defines the observed state of KSQLServer + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + serviceId: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_migrationjobs.yaml b/kustomize/base/operator/crds/platform.confluent.io_migrationjobs.yaml new file mode 100644 index 0000000..ead0c24 --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_migrationjobs.yaml @@ -0,0 +1,669 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: migrationjobs.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: MigrationJob + listKind: MigrationJobList + plural: migrationjobs + shortNames: + - migrationjob + - migration + singular: migrationjob + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: MigrationJob is the Schema for the migrationjobs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MigrationJobSpec defines the desired state of MigrationJob + properties: + blockReconcile: + type: boolean + connect: + description: ConnectMigrationJobSpec defines the desired state of Connect + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + controlcenter: + description: ControlCenterMigrationJobSpec defines the desired state + of ControlCenter after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + initContainerImage: + minLength: 1 + type: string + kafka: + description: KafkaMigrationJobSpec defines the descired state of Kafka + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + ksqldb: + description: KsqlDBMigrationJobSpec defines the desired state of KsqlDB + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + pullSecretRef: + items: + type: string + type: array + replicator: + description: ReplicatorMigrationJobSpec defines the desired state of + Replicator after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + schemaRegistry: + description: SchemaRegistryMigrationJobSpec defines the desired state + of SchemaRegistry after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + skipCleanup: + type: boolean + skipRollback: + type: boolean + zookeeper: + description: ZookeeperMigrationJobSpec defines the desired state of + Zookeeper after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + required: + - initContainerImage + type: object + status: + description: MigrationJobStatus defines the observed state of MigrationJob + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + connect: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + controlcenter: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + kafka: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + ksqldb: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + phase: + type: string + replicator: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + schemaRegistry: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + zookeeper: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + required: + - phase + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_schemaregistries.yaml b/kustomize/base/operator/crds/platform.confluent.io_schemaregistries.yaml new file mode 100644 index 0000000..5d5723a --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_schemaregistries.yaml @@ -0,0 +1,2333 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: schemaregistries.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: SchemaRegistry + listKind: SchemaRegistryList + plural: schemaregistries + shortNames: + - schemaregistry + - sr + singular: schemaregistry + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: SchemaRegistry is the Schema for the schemaregistries API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SchemaRegistrySpec defines the desired state of SchemaRegistry + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + minimum: 1 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage defines + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - image + - replicas + type: object + status: + description: SchemaRegistryStatus defines the observed state of SchemaRegistry + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + metricPrefix: + type: string + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_zookeepers.yaml b/kustomize/base/operator/crds/platform.confluent.io_zookeepers.yaml new file mode 100644 index 0000000..e8c7c7b --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_zookeepers.yaml @@ -0,0 +1,1551 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: zookeepers.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.endpoint + name: Endpoint + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Zookeeper + listKind: ZookeeperList + plural: zookeepers + shortNames: + - zookeeper + - zk + singular: zookeeper + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Zookeeper is the Schema for the zookeepers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ZookeeperSpec defines the desired state of Confluent Platform + (CP) component, Zookeeper + properties: + authentication: + description: Authentication defines support authentication configuration + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass required + credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced for + authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + logVolumeCapacity: + anyOf: + - type: integer + - type: string + description: LogVolumeCapacity defines the log volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines the user provided storage class. If + not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLS defines TLS setting + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - logVolumeCapacity + - replicas + type: object + status: + description: ZookeeperStatus defines the observed state of Zookeeper + properties: + authenticationType: + type: string + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + endpoint: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + tls: + type: boolean + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/kustomization.yaml b/kustomize/base/operator/kustomization.yaml new file mode 100644 index 0000000..ffceabe --- /dev/null +++ b/kustomize/base/operator/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - crds + - resources \ No newline at end of file diff --git a/kustomize/base/operator/resources/clusterrole.yaml b/kustomize/base/operator/resources/clusterrole.yaml new file mode 100644 index 0000000..e933d3a --- /dev/null +++ b/kustomize/base/operator/resources/clusterrole.yaml @@ -0,0 +1,116 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + meta.helm.sh/release-name: confluent + meta.helm.sh/release-namespace: production + labels: + app: confluent-for-kubernetes + app.kubernetes.io/component: confluent-operator + app.kubernetes.io/instance: confluent + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: confluent-for-kubernetes + helm.sh/chart: confluent-for-kubernetes-0.174.6 + helm.toolkit.fluxcd.io/name: confluent + helm.toolkit.fluxcd.io/namespace: production + name: confluent-operator-global +rules: + - apiGroups: + - cluster.confluent.com + resources: + - zookeeperclusters + - zookeeperclusters/status + - zookeeperclusters/scale + - zookeeperclusters/finalizers + - kafkaclusters + - kafkaclusters/status + - kafkaclusters/scale + - kafkaclusters/finalizers + verbs: + - '*' + - apiGroups: + - operator.confluent.cloud + resources: + - physicalstatefulclusters + - physicalstatefulclusters/scale + - physicalstatefulclusters/status + - physicalstatefulclusters/finalizers + verbs: + - '*' + - apiGroups: + - platform.confluent.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + - events + - persistentvolumeclaims + - secrets + - secrets/finalizers + - pods + - pods/exec + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete diff --git a/kustomize/base/operator/resources/clusterrolebinding.yaml b/kustomize/base/operator/resources/clusterrolebinding.yaml new file mode 100644 index 0000000..23c5f6c --- /dev/null +++ b/kustomize/base/operator/resources/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: confluent + app.kubernetes.io/managed-by: git + app.kubernetes.io/component: confluent-operator + helm.sh/chart: confluent-for-kubernetes-0.174.6 + name: confluent-operator-global +subjects: +- kind: ServiceAccount + name: confluent-for-kubernetes + namespace: production +roleRef: + kind: Role + name: confluent-operator-global + apiGroup: rbac.authorization.k8s.io diff --git a/kustomize/base/operator/resources/deployment.yaml b/kustomize/base/operator/resources/deployment.yaml new file mode 100644 index 0000000..2c731ba --- /dev/null +++ b/kustomize/base/operator/resources/deployment.yaml @@ -0,0 +1,95 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: "confluent-for-kubernetes" + app.kubernetes.io/name: "confluent-for-kubernetes" + app.kubernetes.io/instance: "confluent" + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: "confluent-for-kubernetes-0.174.6" + name: confluent-operator-global +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: confluent + app.kubernetes.io/name: confluent-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + prometheus.io/path: "/metrics" + prometheus.io/port: "7778" + prometheus.io/scrape: "true" + labels: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: "confluent" + confluent-platform: "true" + version: "0.174.6" + spec: + containers: + - args: + - --debug=false + - --namespaces=production + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: NODEIP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: DD_ENTITY_ID + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.uid + image: docker.io/confluentinc/confluent-operator:0.174.6 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: confluent-operator-global + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 8080 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + serviceAccount: confluent-for-kubernetes + serviceAccountName: confluent-for-kubernetes + terminationGracePeriodSeconds: 30 \ No newline at end of file diff --git a/kustomize/base/operator/resources/kustomization.yaml b/kustomize/base/operator/resources/kustomization.yaml new file mode 100644 index 0000000..aff33c3 --- /dev/null +++ b/kustomize/base/operator/resources/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - clusterrole.yaml + - clusterrolebinding.yaml + - deployment.yaml + - service.yaml + - serviceaccount.yaml diff --git a/kustomize/base/operator/resources/service.yaml b/kustomize/base/operator/resources/service.yaml new file mode 100644 index 0000000..e527612 --- /dev/null +++ b/kustomize/base/operator/resources/service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: "confluent-for-kubernetes" + app.kubernetes.io/name: "confluent-for-kubernetes" + app.kubernetes.io/instance: "confluent" + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: "confluent-for-kubernetes-0.174.6" + name: "confluent-operator" +spec: + ports: + - name: http-metric + port: 7778 + protocol: TCP + targetPort: 7778 + selector: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + type: ClusterIP + diff --git a/kustomize/base/operator/resources/serviceaccount.yaml b/kustomize/base/operator/resources/serviceaccount.yaml new file mode 100644 index 0000000..cf95403 --- /dev/null +++ b/kustomize/base/operator/resources/serviceaccount.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +imagePullSecrets: +- name: "confluent-registry" +kind: ServiceAccount +metadata: + labels: + app: "confluent-for-kubernetes" + app.kubernetes.io/name: "confluent-for-kubernetes" + app.kubernetes.io/instance: "confluent" + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: "confluent-for-kubernetes-0.174.6" + name: confluent-for-kubernetes + diff --git a/kustomize/base/secrets/c3-mds-client.yaml b/kustomize/base/secrets/c3-mds-client.yaml index 3d6d429..d88f450 100644 --- a/kustomize/base/secrets/c3-mds-client.yaml +++ b/kustomize/base/secrets/c3-mds-client.yaml @@ -1,5 +1,6 @@ apiVersion: v1 data: + basic.txt: dXNlcm5hbWU9YzMKcGFzc3dvcmQ9YzMtc2VjcmV0Cg== bearer.txt: dXNlcm5hbWU9YzMKcGFzc3dvcmQ9YzMtc2VjcmV0Cg== kind: Secret metadata: diff --git a/kustomize/base/secrets/confluent-license.yaml b/kustomize/base/secrets/confluent-license.yaml new file mode 100644 index 0000000..42d6e30 --- /dev/null +++ b/kustomize/base/secrets/confluent-license.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + license.txt: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SmhkV1FpT2lKdmNHVnlZWFJ2Y2kxMGNtbGhiQ0lzSW1WNGNDSTZNVFl5TkRRME16VXpOU3dpYVdGMElqb3hOakl4T0RVeE5UTTFMQ0pwYzNNaU9pSkRiMjVtYkhWbGJuUWlMQ0p6ZFdJaU9pSmpiMjUwY205c0xXTmxiblJsY2lKOS5rak1nXzBKb0E5eGpubUNRcWd5VkFEb0ZoeVk2NklKUWZlM2ttT0wxclgydElmck1XY0dBek95aXVXYXlWVjJDa0IwTTdPTFlLdVdyVXR2N0R1OUc2WDJnR0Ntd0hVRTdjeW4wd0lxZm9ObllqTnBGVklNakZ6NlBUTDJobGRZTEJSMW93aXNHQjgyRC1lNU54d083NkRudm1zd2w1MEhXN25yYWRZdjJxOXk1czVBTEFZcE1Vb3RGY2lRd3puVGNabEdvd2Y4SThQZ045SVRfSnlqUHpPMkpwRGJjMG1ocmpaU05kcG15U3IzcFRlbjZXaGxlQUU0Q3VJd0FTQmFhdXJrckZUa1NlMU1EVlJRZnhLVDBqV0ZJdjFBX2p5LVpKR0lyRFZDejNkX3hRNjlIMV9kbWgzRktrVXdEbE5rdkVhNndqaXA5VDVRaEdTbnJNeUgtSHc= + publicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2YUd5OFRPZGJDTXlTTTd6cVpzeApuNjJ5dUUrQmhJUGxjOXo5Y3RyWCt0QldOQ0NKZVBaYktIVFpTOXVLTGVLVWk5dTA3dHMvMzVYUm5FNEFURDZxCmx3am5Tb0pPa2VJWGNZaUorWEdFeE4xb1JFOFJsNW90dmRtSkVzYjlZNkpzZmUybFJDQ3NaTng2azFzMU5tUUYKUjR3blJpS3lsSWlZSjl1V1VHZkgxOEpLWnFNOHo5UXFrWi8relFrekhOWXNYbi9ZeVJ1RElRWGVVU2VjaHI5MwpKanQ3OUFpa3NraWNvVDA0bHF6L0dhSHoyV0pFeXV2TExFMWpOQk9Db21LbDA1UWIreXZKbUdudC83SFg2SFQ3CjNobkNYYnNsd3R6cDBDbWVHT2lKUmJKeGJhaGtURnFoMW9LcVpYVURDWnJLQ05OUnZYcU4vUUhxbmF3bzZrSnkKOHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t +kind: Secret +metadata: + name: confluent-operator-licensing diff --git a/kustomize/base/secrets/connect-mds-client.yaml b/kustomize/base/secrets/connect-mds-client.yaml index 3adbc0b..19f5229 100644 --- a/kustomize/base/secrets/connect-mds-client.yaml +++ b/kustomize/base/secrets/connect-mds-client.yaml @@ -3,5 +3,4 @@ data: bearer.txt: dXNlcm5hbWU9Y29ubmVjdApwYXNzd29yZD1jb25uZWN0LXNlY3JldAo= kind: Secret metadata: - creationTimestamp: null name: connect-mds-client diff --git a/kustomize/base/secrets/kustomization.yaml b/kustomize/base/secrets/kustomization.yaml index 43da054..5f21d00 100644 --- a/kustomize/base/secrets/kustomization.yaml +++ b/kustomize/base/secrets/kustomization.yaml @@ -3,6 +3,7 @@ kind: Kustomization resources: - ca-pair.yaml - c3-mds-client.yaml + - confluent-license.yaml - connect-mds-client.yaml - credential.yaml - ksqldb-mds-client.yaml diff --git a/kustomize/environments/production/control-centre.yaml b/kustomize/environments/production/control-centre.yaml index a67a214..9a3a67e 100644 --- a/kustomize/environments/production/control-centre.yaml +++ b/kustomize/environments/production/control-centre.yaml @@ -10,4 +10,12 @@ spec: kafka: bootstrapEndpoint: kafka.production.svc.cluster.local:9071 mds: - endpoint: https://kafka.production.svc.cluster.local:8090 \ No newline at end of file + endpoint: https://kafka.production.svc.cluster.local:8090 + connect: + - name: connect + url: https://connect.production.svc.cluster.local:8083 + ksqldb: + - name: ksqldb + url: https://ksqldb.production.svc.cluster.local:8088 + schemaRegistry: + url: https://registry.production.svc.cluster.local:8081 diff --git a/kustomize/environments/production/schema-registry.yaml b/kustomize/environments/production/schema-registry.yaml index 0264051..afea6b4 100644 --- a/kustomize/environments/production/schema-registry.yaml +++ b/kustomize/environments/production/schema-registry.yaml @@ -6,6 +6,10 @@ metadata: spec: tls: secretRef: tls-group1 + configOverrides: + server: + - confluent.schema.registry.anonymous.principal=true + - authentication.skip.paths=/* dependencies: kafka: bootstrapEndpoint: kafka.production.svc.cluster.local:9071 diff --git a/kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml b/kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml new file mode 100644 index 0000000..6d2989f --- /dev/null +++ b/kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml @@ -0,0 +1,19 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: confluent + namespace: confluent +spec: + interval: 1m + chart: + spec: + chart: confluent-for-kubernetes + sourceRef: + kind: HelmRepository + name: confluent-private + namespace: flux-system + values: + image: + registry: docker.io + rbac: true + name: confluent-operator-global \ No newline at end of file diff --git a/kustomize/infrastructure/confluent-operator-helm-release-production.yaml b/kustomize/infrastructure/confluent-operator-helm-release-production.yaml index d8336cb..3f16b0c 100644 --- a/kustomize/infrastructure/confluent-operator-helm-release-production.yaml +++ b/kustomize/infrastructure/confluent-operator-helm-release-production.yaml @@ -14,4 +14,8 @@ spec: namespace: flux-system values: image: - registry: docker.io \ No newline at end of file + registry: docker.io + name: confluent-operator-global + rbac: true + namespaced: true + namespaceList: ["dev", "production", "confluent"] diff --git a/kustomize/infrastructure/kustomization.yaml b/kustomize/infrastructure/kustomization.yaml index 1224293..ffd02fd 100644 --- a/kustomize/infrastructure/kustomization.yaml +++ b/kustomize/infrastructure/kustomization.yaml @@ -4,6 +4,7 @@ resources: - namespaces.yaml - proxy.yaml - ldap.yaml - - confluent-operator-credentials.yaml - - confluent-operator-helm-release-dev.yaml - - confluent-operator-helm-release-production.yaml \ No newline at end of file +# - confluent-operator-credentials.yaml +# - confluent-operator-helm-release-dev.yaml +# - confluent-operator-helm-release-production.yaml +# - confluent-operator-helm-release-confluent.yaml \ No newline at end of file diff --git a/resources/application-secrets/licensing/license-key.txt b/resources/application-secrets/licensing/license-key.txt new file mode 100644 index 0000000..122a234 --- /dev/null +++ b/resources/application-secrets/licensing/license-key.txt @@ -0,0 +1 @@ +eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJvcGVyYXRvci10cmlhbCIsImV4cCI6MTYyNDQ0MzUzNSwiaWF0IjoxNjIxODUxNTM1LCJpc3MiOiJDb25mbHVlbnQiLCJzdWIiOiJjb250cm9sLWNlbnRlciJ9.kjMg_0JoA9xjnmCQqgyVADoFhyY66IJQfe3kmOL1rX2tIfrMWcGAzOyiuWayVV2CkB0M7OLYKuWrUtv7Du9G6X2gGCmwHUE7cyn0wIqfoNnYjNpFVIMjFz6PTL2hldYLBR1owisGB82D-e5NxwO76Dnvmswl50HW7nradYv2q9y5s5ALAYpMUotFciQwznTcZlGowf8I8PgN9IT_JyjPzO2JpDbc0mhrjZSNdpmySr3pTen6WhleAE4CuIwASBaaurkrFTkSe1MDVRQfxKT0jWFIv1A_jy-ZJGIrDVCz3d_xQ69H1_dmh3FKkUwDlNkvEa6wjip9T5QhGSnrMyH-Hw \ No newline at end of file diff --git a/resources/application-secrets/licensing/license-pem.txt b/resources/application-secrets/licensing/license-pem.txt new file mode 100644 index 0000000..bdd4a81 --- /dev/null +++ b/resources/application-secrets/licensing/license-pem.txt @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaGy8TOdbCMySM7zqZsx +n62yuE+BhIPlc9z9ctrX+tBWNCCJePZbKHTZS9uKLeKUi9u07ts/35XRnE4ATD6q +lwjnSoJOkeIXcYiJ+XGExN1oRE8Rl5otvdmJEsb9Y6Jsfe2lRCCsZNx6k1s1NmQF +R4wnRiKylIiYJ9uWUGfH18JKZqM8z9QqkZ/+zQkzHNYsXn/YyRuDIQXeUSechr93 +Jjt79AikskicoT04lqz/GaHz2WJEyuvLLE1jNBOComKl05Qb+yvJmGnt/7HX6HT7 +3hnCXbslwtzp0CmeGOiJRbJxbahkTFqh1oKqZXUDCZrKCNNRvXqN/QHqnawo6kJy +8wIDAQAB +-----END PUBLIC KEY----- \ No newline at end of file diff --git a/resources/application-secrets/populate_secrets.sh b/resources/application-secrets/populate_secrets.sh index 2616349..3992946 100755 --- a/resources/application-secrets/populate_secrets.sh +++ b/resources/application-secrets/populate_secrets.sh @@ -22,6 +22,7 @@ kubectl create secret generic mds-client \ # Control Center RBAC credential kubectl create secret generic c3-mds-client \ --from-file=bearer.txt=./users/c3-mds-client.txt \ +--from-file=basic.txt=./users/c3-mds-client.txt \ --dry-run=client --output=yaml > ../../kustomize/base/secrets/c3-mds-client.yaml # Connect RBAC credential kubectl create secret generic connect-mds-client \ @@ -40,4 +41,10 @@ kubectl create secret generic rest-credential \ --from-file=bearer.txt=./users/bearer.txt \ --from-file=basic.txt=./users/bearer.txt \ --from-file=plain.txt=./users/bearer.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/rest-credential.yaml \ No newline at end of file +--dry-run=client --output=yaml > ../../kustomize/base/secrets/rest-credential.yaml + +# Confluent licensing +kubectl create secret generic confluent-operator-licensing \ +--from-file=license.txt=./licensing/license-key.txt \ +--from-file=publicKey.pem=./licensing/license-pem.txt \ +--dry-run=client --output=yaml > ../../kustomize/base/secrets/confluent-license.yaml \ No newline at end of file