From eac8a258e280157da31947edaec23639d5ae3d08 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Wed, 30 Jun 2021 15:34:11 +0100 Subject: [PATCH 01/10] commiting WIP of clean-up --- flux-system/gotk-sync.yaml | 4 +- resources/git/git_repo.sh => git_repo.sh | 0 kustomize/base/confluent/certificates.yaml | 108 - kustomize/base/confluent/control-centre.yaml | 34 +- kustomize/base/confluent/kafka-connect.yaml | 24 +- kustomize/base/confluent/kafka.yaml | 104 +- kustomize/base/confluent/ksqldb.yaml | 20 +- kustomize/base/confluent/kustomization.yaml | 1 - kustomize/base/confluent/rest-proxy.yaml | 192 - kustomize/base/confluent/schema-registry.yaml | 16 +- kustomize/base/confluent/zookeeper.yaml | 4 - .../base/operator/crds/kustomization.yaml | 13 - ...rm.confluent.io_confluentrolebindings.yaml | 249 - .../crds/platform.confluent.io_connects.yaml | 3103 ---------- .../platform.confluent.io_controlcenters.yaml | 3032 ---------- ...latform.confluent.io_kafkarestclasses.yaml | 361 -- .../crds/platform.confluent.io_kafkas.yaml | 4981 ----------------- .../platform.confluent.io_kafkatopics.yaml | 287 - .../crds/platform.confluent.io_ksqldbs.yaml | 2719 --------- .../platform.confluent.io_migrationjobs.yaml | 669 --- ...latform.confluent.io_schemaregistries.yaml | 2333 -------- .../platform.confluent.io_zookeepers.yaml | 1551 ----- kustomize/base/operator/kustomization.yaml | 5 - .../base/operator/resources/clusterrole.yaml | 116 - .../resources/clusterrolebinding.yaml | 19 - .../base/operator/resources/deployment.yaml | 95 - .../operator/resources/kustomization.yaml | 8 - .../base/operator/resources/service.yaml | 22 - .../operator/resources/serviceaccount.yaml | 14 - .../rolebindings/connect/connect-base.yaml | 44 - .../rolebindings/connect/connect-groups.yaml | 16 - .../rolebindings/connect/connect-topics.yaml | 25 - .../rolebindings/connect/kustomization.yaml | 7 - .../controlcenter/controlcentre-base.yaml | 9 - .../controlcenter/controlcentre-clusters.yaml | 35 - .../controlcenter/kustomization.yaml | 6 - .../base/rolebindings/ksqldb/ksqldb-base.yaml | 29 - .../rolebindings/ksqldb/ksqldb-cluster.yaml | 14 - .../rolebindings/ksqldb/ksqldb-groups.yaml | 13 - .../ksqldb/ksqldb-ksqlcluster.yaml | 16 - .../rolebindings/ksqldb/ksqldb-topics.yaml | 19 - .../ksqldb/ksqldb-transaction.yaml | 13 - .../rolebindings/ksqldb/kustomization.yaml | 10 - .../base/rolebindings/kustomization.yaml | 9 - .../ldap/groups/kustomization.yaml | 5 - .../rolebindings/ldap/groups/ldap-groups.yaml | 77 - .../base/rolebindings/ldap/kustomization.yaml | 5 - .../ldap/users/kustomization.yaml | 5 - .../rolebindings/ldap/users/ldap-users.yaml | 0 .../schemaregistry/kustomization.yaml | 7 - .../schemaregistry/schemaregistry-base.yaml | 33 - .../schemaregistry/schemaregistry-groups.yaml | 17 - .../schemaregistry/schemaregistry-topics.yaml | 14 - kustomize/base/secrets/c3-mds-client.yaml | 8 - kustomize/base/secrets/ca-pair.yaml | 8 - kustomize/base/secrets/confluent-license.yaml | 7 - .../base/secrets/connect-mds-client.yaml | 6 - kustomize/base/secrets/credential.yaml | 14 - kustomize/base/secrets/ksqldb-mds-client.yaml | 7 - kustomize/base/secrets/kustomization.yaml | 13 - kustomize/base/secrets/mds-client.yaml | 7 - kustomize/base/secrets/mds-token.yaml | 8 - kustomize/base/secrets/rest-credential.yaml | 9 - kustomize/base/secrets/sr-mds-client.yaml | 7 - kustomize/base/topics/example-topic.yaml | 7 - kustomize/base/topics/kustomization.yaml | 4 - kustomize/environments/dev/kafka.yaml | 11 - kustomize/environments/kustomization.yaml | 3 +- .../production/control-centre.yaml | 21 - .../production/example-topic.yaml | 14 - .../production/kafka-connect.yaml | 13 - kustomize/environments/production/kafka.yaml | 13 - kustomize/environments/production/ksqldb.yaml | 13 - .../production/kustomization.yaml | 10 - .../production/schema-registry.yaml | 17 - .../{dev => sandbox}/control-centre.yaml | 4 +- .../{dev => sandbox}/kafka-connect.yaml | 4 +- kustomize/environments/sandbox/kafka.yaml | 14 + .../environments/{dev => sandbox}/ksqldb.yaml | 4 +- .../{dev => sandbox}/kustomization.yaml | 0 .../{dev => sandbox}/schema-registry.yaml | 4 +- .../confluent-operator-credentials.yaml | 8 - ...luent-operator-helm-release-confluent.yaml | 5 +- .../confluent-operator-helm-release-dev.yaml | 17 - ...uent-operator-helm-release-production.yaml | 21 - kustomize/infrastructure/kustomization.yaml | 9 +- kustomize/infrastructure/ldap.yaml | 149 - kustomize/infrastructure/namespaces.yaml | 17 +- kustomize/infrastructure/proxy.yaml | 18 - resources/application-secrets/README.md | 2 - .../certs/mds-publickey.txt | 9 - .../certs/mds-tokenkeypair.txt | 27 - .../licensing/license-key.txt | 1 - .../licensing/license-pem.txt | 9 - .../application-secrets/populate_secrets.sh | 50 - .../application-secrets/users/bearer.txt | 2 - .../users/c3-mds-client.txt | 2 - .../users/connect-mds-client.txt | 2 - .../users/creds-client-kafka-sasl-user.txt | 2 - .../users/creds-control-center-users.txt | 3 - .../users/creds-kafka-sasl-users.json | 5 - .../creds-kafka-zookeeper-credentials.txt | 2 - .../creds-zookeeper-sasl-digest-users.json | 3 - .../users/ksqldb-mds-client.txt | 2 - resources/application-secrets/users/ldap.txt | 2 - .../users/sr-mds-client.txt | 2 - resources/certificates/base-ca-config.json | 26 - resources/certificates/base-ca-csr.json | 16 - .../certificates/base-server-domain.json | 19 - .../certificates/generate_certificate.sh | 26 - resources/certificates/replace_certificate.sh | 25 - 111 files changed, 54 insertions(+), 21189 deletions(-) rename resources/git/git_repo.sh => git_repo.sh (100%) delete mode 100644 kustomize/base/confluent/certificates.yaml delete mode 100644 kustomize/base/confluent/rest-proxy.yaml delete mode 100644 kustomize/base/operator/crds/kustomization.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_connects.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_controlcenters.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_kafkarestclasses.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_kafkas.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_kafkatopics.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_ksqldbs.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_migrationjobs.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_schemaregistries.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_zookeepers.yaml delete mode 100644 kustomize/base/operator/kustomization.yaml delete mode 100644 kustomize/base/operator/resources/clusterrole.yaml delete mode 100644 kustomize/base/operator/resources/clusterrolebinding.yaml delete mode 100644 kustomize/base/operator/resources/deployment.yaml delete mode 100644 kustomize/base/operator/resources/kustomization.yaml delete mode 100644 kustomize/base/operator/resources/service.yaml delete mode 100644 kustomize/base/operator/resources/serviceaccount.yaml delete mode 100644 kustomize/base/rolebindings/connect/connect-base.yaml delete mode 100644 kustomize/base/rolebindings/connect/connect-groups.yaml delete mode 100644 kustomize/base/rolebindings/connect/connect-topics.yaml delete mode 100644 kustomize/base/rolebindings/connect/kustomization.yaml delete mode 100644 kustomize/base/rolebindings/controlcenter/controlcentre-base.yaml delete mode 100644 kustomize/base/rolebindings/controlcenter/controlcentre-clusters.yaml delete mode 100644 kustomize/base/rolebindings/controlcenter/kustomization.yaml delete mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-base.yaml delete mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-cluster.yaml delete mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-groups.yaml delete mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml delete mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-topics.yaml delete mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-transaction.yaml delete mode 100644 kustomize/base/rolebindings/ksqldb/kustomization.yaml delete mode 100644 kustomize/base/rolebindings/kustomization.yaml delete mode 100644 kustomize/base/rolebindings/ldap/groups/kustomization.yaml delete mode 100644 kustomize/base/rolebindings/ldap/groups/ldap-groups.yaml delete mode 100644 kustomize/base/rolebindings/ldap/kustomization.yaml delete mode 100644 kustomize/base/rolebindings/ldap/users/kustomization.yaml delete mode 100644 kustomize/base/rolebindings/ldap/users/ldap-users.yaml delete mode 100644 kustomize/base/rolebindings/schemaregistry/kustomization.yaml delete mode 100644 kustomize/base/rolebindings/schemaregistry/schemaregistry-base.yaml delete mode 100644 kustomize/base/rolebindings/schemaregistry/schemaregistry-groups.yaml delete mode 100644 kustomize/base/rolebindings/schemaregistry/schemaregistry-topics.yaml delete mode 100644 kustomize/base/secrets/c3-mds-client.yaml delete mode 100644 kustomize/base/secrets/ca-pair.yaml delete mode 100644 kustomize/base/secrets/confluent-license.yaml delete mode 100644 kustomize/base/secrets/connect-mds-client.yaml delete mode 100644 kustomize/base/secrets/credential.yaml delete mode 100644 kustomize/base/secrets/ksqldb-mds-client.yaml delete mode 100644 kustomize/base/secrets/kustomization.yaml delete mode 100644 kustomize/base/secrets/mds-client.yaml delete mode 100644 kustomize/base/secrets/mds-token.yaml delete mode 100644 kustomize/base/secrets/rest-credential.yaml delete mode 100644 kustomize/base/secrets/sr-mds-client.yaml delete mode 100644 kustomize/base/topics/example-topic.yaml delete mode 100644 kustomize/base/topics/kustomization.yaml delete mode 100644 kustomize/environments/dev/kafka.yaml delete mode 100644 kustomize/environments/production/control-centre.yaml delete mode 100644 kustomize/environments/production/example-topic.yaml delete mode 100644 kustomize/environments/production/kafka-connect.yaml delete mode 100644 kustomize/environments/production/kafka.yaml delete mode 100644 kustomize/environments/production/ksqldb.yaml delete mode 100644 kustomize/environments/production/kustomization.yaml delete mode 100644 kustomize/environments/production/schema-registry.yaml rename kustomize/environments/{dev => sandbox}/control-centre.yaml (53%) rename kustomize/environments/{dev => sandbox}/kafka-connect.yaml (51%) create mode 100644 kustomize/environments/sandbox/kafka.yaml rename kustomize/environments/{dev => sandbox}/ksqldb.yaml (50%) rename kustomize/environments/{dev => sandbox}/kustomization.yaml (100%) rename kustomize/environments/{dev => sandbox}/schema-registry.yaml (52%) delete mode 100644 kustomize/infrastructure/confluent-operator-credentials.yaml delete mode 100644 kustomize/infrastructure/confluent-operator-helm-release-dev.yaml delete mode 100644 kustomize/infrastructure/confluent-operator-helm-release-production.yaml delete mode 100644 kustomize/infrastructure/ldap.yaml delete mode 100644 kustomize/infrastructure/proxy.yaml delete mode 100644 resources/application-secrets/README.md delete mode 100644 resources/application-secrets/certs/mds-publickey.txt delete mode 100644 resources/application-secrets/certs/mds-tokenkeypair.txt delete mode 100644 resources/application-secrets/licensing/license-key.txt delete mode 100644 resources/application-secrets/licensing/license-pem.txt delete mode 100755 resources/application-secrets/populate_secrets.sh delete mode 100644 resources/application-secrets/users/bearer.txt delete mode 100644 resources/application-secrets/users/c3-mds-client.txt delete mode 100644 resources/application-secrets/users/connect-mds-client.txt delete mode 100644 resources/application-secrets/users/creds-client-kafka-sasl-user.txt delete mode 100644 resources/application-secrets/users/creds-control-center-users.txt delete mode 100644 resources/application-secrets/users/creds-kafka-sasl-users.json delete mode 100644 resources/application-secrets/users/creds-kafka-zookeeper-credentials.txt delete mode 100644 resources/application-secrets/users/creds-zookeeper-sasl-digest-users.json delete mode 100644 resources/application-secrets/users/ksqldb-mds-client.txt delete mode 100644 resources/application-secrets/users/ldap.txt delete mode 100644 resources/application-secrets/users/sr-mds-client.txt delete mode 100644 resources/certificates/base-ca-config.json delete mode 100644 resources/certificates/base-ca-csr.json delete mode 100644 resources/certificates/base-server-domain.json delete mode 100755 resources/certificates/generate_certificate.sh delete mode 100755 resources/certificates/replace_certificate.sh diff --git a/flux-system/gotk-sync.yaml b/flux-system/gotk-sync.yaml index 25060d9..cbc4614 100644 --- a/flux-system/gotk-sync.yaml +++ b/flux-system/gotk-sync.yaml @@ -28,7 +28,7 @@ spec: - apiVersion: helm.toolkit.fluxcd.io/v1beta1 kind: HelmRelease name: confluent - namespace: dev + namespace: confluent validation: client --- apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 @@ -40,7 +40,7 @@ spec: dependsOn: - name: confluent-infra interval: 5m - path: ./kustomize/environments/dev + path: ./kustomize/environments/sandbox prune: true sourceRef: kind: GitRepository diff --git a/resources/git/git_repo.sh b/git_repo.sh similarity index 100% rename from resources/git/git_repo.sh rename to git_repo.sh diff --git a/kustomize/base/confluent/certificates.yaml b/kustomize/base/confluent/certificates.yaml deleted file mode 100644 index 5d34267..0000000 --- a/kustomize/base/confluent/certificates.yaml +++ /dev/null @@ -1,108 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: ca-pair-sslcerts -type: kubernetes.io/tls -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzCnVFM0dWemp2dEFKbno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTQKakNYaEJpcU5RcXkrMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWQpKNGtNcEJGalhjNmVFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkCjJCTVhSY2pBR3dUek9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzIKYjhLV3hQTHVjUDFaY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2bwpuTTVIVW1YR212cjBPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1CkhOU2RsemhLVC9xZG5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGEKNnpCbHZhUHo3WHRST2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVgpFWi92Q2lCNHEzTEh2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxCnlvUmNpaFAyNVlUV1BjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUEKQVFLQ0FnQXZ3TktEeEw3Nnl0Rm42RGVpaUVWSVhzQWR2cHNwQm9TY3FBYTFMOG5DeVV2eTl3RDNFcE01cTJuRQorTFIzck42TkZTL084dUQzbTVEUk1Ma00vd3grclgzZVFrc2U0L2Q1OU52U0hLUVJQQmxYaEhpOGc5YWl6L0FyCmNxU2JUSGFvNTZVSExiUFlGUExMdHYvTjNUeVNFOFQvS2FZNjk5SUJrVnhzcmtwR0VUYmd0WmcvUzA5N0JxTUQKMFpZaVNUUEt5REtmaThMTngwUzdaczZYSXJLbjhES2ZsYnZUNStzaHkzYUQxd1hHRGYyQjlGV1c3MUtNMmNVYgpZMG1Yb2VNb1U5aFBXMEhWNjAydUdKRVBKMVh3T0pYTDMybGRsY1JjZVd5c0IwanNRQXphZmJQS1lOSlE2ZGJCCjlsT08wdVZ0a3FGRTgyNUp0a001Ry9iOHVkZldmdlFmcEswWU51aTBuRlVNRmowNHd4WUl1RWNvWDU0RFlzMFMKTnhxRWRqUE1VMUl4bzNXb2dvVU9CRUdLMmFVakIwSVA1SGk1QlN0Tld2bVcrTUMwN3cxUDQxWUJvaVpuT1ZleQp0ZDFoc0p1RW5LVVlCU2pDME9IRnNPMlcveEdhZEU3TVlLUzAzcWh6eVVxVmlKTmNvZkxDckNLNDkyZHJOckU1CjYvTjVvcUtpRzIySE9qejBLblV6T1I3S3QyVjVtYlVQTkQrWGxjRlBKNmo5ZU1CU0t0YlgvQnZXR0ZMSGJtL3UKOXZVQjFvSFErR0IzSlVJNTRSRGY5WXMyTlIrM0VVWmdvakcybzZXbE1PTDNMMm93OGQrYllZZEt3SHUxcVlMSQpLSWJvTnJYRTVYcmYvSUdwNmQ2WXExbURXd09PS1AxTzUvVFFqSHdQWXNNMlpObFlxUUtDQVFFQThzQmtndnB0Clo3MDlxMkZDQWRIZnBsK0RQMllPL0g5emFqc1Z5M2ZWTmtlTUQ4V2ZvQUppZnFPbEQ3d0s4SVNzTFVkRThHVnIKdzVmQjdBUTVONUZFekc1WVZFU1pTY0oydnF5RnVUVHEwcm93VFF4NDZaTWEyS25kZnRIdVJKZitjczV1eFV0YQpMZ3grNHBsK3Q1NEI3NUd2TkdOaE4wNHlPbHZUU2EzRDZYNDFGTDJ4TFRxcjA3YjVZTTZlTXNoQ1BKMWF4Ti9yCmpQb1RQUDJxYkRObE53RWlBcm9Vb3lacitrVzh6Nkx0eWxkSTBWNjhsYW53NkhabXptazNUSExVTXJzV2EvWmQKdUIybGY3UklKdHg5QVVkZm8rWHRmUk54WGgxZWtlQXkvbWh3dUN0M0JSWU13ek5weVRld3BMa0dzTUNJREZ3SwprODhjTEN4ZUtUTFpYd0tDQVFFQXhQcnlGbEhlZHBPR1JteHRaZGRRaGg3YlB5M0R1aThjZjYrdmVhT2JkN3QyCnZuQUpUaWtYT0VLOUoxU2k2S1QzbDdicm01b0dzangxZHNmV1dPQ2VCbG81NEFXQU1hUWxzR2g3RWk0Y2dNeTUKMkJFb010Q0ZrRy9PMThrSndnNnoyTEhPbSswYlh3b0Y2eTdKbTUrbCtOeCtERWxCMnFaNGEwQzZQU3NKZExvNwpsN1NtNEorc2I0TVBmaktJd1Q0eWtqS09ObE9HT0ZhckpPQnZGWENpaStaeEIwK3ZzRHpaV2lSZGVSVEM2WlRPCjJWOXkxemdpd0d2dWQ3UDFraGZJZG9XU3grYjlhVTJzZUdtTzkydkw0UDNXUHRFdGhaTXF3R0t0Tzh1U0M3Mm0KckNaZDF1MmpISWVWNXRUR0I3bUg3WlFEYU5xMnhLb2lOeFIxaGVsSFpRS0NBUUFvRVF0Rjl4R1J1dEZ2OVFpUgpCbFAwd1BVSHhNK2FhMnJnVU1wRElBOUgrejBwNlVOMGhKQS9PTUZvdkcvTnpRZ2lIUTVLNDJLTEVRUkg4VmFFClRtemRsU1R0RzdsMVRDeVBRaWg4TGpqSCtVVTVvbUplb3hJZVNzTXRTSGNjU1Q0Tk12ZGpoeEZtWWxlYkRSeTIKTDlVLzluckZtZFdVN0Vvc0NiWHhCa1k4eHNENklHa2Evd0VYVzY4RGhIYm1DTm10NllidTBjcXVKU1NCdjVpZQpiVWs2Yit4dUtNcDVOMEZCT0x0MlJmMGJsWmFHUUMyK1FpTnFLd2pDN3VqYXJHVkx6a2RnSUhUTmk4OGlLZDV5CjA1ZXFXMTUwemVHSjhHaVkwUjRuMDZwM0JVUDlrZWIrSnVxS1dYVVBhaXEwdFhsZU9SajdlVUdocmVDSGhmY3cKczV6ZkFvSUJBUUM1REVKbXcyeHBHcmYyNnA5dkgvSXV2VWdjdHlKN2d3eVR5M2plbmR0TWhOak5tTFMxTDViMwpySUxFTXhlRDFJNGdnYUFmSW5pTjhvd3JGUnNCamFvR3I3WlZCUFhrTEorWGROL0JPWDVmWlhSbFRlRGtzODMxCjNZT0VaZ0Y3dzVJaXpROGFub21ySStCaGl5ZXN3ak1LY2lFYjY2b28vV0I4NldiTVZlVGhPcDhIS3BmbXh6b1gKM0JpdTVreGd0Y3lPV1Y0T0hUTW5OQXc5YlhZTnZ5MkVuZXlyQUtvOHR6MDlHSktUVC9TM3VLc0Z2RXhIY1IzOApoS2lXM1lHaVNDTnpiSkp5cDBhREtZd1A1cUovUDA1ZHhEa0Q5RUIranIySDFHdUhrL3RVZWtyY3lJSTVpaTlFCmV2OVF4YXh2ejFTcDFQWExDRVRReGorMFhNejNDeXFkQW9JQkFDcmlMYzdocmczNHZ2Q1F6dzN0cnk3b0JYL0sKSVhzZzBPY1BtSU9BZjhiaytUd2lBOWxFMWhwOU1IYkU5bER0cmF2WmIxTE5ZOHBPbE1GcVRMNkVHV0o1a0tQSgpxdW56Y200bHBUSUNCVUtMelQxdVhYa21WUTRreWM3SDZ4QXpkRUd6bkZlYlQydnE1aXRqZzIwWEVoeTFTMzZlCnNOVjkxaHYzZWRMT096NnRYc1lEdVY0RkJWWnloTmkzTGY3UE0xMEg4dE9XRzI4UlRnSTFGSTBvVnhacE5Hd1AKSFF1dkhlMWZway9uWm9Xd3RSejBuODVJSlN0T29mejc4dzZXTmdhY084bDBzZFhlT2lWZmNrMC9ZaG9rTUNNNgo5WFY5eUJ3enJoQ1Z1a0g0WXgvS2hyL0pIMWZlTlhHMng2UFgxbXRONzQvTDArcUtvZ29ha1Q0bHpFbz0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K ---- -apiVersion: v1 -kind: Secret -metadata: - name: connect-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRFlUQ0NBa2tDQVFBd1JqRUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhFREFPQmdOVkJBTVRCMk52Ym01bFkzUXdnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREVXbTNJOWREdnBGK3d1MnZEOFdaaGFOSnhjMm1vWEw2WHZhYkgKQitaUWhYR3JGSjI1UFFZNis1WE1EaW1oZUhXcytWYjB0KzYycEhydktmVnNabURsZEFkMVdnVlJIZmsyOVF1SgpRTWsyazhrVUpBL2ExQ1ZEaCtkYUQ3K0hvZGo4NmZKSDFXNlRrbUlQeU83QWFuRENGbG04cWlqVmp5YUpVNHMrCnJIN1I1MitrekVDVXJrSk1uRVNpRkxzRDFTZDMvK1dLQUpYelc2UFI0ekM1YmpiRFVvM3lRSVh6TkZrVjhhRjQKYVloVTVxY0RXSTBkK1Z5TkR6REdRWUF2REdjQzVkaGpkVDI3dWFMeFRiWmc4V1NqSTJzZGE1NHo4T3lvRzliMApxTjRBQjNBeTFWV1hISEtlSDYvRWJLMzFOVFJuOTh1WFVWbWlYNzBlaitFbWhsTEJBZ01CQUFHZ2dkVXdnZElHCkNTcUdTSWIzRFFFSkRqR0J4RENCd1RDQnZnWURWUjBSQklHMk1JR3pnZ2RqYjI1dVpXTjBnaEZqYjI1dVpXTjAKTG1OdmJtWnNkV1Z1ZElJVlkyOXVibVZqZEM1amIyNW1iSFZsYm5RdWMzWmpnaU5qYjI1dVpXTjBMbU52Ym1acwpkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJVEtpNWpiMjV1WldOMExtTnZibVpzZFdWdWRJSWxLaTVqCmIyNXVaV04wTG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJZEtpNWpiMjVtYkhWbGJuUXUKYzNaakxtTnNkWE4wWlhJdWJHOWpZV3d3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQU1CNm9uSHMwOEV0QWE0aQpCZndYNTcyNXdSdUZKWFlBS2ZtZkg1eGFlVWNobnRhNW1tV2Y4Z1NyZVd3SDJPS3BneS9tZWYzYXdyWWhZWlBlClRMM2ZTZUdGZDdlYkR4Ty9oYW9ibk81THdtc0ZyekJPeDNhNTkrdXRCUGgvSHZMNWIwWll4c1ovdzQyYUw1T1IKWWpSTmVZMmlHaFVJRHFNbm1kZFpiRkNwMXVmNUp6N3RtdGxnN2J0Szd5T1pGVFZzZHZkVFZkbGdOekx2SWNRSAo5dTRNajhkV1lQb01waER6cmRiUmtqMVlsZU1EeHQzZ0RtRlhxTXNDQlJyMXBMTXJNb0lWdmhNc1RlWmpzN1AvCmhuL0o2dDVwNDIrRVpGVmE4S2VzeGNOVzBHZmEvRmdnM0RpK0hBcWY2dU01bXZQZGRNSTFSMVNEZjEzU3JJbloKbkdod1hyMD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EtLmkQAABQEwggT9MA4GCisGAQQBKgIRAQEFAASCBOmHkf+k/dFm49XH1xNNe9kMfnhChmgsnsA/yxQZEJ70Bj3tTq1X5Q+hkKKP/HBvN2cqSMx6bMCQtLCarZuilLYBQ910wG7mMJXqJJFpFNRdN/3om4mKWKZeEgkjy+Evpo0rs7PFCVnA8lYgYYcgwwadm0cuhwxHsvyFnUwum+OTp47f/zjwG2+4YvMBWGR297Se0+KcCBRnunacRFAttiltr3SwgN7LA4WutRm8VYVLR2VmjmhfxmX91UVEmtJ5UM7X3Dl2i8ClroUTGZpAfqlEw0U7Edkhdl7Gcw5QjxHcUL7vXyrOP6zK8+h6Foi+1sdYsVmcGAftM2I4ugH9KIv8YG6eCVesqIE2I10Djer5d+qmYGO1H0525xU3y/PH06DFymA4fh0c74l9b96vPRCyydN2IjtnLi+c5IvgkwKMMjSd+1c4/MrO7JCwZBx2QkxSced0emiXDEW27DbC/KPCjPTzc6X81104om0/UqAoJ2QyGevPZL27T/AhD9N2HmNEm/IRKkDD45IWVOLmS1bB+gsmOwGsUtfykt3BPPSaiGPL9mfH3J/16QaS/NaHvvC0FEaQ43hz049W+B4W8OmPY2oRNW6J1AjVw+lh3XJtCbGN7DnVlwEV2V3eMMMqF4XZGSboFq23VvDdBM1ZqcwlH4p970AqHkTg9O+5X506dNLGpFHKJzN5JdSeY2AOzkZIxDwK17ofxR4brTWZvHKkUSXDYUJv2nMfp/IF3ZcfoFOMY72X0ojU16nf/RJejumAF4fQDKkeMGDfTmOYsL8ACNR/yl/YqAI+LBcBD2U36IYc/SBOKtjPZasH8P7d1Yk/o6b3gQNBO0EexVUIY6c4UJIL+MZYfyX0cv/xEV22dhkVU2QbTtmbKTVvs0tC8NuXhzklVQmf60mAhEoTUWmlOwpnn7/upX5OYiJjEtsupo3fB8aS6zl7bZhAxuPcU39R49oALk/+iuyffj2dW8bU0JmYCpUyhFc6F93GEKK2acK6kIPrhiZnQ+0giMNM4XWI8ioVmD2XFx2u58OBYCMF01TIOiWKWtBNWesqR84C0zZWH6NXNgSgbW1rOeUxSN9+MkTFHdrUxxr9klax1bji7WJzrzNNWhdV23qJyFUCnUBtPufwGa6KJQ1Y5MpS5gijnzH13GkOdRdoavEsiTgeXCxq64jX2FwhLmiogrge5rnNTGzFwqt3kc3OuHPxItkHzv0sXmcxWGkYPAn9ShUrXvlNPNLc/Br5+7XdcGgKVETLyvVno0eZKTTQ3fXeiuXFq/r4FXK1fVJdGpjpfKw6LgGnRe1fKSIeVL/8ydvZOFOknandg2hIHitYIPgeuVKT/SsLPzfA7rbhSCV2nrYgviv/GUumL1jj06rtrvLNTFEXBcXYL3nXRixK72XkeUZ+MOLUQmsr+0SYcBPj0O7NrOCjRBRNEhGLinoyYiEKHiJ9tTZpWI8oAwUZ8guRjz78Lu7QdZS6UxVc/H8ObExQq/cYUkCHsoOvQm80xf2pkmKYUW69e33YjXxSKfk5Bhq49/0eRPyh36mUAdPbUdap+l1KP3gu9fg56CpXGzM0KpPA0Crd9gnVr1INvMoAcrYhwA8wZtLhFqV3LS/s3giOvKpxgoF8FFUflpoWQ2nEYdhAstRnVkrc8VPaLXUKQ/URjHiyapvndxwAAAABAARYNTA5AAAFHjCCBRowggMCoAMCAQICEQDuaKmy9452uDaLdOLVW0iDMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQyNzEwMTQ0MloXDTIyMDQyMjEwMTQ0MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoTBUR1ZnJ5MRUwEwYDVQQLEwxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMTB2Nvbm5lY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEWm3I9dDvpF+wu2vD8WZhaNJxc2moXL6XvabHB+ZQhXGrFJ25PQY6+5XMDimheHWs+Vb0t+62pHrvKfVsZmDldAd1WgVRHfk29QuJQMk2k8kUJA/a1CVDh+daD7+Hodj86fJH1W6TkmIPyO7AanDCFlm8qijVjyaJU4s+rH7R52+kzECUrkJMnESiFLsD1Sd3/+WKAJXzW6PR4zC5bjbDUo3yQIXzNFkV8aF4aYhU5qcDWI0d+VyNDzDGQYAvDGcC5dhjdT27uaLxTbZg8WSjI2sda54z8OyoG9b0qN4AB3Ay1VWXHHKeH6/EbK31NTRn98uXUVmiX70ej+EmhlLBAgMBAAGjggEBMIH+MA4GA1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADCBvgYDVR0RBIG2MIGzggdjb25uZWN0ghFjb25uZWN0LmNvbmZsdWVudIIVY29ubmVjdC5jb25mbHVlbnQuc3ZjgiNjb25uZWN0LmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIITKi5jb25uZWN0LmNvbmZsdWVudIIlKi5jb25uZWN0LmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIIdKi5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWwwDQYJKoZIhvcNAQELBQADggIBAINqRb4iAE0vJ66Wvq+n3emjTv+PKNjmHn5mv4IGmubgWvoz4vLhmHxrfxHhYk81pZ5B48SWl9WyivmS523vSVrTDgjCI9Zawgblag8h+ZvxmkdkvD4M1r2gsyBaFhoERWGJb4mHvFovEtG9d9OL0ysGCpw67iOwYJf7xdPguw5oNLQVkXtzjUwAsSf8B89Rz+iisilBeGk+WzMDw91qhXb7CTFJ657400piFPI8Uj61Ua8tT5f41TojGY0Hf9DBSI9FsRtQWMmXAd1eo5jMJO2m8ui3CqEP0a/KQg/RB/v7iDtxaD5u9YYRpDf8l2UU+LmNKe7bfkhFH08uWkxSmrsMoG+8NqpJWZxw51pU5YuhZ2GZPmczQoYJsLyClUjd7+R4IpMJrjD0tfYYi4QtAjETNs3h4rIwNOXhFM1KQsJgJ0wVrYcGrLvYCiF6Q5IQUGU97Kj2jQUSk+kFEbk51jsg8HZuPREGB8IJ4X8bJOGptdc5e2i9NHih6k5U1VT7c1Ep7atWxjAY7mHNpfKyzxN7UlX223uE18jUptkGdUrcv4QN4oFmmak6+LWxFN0HQEAgKe3W/L5GUk4t+7KanMAcccr7bsPAs6D+gaJRAQlee6d+SuW2UWCIQEmjNsr0pIuNX5AMnwrpRnGiUoWt11i8EWuDo0cKfiM81l+I86HSAAAAAgACY2EAAAF5EtLmkQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGoi/Ja8QPuA/NAqzf3d5xdWvXJuUR - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZHakNDQXdLZ0F3SUJBZ0lSQU81b3FiTDNqbmE0Tm90MDR0VmJTSU13RFFZSktvWklodmNOQVFFTEJRQXcKUmpFTE1Ba0dBMVVFQmhNQ1EwZ3hEakFNQmdOVkJBb01CVVIxWm5KNU1SVXdFd1lEVlFRTERBeEpibk5wWjJoMApjeUJRVDBNeEVEQU9CZ05WQkFNTUIxSnZiM1FnUTBFd0hoY05NakV3TkRJM01UQXhORFF5V2hjTk1qSXdOREl5Ck1UQXhORFF5V2pCR01Rc3dDUVlEVlFRR0V3SkRTREVPTUF3R0ExVUVDaE1GUkhWbWNua3hGVEFUQmdOVkJBc1QKREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRUF4TUhZMjl1Ym1WamREQ0NBU0l3RFFZSktvWklodmNOQVFFQgpCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNUmFiY2oxME8ra1g3QzdhOFB4Wm1GbzBuRnphYWhjdnBlOXBzY0g1bENGCmNhc1VuYms5QmpyN2xjd09LYUY0ZGF6NVZ2UzM3cmFrZXU4cDlXeG1ZT1YwQjNWYUJWRWQrVGIxQzRsQXlUYVQKeVJRa0Q5clVKVU9INTFvUHY0ZWgyUHpwOGtmVmJwT1NZZy9JN3NCcWNNSVdXYnlxS05XUEpvbFRpejZzZnRIbgpiNlRNUUpTdVFreWNSS0lVdXdQVkozZi81WW9BbGZOYm85SGpNTGx1TnNOU2pmSkFoZk0wV1JYeG9YaHBpRlRtCnB3TllqUjM1WEkwUE1NWkJnQzhNWndMbDJHTjFQYnU1b3ZGTnRtRHhaS01qYXgxcm5qUHc3S2diMXZTbzNnQUgKY0RMVlZaY2NjcDRmcjhSc3JmVTFOR2YzeTVkUldhSmZ2UjZQNFNhR1VzRUNBd0VBQWFPQ0FRRXdnZjR3RGdZRApWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQU1CZ05WCkhSTUJBZjhFQWpBQU1JRytCZ05WSFJFRWdiWXdnYk9DQjJOdmJtNWxZM1NDRVdOdmJtNWxZM1F1WTI5dVpteDEKWlc1MGdoVmpiMjV1WldOMExtTnZibVpzZFdWdWRDNXpkbU9DSTJOdmJtNWxZM1F1WTI5dVpteDFaVzUwTG5OMgpZeTVqYkhWemRHVnlMbXh2WTJGc2doTXFMbU52Ym01bFkzUXVZMjl1Wm14MVpXNTBnaVVxTG1OdmJtNWxZM1F1ClkyOXVabXgxWlc1MExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDEKYzNSbGNpNXNiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWcycEZ2aUlBVFM4bnJwYStyNmZkNmFOTwovNDhvMk9ZZWZtYS9nZ2FhNXVCYStqUGk4dUdZZkd0L0VlRmlUeldsbmtIanhKYVgxYktLK1pMbmJlOUpXdE1PCkNNSWoxbHJDQnVWcUR5SDVtL0dhUjJTOFBneld2YUN6SUZvV0dnUkZZWWx2aVllOFdpOFMwYjEzMDR2VEt3WUsKbkRydUk3QmdsL3ZGMCtDN0RtZzB0QldSZTNPTlRBQ3hKL3dIejFIUDZLS3lLVUY0YVQ1Yk13UEQzV3FGZHZzSgpNVW5ybnZqVFNtSVU4anhTUHJWUnJ5MVBsL2pWT2lNWmpRZC8wTUZJajBXeEcxQll5WmNCM1Y2am1Nd2s3YWJ5CjZMY0tvUS9ScjhwQ0Q5RUgrL3VJTzNGb1BtNzFoaEdrTi95WFpSVDR1WTBwN3R0K1NFVWZUeTVhVEZLYXV3eWcKYjd3MnFrbFpuSERuV2xUbGk2Rm5ZWmsrWnpOQ2hnbXd2SUtWU04zdjVIZ2lrd211TVBTMTloaUxoQzBDTVJNMgp6ZUhpc2pBMDVlRVV6VXBDd21BblRCV3Rod2FzdTlnS0lYcERraEJRWlQzc3FQYU5CUktUNlFVUnVUbldPeUR3CmRtNDlFUVlId2duaGZ4c2s0YW0xMXpsN2FMMDBlS0hxVGxUVlZQdHpVU250cTFiR01CanVZYzJsOHJMUEUzdFMKVmZiYmU0VFh5TlNtMlFaMVN0eS9oQTNpZ1dhWnFUcjR0YkVVM1FkQVFDQXA3ZGI4dmtaU1RpMzdzcHFjd0J4eAp5dnR1dzhDem9QNkJvbEVCQ1Y1N3AzNUs1YlpSWUloQVNhTTJ5dlNraTQxZmtBeWZDdWxHY2FKU2hhM1hXTHdSCmE0T2pSd3ArSXp6V1g0anpvZEk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRREVXbTNJOWREdnBGK3cKdTJ2RDhXWmhhTkp4YzJtb1hMNlh2YWJIQitaUWhYR3JGSjI1UFFZNis1WE1EaW1oZUhXcytWYjB0KzYycEhydgpLZlZzWm1EbGRBZDFXZ1ZSSGZrMjlRdUpRTWsyazhrVUpBL2ExQ1ZEaCtkYUQ3K0hvZGo4NmZKSDFXNlRrbUlQCnlPN0FhbkRDRmxtOHFpalZqeWFKVTRzK3JIN1I1MitrekVDVXJrSk1uRVNpRkxzRDFTZDMvK1dLQUpYelc2UFIKNHpDNWJqYkRVbzN5UUlYek5Ga1Y4YUY0YVloVTVxY0RXSTBkK1Z5TkR6REdRWUF2REdjQzVkaGpkVDI3dWFMeApUYlpnOFdTakkyc2RhNTR6OE95b0c5YjBxTjRBQjNBeTFWV1hISEtlSDYvRWJLMzFOVFJuOTh1WFVWbWlYNzBlCmorRW1obExCQWdNQkFBRUNnZ0VBUUQwWmg5S3NQWXE0WjdpWmhDeDVBMHRvOWdiOVBVRENkaUJzN05hdnlnNHUKWnZ0Q3NyUzlVaFMzS0dCRnpIYjlnTTYrWFNmRDZHc2RjUnQ0R0xQUjVaKzFSUFpqb09zK2VuVm5CY3QxU083RwpyVmt5K3JQSFVUV29RZlcvQXArM3Z0N0hEaXRNbHVrZ1Bldk4rSk9hT2xWWG5IckxDenRmTHpSdTdOMUFUR2xwCmtIU0ZaWFJLN1daNTNrb3NrVEhVUERBbzBiclNuVjFReXYxcFFKcHRYSGVoeEphMWxyVXdEN2ZKS1BkOEptSDcKTFRza2RJbWFPZ1V1dk1YellvWlpETGhPZ3k3WUJSTDdrZk9aWlI4K09OaVhNOFNWTFFZdFpaNEY2NzBxR3I1UApLemxpVGZrT0RQMkFoRG5FK1NLdnFNUTRyL1hhUDh6SzdmZ2hEODhVVlFLQmdRRGZmM0NNSXgvL0ZyR05ka3JZCldsQ3VsQXptNE1GTjhJQ2NVRDJJUkhTcDJ1c20xU2t4TkJvYmlqQ2ZSdEtITTByVjltR0JWS2VnYXEyNzJ0a2QKNStoR1JkZ2pIaGRiL1lTQS9vbTAwUVlUSkcrak5ubmVlNUY4YXRFRlJFNTkzdm1PN09ZTnFmYlkxblk3V1lUegpPTDNIb2tWUFc1blNuTEhYTmVoaFZBYzd1d0tCZ1FEZzZHMi9ZWFBsSVEybDRwWG14dWlMeDJXRlM0TTIzUXNTCnJhcWZRRS83amY4TDhHczZ2NnFWTER6aWhVR0FwampJSGYvTk5zdEl4dXJacDlzK0NQeHIzOTJXa1dzckZ2M08KMzFOaTVmWVloNFFhMnV4dnQza2RwSXJKS3EvRk9WaStRbTREMTNqU0J3c2RwSThNOUZNZVc4c0tOKy8vK2RXbQpFZUdyV3ZROXN3S0JnQ0VDQWs1QUZjYW54RnMvSURpcHhnYXlpT0ZFU21oSFg4YzJOcEE4Zy9wZUFhSy9rcERZCndBNVhMMjBtbVlzc01SNCtnQklJdmFUOGZHSWxKVEc4Z1ZwM2tEOUhmMjJ2bUhVd29vZlk0d3ZLc3M0cENvQ28KUVVsZHdUY0U2bzYrY3A4QUw4M096MDBoQjE4bWpuTVphelhqcWxiWkVYUEFmcWRwSjhQUUZDMW5Bb0dCQUtlOAo4YzBnYzMxYUQ0Rys0aW5DQThIc0xzMGhLbldLbWkyT0ZJaTlRR25PMTM4aUNmZEE1NHBsK2VxL2s4RE5OK0FZCmI2V3Z6aUV6S2dpMjVnNzRTTHB6dGlJTHhxL1diK2tRS25MQ0s2N1RzelVNUGZaOEVmcUhzM0toUVlLSWFLVk4KaWh1WFltYlNGZm8vdHVqa2QvRldhTEh3VWpESk5neXJuWEZkWG5kOUFvR0FVMlMrYTQ1U3JGK2x1azZ1bE16ZQpDQXpYQTlpYTF4cm00ZERrRjFMRUZXdWN1WndvZEhhYWVLMDdDVzNzVHFRRG9aRjA0ZkY4c2dBc0M1SitJYU1mCngxV1ZsQnRiOHpyYlFXeG03dEV1NCtWbHFkZmhCNXZmV3JFT3crWktIOEYrOUpzZHVmNVlPU3pBbktzS3pZNjEKTXBReGtpOEdzSWdIc3F6VGpNT1k0bkE9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EtLmkQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGov70Iu1X2a5v2mcMWU/txGnyBbwK ---- -apiVersion: v1 -kind: Secret -metadata: - name: controlcenter-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRGl6Q0NBbk1DQVFBd1RERUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhGakFVQmdOVkJBTVREV052Ym5SeWIyeGpaVzUwWlhJd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDdVFDUmV0Z2pyY0RYa3RuSU0vM3RWejVzM2xhTG4KTHAvWXlSMGZCVkZqd2FvMnFsRFNId29uUUJPQWl0VVUycmpjZEV5SEtUZ1Nrby9zaDdnR0ppTzZSOHdDVTJwVgp6T0NOamU1UFB2N0t3cmZsMXh2QmY1TUtzc3N4dFFPSStybjVQUFVxZU9YRDh1QXFSRXpLUTgzVWlOVFkxU3FPCnFWRnV1bjJQamIxQm1DWnpobXRMVTFseUFVRndvWXo4L2xnWVBGZzBlR2hnUzdwaERPb3Bkb3JWOG1zMDJDNzgKVWc2bUVEa0p1VVY1SXdzQyt5citNejVrdldMNmV1WnI1YVZQVVZGN0NiMHdDdDN3TkpOZWlaT1o5NHdYOFJDaQovam1IekIwU0hXUGp2UnhFbXBCUFhqMFgyRXhXdzhXOENrR2o1MzdQV25meUVGSUwvM1FIWDlGN0FnTUJBQUdnCmdma3dnZllHQ1NxR1NJYjNEUUVKRGpHQjZEQ0I1VENCNGdZRFZSMFJCSUhhTUlIWGdnMWpiMjUwY205c1kyVnUKZEdWeWdoZGpiMjUwY205c1kyVnVkR1Z5TG1OdmJtWnNkV1Z1ZElJYlkyOXVkSEp2YkdObGJuUmxjaTVqYjI1bQpiSFZsYm5RdWMzWmpnaWxqYjI1MGNtOXNZMlZ1ZEdWeUxtTnZibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzCmIyTmhiSUlaS2k1amIyNTBjbTlzWTJWdWRHVnlMbU52Ym1ac2RXVnVkSUlyS2k1amIyNTBjbTlzWTJWdWRHVnkKTG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJZEtpNWpiMjVtYkhWbGJuUXVjM1pqTG1OcwpkWE4wWlhJdWJHOWpZV3d3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUJYcUNUQ3owS2tYUzdya1dOK2dxZ1RqCmY3emp1Ujd3dTV1Zjczcko4ZnJ2c0h1OTRUajBQMVR6WkhYbWU2c0lOVXVNOEdhZFpSV1EvejlSSEJ0K3hoN1MKZkdqTmIyT01zOXRneUcrTFhjQno4eXdTaVdiK3c5bld5OW9xa3pSZzRrc2dpUGV3TnNTRGZvb1ZlazNHaVBnZgppT25rRGR0L2piVmdySzhjMkVWWE85UHdMVXdPNXNUcVpFaTNKdm9TTlpub1FuWlBxRS9qY0l2eGJWQjhmbFRzCkQwQjFUUU4vOXRjYjlpOVpTZXBQT0FBNmlZZjV3NE12YWpZRUJsODhjNnZldDdXVFIzRFhFWndzVWlMMnR2WXgKODJjTW4rWXU4RldWSWhsb0hONkxOZFFyRWNUc0ZTNDF5N3JuelBST2oxQlJZWkw5N1FxemFsVENUQ0lIM0pBPQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EtLheAAABQAwggT8MA4GCisGAQQBKgIRAQEFAASCBOiTZtkqHXnlkp0RFUJuhZVEdAuzrThfEE+7q+s+B79Pzvj2IXKtecntE44mxdcJgSwV95iKuQC7Js+Jku5hpWdS285ADZ2i8s/DdYaBy+aeZijQ4sXfx9dfzBD5cUXJUj2ZfzuPnMedm7teAWhdxt1Xqqe2MNHwqiANkjQ16OOuoNcnpJpxZFnzlHktMENLkLmErGjs3F/nwC1n7fxh0cb3AiI1LvZfbc99bfY80sBi641Fc8b10Gg+wp+TrlavC4WJEhFEAy+semupK1OakM9agOKiZY0MzEWfE5hZw7fYaGctyySa7BFu9kCl6KsGu9NENTEn/5kW6FLp42PbOOfMhJ3ptMIJ7do0gKKfrTu6xaZKHOwLC8oWjQjhNT+ylvs+74cdGCfl53cQF5ImyU9/Cx3XWtauzDQGn5ghwHn3Fk6FhIfhhgSQ3yitfOxpnkeZexkdd4pVRWHIFc/W7U0SDv7qNibih4I0IZFZod9iqDi+SW2krsNSyP1R8dmUKwpUGs5mJjqiq7s9mj8Y2LLs3PR0fm/I1M8IjyvA/Em74HxuWYLEiggqc7921CmLL+2G+gZk9Fji2YDR4llaUtTUHLpyeuIqGXH0UJM2C/5ZlQx2yfC6RJHb5SOT60mrIeeygxaLl/HQ8pcfCYiyb1qtG6mpkYY54PRaJtx1dKAW3qo1B8o3nmkuAQCH8dWBGs5n6IGqv4W7oejfQKI5rDlTJLiBgQ1HZ+JGkdWRazdMPn4CQ2gVKJ0cK25cZdCgTWG7+gWAwL+X1kPpEIG2AvK4cstU/6CbF57HjQhwFSGDxV2mQtVIY79BrLDtOw3pxqJuT5ZLArM8CMAUYZOwggHB5OnroCrNyZYTw6hJctYiG3+Qb1Ux87sm8HYgiq93qQorNZfj/rEyd0L5oTOHbTgET4FfwJ2IxBRHHm2ezOOazc57g7PFTFhDZ8EO2s0H/QFSEpvB0lAaobIMhtclAV4KjUZqJvMujlk+svYfRh4U3umJLpgpqaTWXv8TMq6PZVp/wh+nD6c5fttednxaM4MST4z27T/dwszK8k1MB04S+B3UUv2WphOe59Kf9m8VLM1E2jgnOgjGBPNhb3ym1ScGP83pcQc/5R+PPPg6fLzyAUTi1GwOjmPqLOpqKUuG1H7lLbeK0RC8eP6X1hZEt/INxiEs7S0zb6M+tPcZAQ7De5M2D5vg4x6LCWWIZLmsWDCwgTyKaYTJNr87mAhQwmD94M1QVd6e6I6+28oHxMX2z0XspGmfGs0ZH/u40GcD+GDvvEhiaB5p+YW6I/h2/AvQbsyWBzqWAIdDci7dqibeY+8hCUhquUnWpZn6bG7RkjgC9KATBM+wcE8ai29ux5/mNkLdR+P8ffl7wqmatV3qMSkvMdmXvaeFutKLVaWySYdOshooZTh/Maf11J2jjxtneksaWFAa3/eXUOiFdg0J2TpVdAMvC1kVcovrGwPwW0yNRqv50SB6QN2bhwowvowKrq7Z36ApxJZT5OzN91OfoTmOo5fcYSIIwEDmj9EOAAZTVk/lp6t8qy8MxxerXEUv+XEJMxIAra5PCkuusF/d/dUqRXWMVvDcSUFS1TKidwBGZ8a8r3eM0EKO8smYqeDAC91pExwsijc2Drk7JVrBlWBvn2nRAvqZlNsxlL+Noau9vl4hiPOT1wAAAAEABFg1MDkAAAVIMIIFRDCCAyygAwIBAgIQe6p780NWXWQRaDGqpdbG2zANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MjcxMDE0NDBaFw0yMjA0MjIxMDE0NDBaMEwxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKEwVEdWZyeTEVMBMGA1UECxMMSW5zaWdodHMgUE9DMRYwFAYDVQQDEw1jb250cm9sY2VudGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkAkXrYI63A15LZyDP97Vc+bN5Wi5y6f2MkdHwVRY8GqNqpQ0h8KJ0ATgIrVFNq43HRMhyk4EpKP7Ie4BiYjukfMAlNqVczgjY3uTz7+ysK35dcbwX+TCrLLMbUDiPq5+Tz1Knjlw/LgKkRMykPN1IjU2NUqjqlRbrp9j429QZgmc4ZrS1NZcgFBcKGM/P5YGDxYNHhoYEu6YQzqKXaK1fJrNNgu/FIOphA5CblFeSMLAvsq/jM+ZL1i+nrma+WlT1FRewm9MArd8DSTXomTmfeMF/EQov45h8wdEh1j470cRJqQT149F9hMVsPFvApBo+d+z1p38hBSC/90B1/RewIDAQABo4IBJjCCASIwDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMIHiBgNVHREEgdowgdeCDWNvbnRyb2xjZW50ZXKCF2NvbnRyb2xjZW50ZXIuY29uZmx1ZW50ghtjb250cm9sY2VudGVyLmNvbmZsdWVudC5zdmOCKWNvbnRyb2xjZW50ZXIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsghkqLmNvbnRyb2xjZW50ZXIuY29uZmx1ZW50gisqLmNvbnRyb2xjZW50ZXIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2Fsgh0qLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAt74y12o0HShVLd+8HrcR3RRdA5U4JvD7MaoYGEZ/dqGpPzmlMAzp5VsLgfvuHkZlQozi8Je+xzj8N+67N47G5liPFfH1ezh8/K9M+42sOR8YHjwuldOwIyLPQO5fBrpafyte7ojac2R10jWhv/4E3r86k3a+OijnJ+QpOHRKEu/JFanLuXigWnJ685G06otcRXmLxKNBQLg/7TJcUwImVic3kxC8x77hmWQDKuUIAeYBlofeM/iHVXadVaYNPUw10lBcljOl4vaiiFS0O4XI8A9XdTatm8FQOvNGLOPSlBtmg5mIOCm16n6o8LY4rh96WcuU5S01YsE4D2dDfqz+knD2RMKjO4Iksc/nwQS2eHHV5AhLXEKzLR8N8bbORftXFz72xcYWytyPEz8WC2nX6L5xT6mq8wtAJmHXM4w9Dbt6tSrSAWovozlQibAMdmFsw3ERZUypfPkso5g88VAtbQApT8merCyXy+eVIK2NUMgLT18qfZXw7h5nxqwDncdKxvDns4MUIMwV9OHGHa0GPzzxJ6k7DO7/gQxt+h/ldwqOEIr3msn+IQ2D1WteYzYLNTUttoHz418q9ynJ69w0czEVVdauUD35kpA8WZeqEfqqjpXyhSx5oBt3S0WfKLc7HuoMDsV+92oDNb2VTxpC8ZAw5ot9+ECJRRXGOfs5mXkAAAACAAJjYQAAAXkS0uF4AARYNTA5AAAFDDCCBQgwggLwAgkAwCk1qRAIiMUwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDE5MjExNTUyWhcNMjQwMjA3MjExNTUyWjBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALrJQmV40plWUHCZwtWRl0mRqY8RifLa6YrhemNh4GlpLT7D97hNxlc477QCZ8+9HKW+KTmRCt7t1vjbkC8Pl5Q4uVx8g7knCyMhr9SdWJnkkVQEOIwl4QYqjUKsvtWGgCaZdiJ7CtRcJVoguGaB8H8gbFeuTx/L4gNh3KzwWoS0rHAYGCeJDKQRY13OnhMmVhTunmDf9xm/Cpk91YYAXQ8X65V66ScA4wLlllmmdYMbDW3uHdgTF0XIwBsE8zm7QahAq6myjbcylSzZAqOVTtknSFpovcfaA/nqabjzrzKK5zXd9m/ClsTy7nD9WXIYa3MBjlkmBJITayw4aV/rSlBTOHehBnRL+MgOICMeCTeDLwWuqJzOR1Jlxpr69DpAZ27Iv2ZO+3P45g5C+d5/4xtVeQUd5C57dOIeMYcoiuiEzZjUeRzUnZc4Sk/6nZ3qiGKAFSELxwv8FANwfgd7rq4ba/WunC2L8mvVgQDSYEAy3Elw2uswZb2j8+17UTmjCpGOFOhQp9K+2tdq9eeAmFsI8ZGDeK+3m8cPcIFWtBpERbDBlRGf7wogeKtyx77QLuJkWAW9bKzGdeX1E59A0J+US+uRcE6bdQUX4lB4V7jVkQ83asqEXIoT9uWE1j3MluAGRhbLUwmR6Cv7EkuvvxO81Zb7d2Sq6cl4TTSN0Bt7AgMBAAEwDQYJKoZIhvcNAQELBQADggIBAHjqFcAFwJKPlw3UXj6LrzXR0RhTRKuux/9BfcggprOXe4jFtV+XWt+7pGHt0wljGBT+idhxgXWy/CGaZ66OLNiDx9hM9FYGmPeTeogZGRHQpT7IRinK5RJIHggOYAPiCtvKZfTlybX9lOAxi9CwBg7p/O/sDy7g0VZKeEnRM1WBkccuWNCIrqGIqc6Y9QCexPYN7pcBpFp7djaf+6WjcAJhA94PyByHcsN38lWxyYD47BbEZ7iyYIcCrPeVj/dn2oCWJ7qI+kU6OG6Os+s9cGL0M8s8U9ZqYE4ZtBcqkjnsrifn/rXLSW53OmnzLXpaAyiQXwDzQze3LkPGoGo+0XKpCip3TjzqsWfxuk8qkdTA0IOZgZW1le3o6AQEMIZ6Oq/HzUXo1VZpBGexfgSxklidsTxsBnBB7qA77QI0qFZaxC0kVYzilDBcIk/YO1gK5XZF1mGcO5834n76NyoS42JjlmSoc5OPvDZ8mrJSOYwk3r9MARASeV8I/JnvP8StzLv1UI8yBjuWx03E31zgmXHUE0COuXwPMg4nVu2T9g5+MjJOJqyIxsbt6o/XWsSob7wgDoW8ck2Xwm3ItW1hFOaHIU7u3LAV+DJWJYWKc4rbH8p3chWi/Vo1/LqeMvdD8Tjt0gpbdJZbX8vzVxwmWY+enJiqehXLXJT6IqbUyEaiPXVyKsVc0eiKICOAM4IvZH974W0= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZSRENDQXl5Z0F3SUJBZ0lRZTZwNzgwTldYV1FSYURHcXBkYkcyekFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjeE1ERTBOREJhRncweU1qQTBNakl4Ck1ERTBOREJhTUV3eEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1SWXdGQVlEVlFRREV3MWpiMjUwY205c1kyVnVkR1Z5TUlJQklqQU5CZ2txaGtpRwo5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBcmtBa1hyWUk2M0ExNUxaeURQOTdWYytiTjVXaTV5NmYyTWtkCkh3VlJZOEdxTnFwUTBoOEtKMEFUZ0lyVkZOcTQzSFJNaHlrNEVwS1A3SWU0QmlZanVrZk1BbE5xVmN6Z2pZM3UKVHo3K3lzSzM1ZGNid1grVENyTExNYlVEaVBxNStUejFLbmpsdy9MZ0trUk15a1BOMUlqVTJOVXFqcWxSYnJwOQpqNDI5UVpnbWM0WnJTMU5aY2dGQmNLR00vUDVZR0R4WU5IaG9ZRXU2WVF6cUtYYUsxZkpyTk5ndS9GSU9waEE1CkNibEZlU01MQXZzcS9qTStaTDFpK25ybWErV2xUMUZSZXdtOU1BcmQ4RFNUWG9tVG1mZU1GL0VRb3Y0NWg4d2QKRWgxajQ3MGNSSnFRVDE0OUY5aE1Wc1BGdkFwQm8rZCt6MXAzOGhCU0MvOTBCMS9SZXdJREFRQUJvNElCSmpDQwpBU0l3RGdZRFZSMFBBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNECkFqQU1CZ05WSFJNQkFmOEVBakFBTUlIaUJnTlZIUkVFZ2Rvd2dkZUNEV052Ym5SeWIyeGpaVzUwWlhLQ0YyTnYKYm5SeWIyeGpaVzUwWlhJdVkyOXVabXgxWlc1MGdodGpiMjUwY205c1kyVnVkR1Z5TG1OdmJtWnNkV1Z1ZEM1egpkbU9DS1dOdmJuUnliMnhqWlc1MFpYSXVZMjl1Wm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNnaGtxCkxtTnZiblJ5YjJ4alpXNTBaWEl1WTI5dVpteDFaVzUwZ2lzcUxtTnZiblJ5YjJ4alpXNTBaWEl1WTI5dVpteDEKWlc1MExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDFjM1JsY2k1cwpiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQXQ3NHkxMm8wSFNoVkxkKzhIcmNSM1JSZEE1VTRKdkQ3Ck1hb1lHRVovZHFHcFB6bWxNQXpwNVZzTGdmdnVIa1psUW96aThKZSt4emo4Tis2N040N0c1bGlQRmZIMWV6aDgKL0s5TSs0MnNPUjhZSGp3dWxkT3dJeUxQUU81ZkJycGFmeXRlN29qYWMyUjEwaldodi80RTNyODZrM2ErT2lqbgpKK1FwT0hSS0V1L0pGYW5MdVhpZ1duSjY4NUcwNm90Y1JYbUx4S05CUUxnLzdUSmNVd0ltVmljM2t4Qzh4NzdoCm1XUURLdVVJQWVZQmxvZmVNL2lIVlhhZFZhWU5QVXcxMGxCY2xqT2w0dmFpaUZTME80WEk4QTlYZFRhdG04RlEKT3ZOR0xPUFNsQnRtZzVtSU9DbTE2bjZvOExZNHJoOTZXY3VVNVMwMVlzRTREMmREZnF6K2tuRDJSTUtqTzRJawpzYy9ud1FTMmVISFY1QWhMWEVLekxSOE44YmJPUmZ0WEZ6NzJ4Y1lXeXR5UEV6OFdDMm5YNkw1eFQ2bXE4d3RBCkptSFhNNHc5RGJ0NnRTclNBV292b3psUWliQU1kbUZzdzNFUlpVeXBmUGtzbzVnODhWQXRiUUFwVDhtZXJDeVgKeStlVklLMk5VTWdMVDE4cWZaWHc3aDVueHF3RG5jZEt4dkRuczRNVUlNd1Y5T0hHSGEwR1B6enhKNms3RE83LwpnUXh0K2gvbGR3cU9FSXIzbXNuK0lRMkQxV3RlWXpZTE5UVXR0b0h6NDE4cTl5bko2OXcwY3pFVlZkYXVVRDM1CmtwQThXWmVxRWZxcWpwWHloU3g1b0J0M1MwV2ZLTGM3SHVvTURzVis5Mm9ETmIyVlR4cEM4WkF3NW90OStFQ0oKUlJYR09mczVtWGs9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ3VRQ1JldGdqcmNEWGsKdG5JTS8zdFZ6NXMzbGFMbkxwL1l5UjBmQlZGandhbzJxbERTSHdvblFCT0FpdFVVMnJqY2RFeUhLVGdTa28vcwpoN2dHSmlPNlI4d0NVMnBWek9DTmplNVBQdjdLd3JmbDF4dkJmNU1Lc3NzeHRRT0krcm41UFBVcWVPWEQ4dUFxClJFektRODNVaU5UWTFTcU9xVkZ1dW4yUGpiMUJtQ1p6aG10TFUxbHlBVUZ3b1l6OC9sZ1lQRmcwZUdoZ1M3cGgKRE9vcGRvclY4bXMwMkM3OFVnNm1FRGtKdVVWNUl3c0MreXIrTXo1a3ZXTDZldVpyNWFWUFVWRjdDYjB3Q3QzdwpOSk5laVpPWjk0d1g4UkNpL2ptSHpCMFNIV1BqdlJ4RW1wQlBYajBYMkV4V3c4VzhDa0dqNTM3UFduZnlFRklMCi8zUUhYOUY3QWdNQkFBRUNnZ0VBZldHd0NlcG9McWsyVGxVdGFjYm53MDQ0UE4zU014RXNlYnYwMVY1cE95T2UKUytsdmNGSmZadkRIVjZZT1B3eEhHbklnb3R6NCtQdzJ6WmEyeHMzb3hXQm1Ib0pSTUYzVWNtYmZSR3hxd0JFdQpiQmJGWlExY0M4V3RTaDRhNWhTcmZ2anEzRjNUenBSVDBuWUUzMEc4dUtLZ3JVbHRidXZNcWFWTk5kOWlmL0JBCk8ySWYrOFZORWw2TmZvQng1N3VHanFkVGVKak5lRGFuKzhZU0phRGdqZ1hOdGNtOCtEZHB4T042ZURFYldqZE4KWE5XS0FFSm0xaG9qNjZwVUNrYUlEcVFEY0ZLSTBJYXhUcVZPbXhkT1Bybk9Jb2VmVzU3U3NHUE91Vzl6NXBHVAo4MjZ6Tk9pQTZtN1E2S29ETHJxbENDUHNMSVZ5OEhTN0pEL3MybCtrR1FLQmdRRFJGb3NacVUrb3E4aE9ySTBrCmZPSFN4dHJCd1BSSkJscDZoN0M1bTVlZmZRbkM2Vk1TVTBMQnRIUzZ3UWJnczNMOFIvUlU3ejlWZ01HWmN3QjIKV0YzdlJYeU1PaU1nQ0hzVWxSbU5laWw5cG9jeGNQYmxpRFhsYnNveGVieVh2eCt1RTI3bVV6VXhuSkJEVGtkeQpJZ09BUUFhUUUxV3llNndTT1hxajRqTkpYd0tCZ1FEVldLQkFPVUxjQS9iOW0xRHVKMGVZZ2QyR0RwcytLaGFDCndWRHo1cmRobkl4VDlST21CeDdPRUN0anBFN2JIdm1hSWZ6TFJHMnZhMzBpMlNhOWR0VnhSYjg5Ym9OQWlvQisKc0NSMDZXaC9sUGdFZHYweXZHdWE1YldTSDdtUXR4Z2pLdkM2RW9HZXZCVytBRFo0b2M1K2Mwa1VlT0Q3cHVvMQpuemtQajdXQlpRS0JnQXh2cE5KZjZhY0VvS05kUy8vUmxiVHRzdkUzUXRCZEdtQ1RWWVdVcFk0TTU5bTUrd0RxCkJ0eHltVWJLV0ZoaEZBUEJXOXo1WmZEMStZM2c4elFXeVcrRDJJYVdwcVF2SFBMNmMweWc2WHJadnN6SUJVZGQKdEtieTBmL2pWNzVHMWVHS3NsdnNzd3RDWHFwQ0s2bTBNRFVlbWNWVUFSTGVuRHR4UThRZm5pRk5Bb0dBSUdxMAovczAwa1lXd3M5d3pzZHdhRHR3OHNxL3Blc3FlWFFQT3J5Q3hZSTJPN1ByaUgyb1pqaW42emNzYmlFUHVuVExvCjNHSHJZS291ZTJzUGJkNXVsQ1dLNTJTeFlNOHFzeFZFbE5jYVg3aGM3eUM5WEVZdyszcEgyb29qZ2crd0JUZnoKRi9MVDZ6Q2RCUiszSnlFKzVRdlRZTjcxSUllK01xT2M0Zlp1RjlrQ2dZQmVVckIwTWlCSHRYTWllTS9uZXVmYwpqYjl5OGRiSUhDTmtuVVRRalZFZDJvSmJvM0FzRklLY1pxc1crSENQN0xuem5aNGpDM2JWakZqQ0laOG1jTUx1Cm9PNnVDV3piUmdYK05XRXhaYW9pRTFUZUlTdU40QkdiczBORzQ4VjFHSVo0V21mN3ZGbUVNU3F6WTJ6YWgweHAKWnBwTGdweldmK0pwdDEwZW9BeUNjQT09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EtLheQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGogKOqbvH8v+lhm8jipCdQ4N7IngA ---- -apiVersion: v1 -kind: Secret -metadata: - name: kafka-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRFV6Q0NBanNDQVFBd1JERUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhEakFNQmdOVkJBTVRCV3RoWm10aE1JSUJJakFOQmdrcWhraUc5dzBCCkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQWxnaUVnQUszSDY4MXBuaGtmaTV6YURGSC9jTVdOODd1TVowQ3dBQ1YKOEsxcnl2YTQ1cG9heWlyeDBrSTFxKyt5VWk0dkRvemQwY2NsdXJ6aVNyU2c0SHFTSUxsSW9UZ0p6aHBkdkVMOQpnMkpRVkxUeGZGSTNneTZyMG9uQlU4TTRTSlI5R3JONUhzUDNxYVYzRzdHOEJnS0FDbzNuK283QThtRnpLUzhICjJubExMbHNzalRuY0tCZHlWNzF3NFpwa2I4V0h6VnJyWUhMd1VMSzhwekVOWjYwdnhMalorQnp1R2I5MDNYVkoKdmVpQkw4M2JVRUp1VjZNSzc1S1hHTUkyKzJEajYrQTVUaEpGdSt6M3FDbGZLOFJpWUhsSjdQV1g3d0pwOVp4Twp5TmlPUThYTzM1RmZ3N09IQklETmNWWWNkNHVIN3pTcUxDdnczeHBtekVJU1RRSURBUUFCb0lISk1JSEdCZ2txCmhraUc5dzBCQ1E0eGdiZ3dnYlV3Z2JJR0ExVWRFUVNCcWpDQnA0SUZhMkZtYTJHQ0QydGhabXRoTG1OdmJtWnMKZFdWdWRJSVRhMkZtYTJFdVkyOXVabXgxWlc1MExuTjJZNEloYTJGbWEyRXVZMjl1Wm14MVpXNTBMbk4yWXk1agpiSFZ6ZEdWeUxteHZZMkZzZ2hFcUxtdGhabXRoTG1OdmJtWnNkV1Z1ZElJaktpNXJZV1pyWVM1amIyNW1iSFZsCmJuUXVjM1pqTG1Oc2RYTjBaWEl1Ykc5allXeUNIU291WTI5dVpteDFaVzUwTG5OMll5NWpiSFZ6ZEdWeUxteHYKWTJGc01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQjJ2UEhDY3RrRFVORlpiUi8wcTRGM055QXc5WEVOaThBMApwQWNjamtmc2k1bnRWY3VBVGwvWmoyMlhIc3RxdjB5Nm1MMC9TdjZmK0dRdFUzOEdCVnhXS25tOVhlb0FVSjJQCllhRFdHc3Z5aDQ5a3NYZkhVbnhxTDJOZEdKRWpqdlJTNG5xMHVwQTNtUU4remdpd0VHQ3FEanhZK1BxUUZ5YkwKWHJGbVJBUUR2SzNLcFlmZENOOFZ3bzhwbUo0a3JiOUJXRTFNNmNiQUZUUFRMT2E0VTBaOUdvcVRMdlBiT2dqcwpBUHhwejZSeHJXR3VnKzQwb1VLL2IrK3N6Rjk5Vm9ZM0s1SDcwTEhVOTVSaFBVbTRFakR0eTVDVkxEVnAydTZJClk1SERReDZzVmhlQ0xpcUdydUtka1lGQkU2NUJKOTRFdERnTHhHNi82bk52SVpBa1NidGcKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5ErDMNQAABQIwggT+MA4GCisGAQQBKgIRAQEFAASCBOoBANW4I6IZvIFa4JaoHzuQDlcZg91sQNAv9fhhDGtSf/AddlKCI0dgPljcjVPQFGXpe4vTMoec3twlAisp4gDZVpJAKaV3UMmANK/f8f6Nit2CHVebzNk+G4t3m0QA+4p0hvv36DeMknzyjp+iWvuJAAWPNQWRYCY+Ph7jjXXyjwIynY4e2GgM0Jb831kJds47USnHWAoyVNs+eEmu7HpbU4RlfgxNA/07J52r0x8hzPucAnjOujaAveJaDiKmnqdJT0j5iKGIisKdtc2RQOrTJRLr6tHqu0kHuP8c77M3LkFaNMTex9MoGh/SmCccHOmR20DAUCm7Xn6KQVXqBeGQTZZfBUbMA4VXJFXQF3YmncwERupjT50nUpFlL+hMAWww4Tl9UolaVp+GrR+j6l+yfaCDkbBFRUDXZOO/+IedN7agBn+YvpK5VV6Ak6Vuw/wXxBQQdrhxX+h8c5Ka4h/ELblCYf0A4rsZaAzpOVSbet0nBWD2uE6ERsdHjpzWyOtr2nyfI6dRrmGRYlcdENy+XSaaRpvhaiRUf5DUwSG8w7On/FDJrbvRuiyJRCJh5U25+wUUD3veDcEMqbIZ0cC1ISvg4bS0BMoYvVga2m4xlktEu5cuMut1rdRmHwDyofcg7geULxrZfvtKDx/OXcuSr/ag9oXhN4z+jzbE0+tKWiVmghgm7uDTaIjl5LnuxauIBuPl0kk2+tGqBrKcIyMbboZHfH0Zz4w6cZ93ediXfJJ9+mKGIFV0S5CCzzbaSr+t9PKtdnaLdkWLY3dyr50o0zyeizX8XoswTZ+fKd8ZZOnxDXm6NVkxIJUJZOyJtV8siJm2eqih3k0ujkzutlZYUAGkGG6BIQHjjyENXUiNhlRUsMYDniDSqrRT8vDrhgRqQk1U14cYb53WbGMwCJd6zicD1TiTzmiwriH5egYdEg7/uNbMdFZ3u1WvpPO3av1fDkL7CUWosIDY3RXFyK2tafAI4uGSnHZ+NV9kZ9RA5KcL3HXs1ZQNRFRq83WxCsAS54AbEJHyt1TZvmooD53J9mVQZDChW37pB/M64zXMSVeujB+vSvupVUQVQ1i3AsPbrujp397H3ShUdBUg5mcTSV8i9noxoYq3TRO2d+5GnmqhOM0h9lRWIA7pn7TBOyQQfx+NPmi1BwMqKCCT4UXS11FLmAZiak7nJVKgYrDjD2y+KU2o7cTbyDXfj8c687rk8haPy6Pfly+bwzs06lWYxxVEFDWjQkjwAtSMU3P8yc+TCi+cO487z5UaSBWoadFFQuSliKx5jaqTRNL9+0Riun9TYY7+CLXlAvLSct/QOE4ivONmAObOlMq9Oq3bqWmtlJ0VoX1X7eJV6dVRyugGiLaC5qrtBq3XWScGlKqTRRtQ1VJx71uz3YKi4JUqVbJmUpabtWTStxaolWJqiqYxqu8FEFbPOn5ft8koOWDP9oVJgXQ8oJiW5hXJ7OF3pxPlg1LXTJGanU1Bcy7gYt7pzQhYAMb2EEDGBl5i8v5Q52nIGhZowPybCp2+GIGj64MQfnUrg8NAAHejmgrm+TCcWtZhNsqA4/UZejLsq+LTWUsjrVVRCHSZTPUDtGOdTJdtDQW2ewfNQW3tDZEYBgTZy5rYrBM/ONzFQ+FtEWIw0AfSeBwyvuAHSjLK+qa81s2LMy72ZNnbbWcHAAAAAQAEWDUwOQAABQ8wggULMIIC86ADAgECAhEAw0UgqDhhKhtWERN8lkh/mTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MjcwOTM3MjdaFw0yMjA0MjIwOTM3MjdaMEQxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKEwVEdWZyeTEVMBMGA1UECxMMSW5zaWdodHMgUE9DMQ4wDAYDVQQDEwVrYWZrYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYIhIACtx+vNaZ4ZH4uc2gxR/3DFjfO7jGdAsAAlfCta8r2uOaaGsoq8dJCNavvslIuLw6M3dHHJbq84kq0oOB6kiC5SKE4Cc4aXbxC/YNiUFS08XxSN4Muq9KJwVPDOEiUfRqzeR7D96mldxuxvAYCgAqN5/qOwPJhcykvB9p5Sy5bLI053CgXcle9cOGaZG/Fh81a62By8FCyvKcxDWetL8S42fgc7hm/dN11Sb3ogS/N21BCblejCu+SlxjCNvtg4+vgOU4SRbvs96gpXyvEYmB5Sez1l+8CafWcTsjYjkPFzt+RX8OzhwSAzXFWHHeLh+80qiwr8N8aZsxCEk0CAwEAAaOB9TCB8jAOBgNVHQ8BAf8EBAMCAqQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwgbIGA1UdEQSBqjCBp4IFa2Fma2GCD2thZmthLmNvbmZsdWVudIITa2Fma2EuY29uZmx1ZW50LnN2Y4Iha2Fma2EuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsghEqLmthZmthLmNvbmZsdWVudIIjKi5rYWZrYS5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCHSouY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsMA0GCSqGSIb3DQEBCwUAA4ICAQBi/cIE48RiWD1DkdnskBFIrurORqWn6WsURj1GEduOWnJaTNmmdhZTNK9Rdw3N8p+bRw9O8P+qhZZuJiUMnt2mC7RvKKReQEfWIQA95/G9jxiz+Njo/z3Pxo0xmmC8Q2393jpq4cn26myETtrrlvureqaaBLNeOwP/xfI0/TccXa4yQHkLma9FDhgzK5fFDXo6BGhOjh7m+Yp4drul53zJQD+7Su2WxdxGpdhDH15T7k34RCJqJEHp4flukSkmJfoXwIL6Wq1PWNDJcVROnZ3ScoLS/VaoV2HyjdYkqrv8dnY6VgvycsAGhb3iiVcKBrIomMYwzB4SmGGqL7i1z1vJxVUfsVzbzfA4IGuL8HY6QMa96Qexj2IxwPwmXfjpCAw4y63k7TlfEZtf4PXc+FfLUSpR+XvfpZFd5ON8VtucH/4AWD2D+XxGrESudfLfzb8uTUE6KlVBgV23rsBJaOXX/SF345UxCRT6/tiZp3WZ7YyJsix3v8qJIyqRj72eAb1Ju5Ii8A6MV1HX4UsnALCAbr+v24l2InZSzZu47K5RD8EjyGcBVrXXDf9WhrMGflX+ht505EVFCDazYEKovUTItssh7Ta+x8Myf7O3sthJJYY6rPUgoJRgKWkEOibCFz5XiK3K62Bg1N95Tnxkp1yTrIIwUCh55sGbob5Z8ispIgAAAAIAAmNhAAABeRKwzDUABFg1MDkAAAUMMIIFCDCCAvACCQDAKTWpEAiIxTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yNDAyMDcyMTE1NTJaMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuslCZXjSmVZQcJnC1ZGXSZGpjxGJ8trpiuF6Y2HgaWktPsP3uE3GVzjvtAJnz70cpb4pOZEK3u3W+NuQLw+XlDi5XHyDuScLIyGv1J1YmeSRVAQ4jCXhBiqNQqy+1YaAJpl2InsK1FwlWiC4ZoHwfyBsV65PH8viA2HcrPBahLSscBgYJ4kMpBFjXc6eEyZWFO6eYN/3Gb8KmT3VhgBdDxfrlXrpJwDjAuWWWaZ1gxsNbe4d2BMXRcjAGwTzObtBqECrqbKNtzKVLNkCo5VO2SdIWmi9x9oD+eppuPOvMornNd32b8KWxPLucP1ZchhrcwGOWSYEkhNrLDhpX+tKUFM4d6EGdEv4yA4gIx4JN4MvBa6onM5HUmXGmvr0OkBnbsi/Zk77c/jmDkL53n/jG1V5BR3kLnt04h4xhyiK6ITNmNR5HNSdlzhKT/qdneqIYoAVIQvHC/wUA3B+B3uurhtr9a6cLYvya9WBANJgQDLcSXDa6zBlvaPz7XtROaMKkY4U6FCn0r7a12r154CYWwjxkYN4r7ebxw9wgVa0GkRFsMGVEZ/vCiB4q3LHvtAu4mRYBb1srMZ15fUTn0DQn5RL65FwTpt1BRfiUHhXuNWRDzdqyoRcihP25YTWPcyW4AZGFstTCZHoK/sSS6+/E7zVlvt3ZKrpyXhNNI3QG3sCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAeOoVwAXAko+XDdRePouvNdHRGFNEq67H/0F9yCCms5d7iMW1X5da37ukYe3TCWMYFP6J2HGBdbL8IZpnro4s2IPH2Ez0VgaY95N6iBkZEdClPshGKcrlEkgeCA5gA+IK28pl9OXJtf2U4DGL0LAGDun87+wPLuDRVkp4SdEzVYGRxy5Y0IiuoYipzpj1AJ7E9g3ulwGkWnt2Np/7paNwAmED3g/IHIdyw3fyVbHJgPjsFsRnuLJghwKs95WP92fagJYnuoj6RTo4bo6z6z1wYvQzyzxT1mpgThm0FyqSOeyuJ+f+tctJbnc6afMteloDKJBfAPNDN7cuQ8agaj7RcqkKKndOPOqxZ/G6TyqR1MDQg5mBlbWV7ejoBAQwhno6r8fNRejVVmkEZ7F+BLGSWJ2xPGwGcEHuoDvtAjSoVlrELSRVjOKUMFwiT9g7WArldkXWYZw7nzfifvo3KhLjYmOWZKhzk4+8NnyaslI5jCTev0wBEBJ5Xwj8me8/xK3Mu/VQjzIGO5bHTcTfXOCZcdQTQI65fA8yDidW7ZP2Dn4yMk4mrIjGxu3qj9daxKhvvCAOhbxyTZfCbci1bWEU5ochTu7csBX4MlYlhYpzitsfyndyFaL9WjX8up4y90PxOO3SClt0lltfy/NXHCZZj56cmKp6FctclPoiptTIRqJVPK9nxNuoZ39mkA+Xi/FSlKVL/Q== - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDekNDQXZPZ0F3SUJBZ0lSQU1ORklLZzRZU29iVmhFVGZKWklmNWt3RFFZSktvWklodmNOQVFFTEJRQXcKUmpFTE1Ba0dBMVVFQmhNQ1EwZ3hEakFNQmdOVkJBb01CVVIxWm5KNU1SVXdFd1lEVlFRTERBeEpibk5wWjJoMApjeUJRVDBNeEVEQU9CZ05WQkFNTUIxSnZiM1FnUTBFd0hoY05NakV3TkRJM01Ea3pOekkzV2hjTk1qSXdOREl5Ck1Ea3pOekkzV2pCRU1Rc3dDUVlEVlFRR0V3SkRTREVPTUF3R0ExVUVDaE1GUkhWbWNua3hGVEFUQmdOVkJBc1QKREVsdWMybG5hSFJ6SUZCUFF6RU9NQXdHQTFVRUF4TUZhMkZtYTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQpBNElCRHdBd2dnRUtBb0lCQVFDV0NJU0FBcmNmcnpXbWVHUitMbk5vTVVmOXd4WTN6dTR4blFMQUFKWHdyV3ZLCjlyam1taHJLS3ZIU1FqV3I3N0pTTGk4T2pOM1J4eVc2dk9KS3RLRGdlcElndVVpaE9Bbk9HbDI4UXYyRFlsQlUKdFBGOFVqZURMcXZTaWNGVHd6aElsSDBhczNrZXcvZXBwWGNic2J3R0FvQUtqZWY2anNEeVlYTXBMd2ZhZVVzdQpXeXlOT2R3b0YzSlh2WERobW1SdnhZZk5XdXRnY3ZCUXNyeW5NUTFuclMvRXVObjRITzRadjNUZGRVbTk2SUV2CnpkdFFRbTVYb3dydmtwY1l3amI3WU9QcjREbE9Fa1c3N1Blb0tWOHJ4R0pnZVVuczlaZnZBbW4xbkU3STJJNUQKeGM3ZmtWL0RzNGNFZ00xeFZoeDNpNGZ2Tktvc0svRGZHbWJNUWhKTkFnTUJBQUdqZ2ZVd2dmSXdEZ1lEVlIwUApBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CCkFmOEVBakFBTUlHeUJnTlZIUkVFZ2Fvd2dhZUNCV3RoWm10aGdnOXJZV1pyWVM1amIyNW1iSFZsYm5TQ0UydGgKWm10aExtTnZibVpzZFdWdWRDNXpkbU9DSVd0aFptdGhMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDFjM1JsY2k1cwpiMk5oYklJUktpNXJZV1pyWVM1amIyNW1iSFZsYm5TQ0l5b3VhMkZtYTJFdVkyOXVabXgxWlc1MExuTjJZeTVqCmJIVnpkR1Z5TG14dlkyRnNnaDBxTG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYkRBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FnRUFZdjNDQk9QRVlsZzlRNUhaN0pBUlNLN3F6a2FscCtsckZFWTlSaEhiamxweQpXa3pacG5ZV1V6U3ZVWGNOemZLZm0wY1BUdkQvcW9XV2JpWWxESjdkcGd1MGJ5aWtYa0JIMWlFQVBlZnh2WThZCnMvalk2UDg5ejhhTk1acGd2RU50L2Q0NmF1SEo5dXBzaEU3YTY1YjdxM3FtbWdTelhqc0QvOFh5TlAwM0hGMnUKTWtCNUM1bXZSUTRZTXl1WHhRMTZPZ1JvVG80ZTV2bUtlSGE3cGVkOHlVQS91MHJ0bHNYY1JxWFlReDllVSs1TgorRVFpYWlSQjZlSDVicEVwSmlYNkY4Q0MrbHF0VDFqUXlYRlVUcDJkMG5LQzB2MVdxRmRoOG8zV0pLcTcvSFoyCk9sWUw4bkxBQm9XOTRvbFhDZ2F5S0pqR01Nd2VFcGhocWkrNHRjOWJ5Y1ZWSDdGYzI4M3dPQ0JyaS9CMk9rREcKdmVrSHNZOWlNY0Q4SmwzNDZRZ01PTXV0NU8wNVh4R2JYK0QxM1BoWHkxRXFVZmw3MzZXUlhlVGpmRmJibkIvKwpBRmc5Zy9sOFJxeEVyblh5MzgyL0xrMUJPaXBWUVlGZHQ2N0FTV2psMS8waGQrT1ZNUWtVK3Y3WW1hZDFtZTJNCmliSXNkNy9LaVNNcWtZKzluZ0c5U2J1U0l2QU9qRmRSMStGTEp3Q3dnRzYvcjl1SmRpSjJVczJidU95dVVRL0IKSThobkFWYTExdzMvVm9hekJuNVYvb2JlZE9SRlJRZzJzMkJDcUwxRXlMYkxJZTAydnNmRE1uK3p0N0xZU1NXRwpPcXoxSUtDVVlDbHBCRG9td2hjK1Y0aXR5dXRnWU5UZmVVNThaS2RjazZ5Q01GQW9lZWJCbTZHK1dmSXJLU0k9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ1dDSVNBQXJjZnJ6V20KZUdSK0xuTm9NVWY5d3hZM3p1NHhuUUxBQUpYd3JXdks5cmptbWhyS0t2SFNRaldyNzdKU0xpOE9qTjNSeHlXNgp2T0pLdEtEZ2VwSWd1VWloT0FuT0dsMjhRdjJEWWxCVXRQRjhVamVETHF2U2ljRlR3emhJbEgwYXMza2V3L2VwCnBYY2JzYndHQW9BS2plZjZqc0R5WVhNcEx3ZmFlVXN1V3l5Tk9kd29GM0pYdlhEaG1tUnZ4WWZOV3V0Z2N2QlEKc3J5bk1RMW5yUy9FdU5uNEhPNFp2M1RkZFVtOTZJRXZ6ZHRRUW01WG93cnZrcGNZd2piN1lPUHI0RGxPRWtXNwo3UGVvS1Y4cnhHSmdlVW5zOVpmdkFtbjFuRTdJMkk1RHhjN2ZrVi9EczRjRWdNMXhWaHgzaTRmdk5Lb3NLL0RmCkdtYk1RaEpOQWdNQkFBRUNnZ0VBQ3BsemN1KytMRGplbTNJcDkxZ2t3eG1vTWw5VDlJRmtCcEZISG5Wc0ltSysKR01xeGFXazl0MGF0YXVOT2syVU52Z3lST24vdE0rTFQ0WXR5bVVDRmxSWlR1SWdlZjNWTURBbUUwY1lSenZSbApKSGJjRUtKbVZaZzRmMWxJRlRqWGd4a3FkWFowZWgzeUkwUVRWQnVNWXdoT0wzQ3pFTnFBK3g2eldoZCtnSXF4CmVUTHJYV3ZHME51RXV4UGpUZWRMbmZ1M01Ock9CV0p1bVFiaWtNUGROUGRweHZyQzFHNzdHdWFCMlJjMDJ1M3oKSFF5bUJ0RnhGdkhOUVJVU0ZGRWd4aGY5WmorVXhCMVUwbjZKcy9iNlZMSmQrSjI1ZDIwYUNLOGlETG1SMmRQYQpvRndHT1RMRUFkcThUd0hjZ0hDMkNIQkNDT2pYT1ozYXRXZUxwWHdxZ1FLQmdRREJBTGdOdDE5TWk1a1lqYndKCjZJNTNPd0lkLy96S1RlckRTenZhSFltU2FkTEdrTWY3b2JWSFRnbkY0dTE2b1B0cFN1ellxbDJpMTdjY0taU04Kd2FINUpXS1pOZUt4NklDMDZqNDZScmZhZTV4RkY5TFM4YWpEV3ZOaWlyZ3hPMVU1TGZjSmc5ZUIrWTNwcmNyRgpkOElyS0RhOUxxaHVnczlZUmxGMWM5eGlmUUtCZ1FESEFVV0pNcEhsRHBqTmlXUUZjelV6V3cvZk5jSW9sT0pwCnBweldaSlhKNXUyY2ZlUXBkOCs4WGJOdU12cnQyUHZNYTgyMW1kNmJmRGtiMTZyc24yRnM0SFRkY1FyMnhWUUgKbUZOR3pzWEVMa3NoMzdsQ1pCbjk4c09TR0wrenBiOCtTeEtqQW9xVXFPNVFZeFpFQVVCdEdYWU5KZWQwNnhsWAo4bGZlWU93b0VRS0JnR3JteHd0eDRpczN0MWpPU0xVRVJzVHJ2a1Izb2NFOFh5aEU1NlhzYm1MV2twVEJaTU9QCjBpVG9xS2tmQklMRDMvMTJMckhqeTNHRElqMUxHcWxaOHlsWTk3LzlCTStlQkl3d29yOE1wSkV6bmw3Mnp5TmcKRHlZRm5vR2FiR040aGIvaUljNzNZOHJ1T3hpUDFweUJ0TjdLcTJjbURNMEpUMmVKcTF6dkM4YlJBb0dCQUtMRQpYSDZKMlNDVFh0R0YxVVJMNWJDYWc1SGFvM0tUeTlnRUNYV2xrWW94RWhtVU1tRGtlUW1sVGhRTktJWVBtbXVwCnBQZ3E0Uk1sZUlSWVVwbjFCamVLSXF2WVFOSnp0WFg4MWVndFNUNWJhdUpLM1hqNjdQTnpjeGgwbTU4eEt3bWwKVjVueWd5eHlPM0dPaWZDWFlYMmFmSjdtYUxpTmJnNHJ6a2k1MTQ0eEFvR0JBSXprRDB6blpjbVdMdTkwenpLLwpZdVRLdmExQnNyQWZhaTM5Q0d5MXpwaTlVbDN0M2dDdE92ZFVBYk16ejkxdzdLc1pINkdvZWFROWJWWU9DNlBUCkFJbDMwZmhkWENGSDUvQmg4K1RialJBcjhTeE9INmtST0pSSUVRamt2ZXdWZ29OUndBYXFPK0V3M2pmZVZ0NUkKV2l5d3ArMDFzTkJJWlQrT0h2eVVRbklMCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5ErDMNQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGorfYhYy08EA34Sz0atRhctmkVr8A ---- -apiVersion: v1 -kind: Secret -metadata: - name: ksqldb-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRFdqQ0NBa0lDQVFBd1JURUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhEekFOQmdOVkJBTVRCbXR6Y1d4a1lqQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOVXVDZ0NiNmQ1U1BHTUNGWXZ6cytaUFJma1FZY2xIRFRPOTYrejgKaTUvOEJ0TGVHMlVMQzczaXJZdWtSdi9CZ0R6dmdkZURzdmJsRGMvZStQcUcvTllMejg0M1ZiNlJsc2xESTRRQwo0U0h4TEsrUUlUZ2VMZkg1Q0tDVFQyVDlNWVpzTlMzelpLQW94Wk1ORnlJWTdwNDhsTDdUV2RUK0NOYSs4K09jCmFSZnRHc3NIUU9KZW5pbFhzdC9CTWR4MC92ajhsYk0zNmJJekVXMzRFNHIxdTJwYS81bUpveVVIeTFwVjk0REIKZmc1aVVvSitSYWxCclFrUVp4MkdEekdsbkFHYzZ6R1JrdFA4Ujk5c1hFU2pGL2xrWlRFOEI0aXdtL3o0RmRpdAp3Vlo1WFRlYWY0TFNHZVV4TXU1ZlhyUm9yRUUrR2F5ZVdqaHdnNVlRTTZSdnhLc0NBd0VBQWFDQnp6Q0J6QVlKCktvWklodmNOQVFrT01ZRytNSUc3TUlHNEJnTlZIUkVFZ2JBd2dhMkNCbXR6Y1d4a1lvSVFhM054YkdSaUxtTnYKYm1ac2RXVnVkSUlVYTNOeGJHUmlMbU52Ym1ac2RXVnVkQzV6ZG1PQ0ltdHpjV3hrWWk1amIyNW1iSFZsYm5RdQpjM1pqTG1Oc2RYTjBaWEl1Ykc5allXeUNFaW91YTNOeGJHUmlMbU52Ym1ac2RXVnVkSUlrS2k1cmMzRnNaR0l1ClkyOXVabXgxWlc1MExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDEKYzNSbGNpNXNiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQVR3MVhQR3B3ejVDR2pXZmYraXMyUXMrbwp3eFl5Z2FMN1k2Q3BnTTc2eCtidjZySVFxNE9odWVtK1VRMTJueGdsTW04a2xFczY5dnk2alNja3pNekhweFkvCkljREdDNVZQQTQrNWVoVmpybzgrU2F3dzY4aWdXL3lEellMU2h0N2RmYVRZbHpWUFEwVVlMNGFOSEJ4U0wyVi8KV2dpa0daL2R3RzVqR3B5NmM4UEtTVGpQcWxwOVErQnRwcnVpbnlySWlwYmhYRGtVbnZkaitMM0QyVElDVGZlYgpldm5xQllWRURvWnJTbTlWU1l0RTQrMEM0WndZMFdWT0YwV09Sb2RoeldGdWtOeTJEYTMySFJwSGo3T2U2bmVjCnBVK01UbytpcERmbjF5ZnQ4S1p4SDh3cTI2aGZYZWFNWDZ3VE9RVEVDT3R1SERhd1YxNXd3SEoyeWpjV0VRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EtLiRAAABQEwggT9MA4GCisGAQQBKgIRAQEFAASCBOl9GF22s8Ef9INR47xmKtIlr4BrJ/dZZ3IYnYCI1nKOJRLLt513S1TwKQpT4PSqhzN/1Mx4qevsM0fm6bGWJw9hAqjyUKehRN9mcEoyYC7AMZUcwUp7Xw/B5mLgcuX0jeuPzMimdkLXw1m8mUx1XqcH58a+HI+I5upeQn8HWqsS4BsM/fSiOjAmyDMZ/aSQd9tB/E+0+ToghX8sFzQgH48UyniEYXcxR9rd/ja8KxHapKc24X7twPL9q7EjQI/83xu7ahpbwFSPv1Xk0fpp9YhZP/DUwCh5OCjI24xc8Bk/HgbSPec6hi69QuHAfgKNfOYhVnyCd6PKBQo3OMrPER6y7QL6pQvhaFoxC2faSfxJXLVpIgfOWgaBvRK2IU0df/4ptTJjJjqrJr/iq56W4Cn9NX9FhL5JKOcc6b250J6d6kRR93MKNwZxQoN0AczJKX1DpChfyDzl6znl6MWoFwHBW1kKoCLW0wthv/SNkBcJoctpy3hbxUE+CgythJ9wSofEx2MJt4pvwskgxgRmUUpAVIDPZjio2sdniRrdnGvcvYVVuCB0ed+rsYOFd9odKll1ykMf0NTjXLpTucTd8Oz+X++Up7RuFk/dPEtTnAX9BuRPhm+00twaH2E4egcDpwOATiwgjP1AadKZZv0texjG6opxU94rgVJwaoNB5zw423SCWNcyPyl7YGybI8kJhYJIuupCMPP0Ab6aK/gFTsVRlQrKaKLwigca9AeyhPyM3MPzTT2cIDdF9YLI6EuMw5wbZoJ2hSqTFEY1nP8m0+lbJJBzlxMtUmKOiEpSyb1yXSRB+JR+9dnfhKMRTyTfQ7DpbJW04Fa8oPTUK2FWEuuzw6jln0+1HEUpU/jpdUvobYiqv6xKsoJjzXQTWqzukn4FckX/bYEHoWKuSLDWDZOYdFM7A4VzHZ8Z1+No3aaS4ezqahSRULSz0Xg/Nti6znuFfbVp+9i9Wl9lOPYfnqTAf6kRx38usP+DAFZsK7kqRB30pFusSRkF2HOCZQ4OGgxUJXewyz2PJaBv/q1EnY4/ZOojmSxyRJnyzPz5rtW46bX/ZICqdpJ87IkoLWiEtvz43MY4iQh6QeUgbwwGptc1lN4/xDosoT9ty2WkeRiB3Jaria4xQNNDZh/D82hT62AyStiA6wdO4Bcj2c8dz/2TAfg3pxiGnPJEanAWXmSS87BtZDlAnyADJXH1PF9dL5xa0tFFfIQua46xDfe16GF4kU/ZNRya1kpRpYdbIk9mVncmb+ZO7jH+jAFdhnRKCX8cdwC4/kmSp+w/sOSeT9hg4qmr3pZHUXZRYoOVpM4U4HOsvY1Y3TKu8n01FRZMUNX9DhzmxClB9GGex9d2DeR949jfo7bQXf1eeaWTAQ/Vc/1j3woOaDaXhDd6rdoi/6em9JATed/qSrU58juucruVmMDFu8C9q0kFxfJO3JnfBQrqY4bJcNtdx2WiDhtaDLr0LZe8Gsm1HlDuYf2ev2XEA3iyUb/EqroezIEPAse5gG89Y4c4YVgLOoSXjI1P+ej2uG8FRjA+jAOF0/9wgG90JYeB1aZ4eAKG7cNWU/o0BdZRtIQH2qKogIoEig3/Ukx/xX9zOUUm04+7VdyVtdTKzc6rdDrAxQJVHz3BeZqrdwJK4mdxm2y/SM2YKruNs4pw5DmzKLsu+BYAAAABAARYNTA5AAAFFTCCBREwggL5oAMCAQICEGSSOmeurnqTa3lIjrqZWMMwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDI3MTAxNDQwWhcNMjIwNDIyMTAxNDQwWjBFMQswCQYDVQQGEwJDSDEOMAwGA1UEChMFRHVmcnkxFTATBgNVBAsTDEluc2lnaHRzIFBPQzEPMA0GA1UEAxMGa3NxbGRiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1S4KAJvp3lI8YwIVi/Oz5k9F+RBhyUcNM73r7PyLn/wG0t4bZQsLveKti6RG/8GAPO+B14Oy9uUNz974+ob81gvPzjdVvpGWyUMjhALhIfEsr5AhOB4t8fkIoJNPZP0xhmw1LfNkoCjFkw0XIhjunjyUvtNZ1P4I1r7z45xpF+0aywdA4l6eKVey38Ex3HT++PyVszfpsjMRbfgTivW7alr/mYmjJQfLWlX3gMF+DmJSgn5FqUGtCRBnHYYPMaWcAZzrMZGS0/xH32xcRKMX+WRlMTwHiLCb/PgV2K3BVnldN5p/gtIZ5TEy7l9etGisQT4ZrJ5aOHCDlhAzpG/EqwIDAQABo4H7MIH4MA4GA1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADCBuAYDVR0RBIGwMIGtggZrc3FsZGKCEGtzcWxkYi5jb25mbHVlbnSCFGtzcWxkYi5jb25mbHVlbnQuc3ZjgiJrc3FsZGIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsghIqLmtzcWxkYi5jb25mbHVlbnSCJCoua3NxbGRiLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIIdKi5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWwwDQYJKoZIhvcNAQELBQADggIBACq2FIEHRRMafIdY3Y4bynUKyfjBI+09yyxNubu1Rx0DLG7jEsUcGqpbFE/zDOGQ0SZzwbVGEFhAbyYeGpqZZy4gJ0N36b1lpe8HDL5RBNuEG8CsSiWuQi2dmi7pgLbJu16CPFcuGJEQKMnGH7hPOCuVqcx0/jkTqFpEbJaGsl4HVLRMSIBY4/eV3PkHZh5v3vtZC5m/IkMjaTFiF+YO5ZH/C9dFIZnxwRD+u/UG1oF71lqvuhkmEkcmSWWHwBMS71O4CEMiOGwQ9kaBAMvg61gAS4mGBJjw5UpGValPFr+Zw/RfcV2OI8GWF75O77nsp2kOUcTqBH8PreYzvYfBGVazBCvc+RFnRnrZ41rQTn/Q/bXuNrOmkiu2G1w0pQIL2F4a3CFaRJrB9JB59dzHwQGaGgOMiBkCtkyuVoKh138WMKPbjI12PMAcpX9QQlG5y8k6pTI4vJQC8+vQpKmHgtTaO48A5hC5+Ioifye0oQJow6MwpiZWve7vEKc+JgiqV5V5HD+HBOLiUwmDc2Jgg5KbxJWpmYfxjtaRO1x2lkT9zQDnVFD3JyTr6ZtIltgPLMwfTTFVR3sQFEyMKaWf36goVRV7wI3YGyGGzUPXE2k5FWqL8TiOH/w6p079nh0KeQRDeaPfuv+3OE+0p/Qlvxk69SsNknAEJN1LvIn9RMbyAAAAAgACY2EAAAF5EtLiRAAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGohGNcwaQ8wkWlh4HRH6NNI1nRPM7 - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZFVENDQXZtZ0F3SUJBZ0lRWkpJNlo2NnVlcE5yZVVpT3VwbFl3ekFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjeE1ERTBOREJhRncweU1qQTBNakl4Ck1ERTBOREJhTUVVeEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1ROHdEUVlEVlFRREV3WnJjM0ZzWkdJd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQpBNElCRHdBd2dnRUtBb0lCQVFEVkxnb0FtK25lVWp4akFoV0w4N1BtVDBYNUVHSEpSdzB6dmV2cy9JdWYvQWJTCjNodGxDd3U5NHEyTHBFYi93WUE4NzRIWGc3TDI1UTNQM3ZqNmh2eldDOC9PTjFXK2taYkpReU9FQXVFaDhTeXYKa0NFNEhpM3grUWlnazA5ay9UR0diRFV0ODJTZ0tNV1REUmNpR082ZVBKUyswMW5VL2dqV3Z2UGpuR2tYN1JyTApCMERpWHA0cFY3TGZ3VEhjZFA3NC9KV3pOK215TXhGdCtCT0s5YnRxV3YrWmlhTWxCOHRhVmZlQXdYNE9ZbEtDCmZrV3BRYTBKRUdjZGhnOHhwWndCbk9zeGtaTFQvRWZmYkZ4RW94ZjVaR1V4UEFlSXNKdjgrQlhZcmNGV2VWMDMKbW4rQzBobmxNVEx1WDE2MGFLeEJQaG1zbmxvNGNJT1dFRE9rYjhTckFnTUJBQUdqZ2Zzd2dmZ3dEZ1lEVlIwUApBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CCkFmOEVBakFBTUlHNEJnTlZIUkVFZ2JBd2dhMkNCbXR6Y1d4a1lvSVFhM054YkdSaUxtTnZibVpzZFdWdWRJSVUKYTNOeGJHUmlMbU52Ym1ac2RXVnVkQzV6ZG1PQ0ltdHpjV3hrWWk1amIyNW1iSFZsYm5RdWMzWmpMbU5zZFhOMApaWEl1Ykc5allXeUNFaW91YTNOeGJHUmlMbU52Ym1ac2RXVnVkSUlrS2k1cmMzRnNaR0l1WTI5dVpteDFaVzUwCkxuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDFjM1JsY2k1c2IyTmgKYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUtyWVVnUWRGRXhwOGgxamRqaHZLZFFySitNRWo3VDNMTEUyNQp1N1ZISFFNc2J1TVN4UndhcWxzVVQvTU00WkRSSm5QQnRVWVFXRUJ2Smg0YW1wbG5MaUFuUTNmcHZXV2w3d2NNCnZsRUUyNFFid0t4S0phNUNMWjJhTHVtQXRzbTdYb0k4Vnk0WWtSQW95Y1lmdUU4NEs1V3B6SFQrT1JPb1drUnMKbG9heVhnZFV0RXhJZ0Zqajk1WGMrUWRtSG0vZSsxa0xtYjhpUXlOcE1XSVg1Zzdsa2Y4TDEwVWhtZkhCRVA2Nwo5UWJXZ1h2V1dxKzZHU1lTUnlaSlpZZkFFeEx2VTdnSVF5STRiQkQyUm9FQXkrRHJXQUJMaVlZRW1QRGxTa1pWCnFVOFd2NW5EOUY5eFhZNGp3WllYdms3dnVleW5hUTVSeE9vRWZ3K3Q1ak85aDhFWlZyTUVLOXo1RVdkR2V0bmoKV3RCT2Y5RDl0ZTQyczZhU0s3WWJYRFNsQWd2WVhocmNJVnBFbXNIMGtIbjEzTWZCQVpvYUE0eUlHUUsyVEs1VwpncUhYZnhZd285dU1qWFk4d0J5bGYxQkNVYm5MeVRxbE1qaThsQUx6NjlDa3FZZUMxTm83andEbUVMbjRpaUovCko3U2hBbWpEb3pDbUpsYTk3dThRcHo0bUNLcFhsWGtjUDRjRTR1SlRDWU56WW1DRGtwdkVsYW1aaC9HTzFwRTcKWEhhV1JQM05BT2RVVVBjbkpPdnBtMGlXMkE4c3pCOU5NVlZIZXhBVVRJd3BwWi9mcUNoVkZYdkFqZGdiSVliTgpROWNUYVRrVmFvdnhPSTRmL0RxblR2MmVIUXA1QkVONW85KzYvN2M0VDdTbjlDVy9HVHIxS3cyU2NBUWszVXU4CmlmMUV4dkk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRFZMZ29BbStuZVVqeGoKQWhXTDg3UG1UMFg1RUdISlJ3MHp2ZXZzL0l1Zi9BYlMzaHRsQ3d1OTRxMkxwRWIvd1lBODc0SFhnN0wyNVEzUAozdmo2aHZ6V0M4L09OMVcra1piSlF5T0VBdUVoOFN5dmtDRTRIaTN4K1FpZ2swOWsvVEdHYkRVdDgyU2dLTVdUCkRSY2lHTzZlUEpTKzAxblUvZ2pXdnZQam5Ha1g3UnJMQjBEaVhwNHBWN0xmd1RIY2RQNzQvSld6TitteU14RnQKK0JPSzlidHFXditaaWFNbEI4dGFWZmVBd1g0T1lsS0Nma1dwUWEwSkVHY2RoZzh4cFp3Qm5Pc3hrWkxUL0VmZgpiRnhFb3hmNVpHVXhQQWVJc0p2OCtCWFlyY0ZXZVYwM21uK0MwaG5sTVRMdVgxNjBhS3hCUGhtc25sbzRjSU9XCkVET2tiOFNyQWdNQkFBRUNnZ0VBTFRYOVl4R3Q4THVLR1FsWkhueEoyLzlWL0xOdnVhczY3bzFKMnRIWW5zNXAKZUJFb3lDNG1pRmZwckdManQ5d0c0V1YrS1FIQ1U4QlNSSktxUlIrWndaOXhxKzlxWE9jdGpuT1J0YTZTcG9zcQppZlZNUmtXSVF2Z296ejFPcWtGVVhvaldZbTlyR05oc3hub1JQT2NDdkVabTJXMmpjSnVMcmxlREMvT2hDalNZCmtJMGdSWWl6M3YycGJESTYxTEk0T0VnMjlVQ0ZzV216cU01V1RwTDRQZTVvTExiRDhObGNSdWxvK1N1bGxEVHMKVG5RNVhkaStzc3JJMkV2Rk51ajYweEJSWXVuL0l1MEdEZ3cxb3dzcHdnNnRSUnJpeWJTUEdXeDBLSSs4a0phNwpWclJuQmNPLzBHcVF2MWs1Q3FWb0RCWHN0L1pUZ1dFUWhzdzQ0T0dXK1FLQmdRRFpaUThWSkY4dzdYcDlKNlRJCjVvdTdvYWNYT1NVTkt6dW41VE1GMUJYUDJqa2xsRHlpcCtZKzJ3K1UzL1poMUVXSFA5V1pSVGxnSEJxSEU0YWMKUWNNanJ5RmdkSEFZaCt1U2w1MkNmbkxkc0swUHkvc2QxVWcwcVpmWFV0Qk0vU2VaSzMweWlKZXlNN0d1VlZTZgpVSmVITzBraDk3QkdCQUlpQVFIb2lncVNSd0tCZ1FEN0NWM08wNThsTDVzZHh4TENGdXFYT29Udm1HRy8wRmErCjI3VnV1Z21malNMdnR6QkxMdXVQeFVvdWZpZXZ6S2p6TkEvRCs5Rm5MajdXZnlwa1NCL2g2a2syelE1STNQRmwKbWJFejJ0YmRSQjgxV2VlajFBVlFzSWJwbk9pZEk5ejVrRTg0V0hZOGhHSk5sVVJIdFZSVDFaSmdZYmJIRjNLLwpoUVNUQnByb2ZRS0JnUURKZDBWZUE0SVFOdFNnTGVBaHFyNXVXV1lmT0g4azBCOE4vbk9sZ0NIaXFVcnlqNGtOCitHbUJjTVBrNVJWUkhrWjlDK1Jva1dXVnN4WEdmb3J1UG1lWXAxRllNVEE5RzZGdURnSVRrQm5sWnpsSy9XK3YKK3h0YWFwemtHTVFmeFRBd1c4US8wNlE1cW55TW9sbTA5eHdtWUFQcmJiNjNkRG1CeDhzNzlNbk5Pd0tCZ0RrbQpnTHk5WU5YT2FMbjJ3RVovZ1JpOHNkYjZFZ2JoSDE2RUZtSUc2SG55WDZuRFFyTmJFelcvN0l0NUhQL2d6L1hPClBHaVp3NnFCMUx4d1p1NDluVVNKV2ZHbjdVQ1pURHVkS2NKc1o4NG4zQk1CVE1MM1dkNXMwY29OZHNlUGlwY20KUzJMQWdPcDJHUXNnbUZMYTdUL0l0M0pKekpxMnMrRDJIM3g1WEhyaEFvR0FOS3hrSm8xT0VMWGdlZmRKbVltdwpZNVlEK0x5ZmNMKzdGUlNHbTVqdjdMQ1FYbTZqTjRqTHFDNUc3WTEwZjg0UGE3a3NrSkJsNCt6NHh3Q0NHZlk4CkNFdDNYNFhNMVhGMDRNSDB0U1ZYN21IY3ZLbVgwRW1vVVFTMXVsaXJUYjNTSXVQMjQrdlArYkJKSC9aZzYzN0QKdWRYTTFFN3NFSHAxc2NpUG1ZMTJaY0k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EtLiRAAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGoqypfVz1zt0phuvrz37eH0Xveps6 ---- -apiVersion: v1 -kind: Secret -metadata: - name: registry-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRGFEQ0NBbEFDQVFBd1J6RUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhFVEFQQmdOVkJBTVRDSEpsWjJsemRISjVNSUlCSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5YytJcXFLaXZrWk96a1BIeXBtdTd3ajZndHB1QUE1K2J4UlUKSkJ6WjFlNHFtcUFEbVpIOE1PTzJrSDlUV2FvZTFDWXFBN0xnT01tSTlWR1N0UC9EK0RranlhZFlUUDJuSmk2QwpXUFNtRFlzck1KNHlPbWRZcDdMdHB1NWdhQ1BPN0toV255eTdGbnA1SDY4RzVySnRqQm5HS2lJZ3dTbHNmOUxnCkZIS0psYTlIWGlyeEJBM3g3Wk4vYjl5Z0NLdndMWDU3M2lpNW5QVHdIcldxNDFLT1dGYkFKZG9qWGRiYlBYMUcKZFUzNmdINDdJR3pvaFlRdHBldTh5VXVsV21QNFZRVnR4eVBOaW5TVFYvY0g1NzFONlNZbDRzb3JaUDdXTko3YwpzUi95UWJWZDZUVDhHZ0NzNDk1UTk1SzN0UUxpNlBWZ2xnQ0hFbEVJVWdwU1h4MCtKUUlEQVFBQm9JSGJNSUhZCkJna3Foa2lHOXcwQkNRNHhnY293Z2Njd2djUUdBMVVkRVFTQnZEQ0J1WUlJY21WbmFYTjBjbm1DRW5KbFoybHoKZEhKNUxtTnZibVpzZFdWdWRJSVdjbVZuYVhOMGNua3VZMjl1Wm14MVpXNTBMbk4yWTRJa2NtVm5hWE4wY25rdQpZMjl1Wm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNnaFFxTG5KbFoybHpkSEo1TG1OdmJtWnNkV1Z1CmRJSW1LaTV5WldkcGMzUnllUzVqYjI1bWJIVmxiblF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDSFNvdVkyOXUKWm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJQSE9xZwpZNUhUSDVIamx5SFhxa2I5UEVWUEllVHFOSWdLYkZOdWVQcVpKKzcvUEFkNmUyUS9ERlRHQ3Zmb3BUcWNoYVBtCmo2YzY0V0pqQlAySVM2U1B3MVRnQ0hqVmVmU2UrUzdFUUhaS3ZwS1NucWVFaEhkcGRQdVJ2RDc5aEVqbDFQNFEKQTJyVk1pTzkzdmVWS2JYWVpOUENlNDFsRmVWaHdveFNuQWNHYmdJeXVPOW1KZEZLVjV3czR3eEdKOHhrTE1waAp2bUNkcG9BNllVbjE4aVMrd2o2aTA1enBVbXh5aFhXS3IzMjhOdjBGQUozQUlqaVo2TlJucEpUU2piVkFuNHVDCkRJeGxDa2F4V3NwSXhwUk9HWWFiV0JZblJOTzNFTDdKcGg4R3U5alE1SHF3ZStFYUV6K2gvYWtqZ0w5UHJzNGMKa1AraGV0R1c1VjVXSnVxdgotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5ErpCCgAABQIwggT+MA4GCisGAQQBKgIRAQEFAASCBOrWJqMF9Cux5JN17Z5f866XfWbVPU7Ii1Px81GcL1CBiF/tW/AO7mWHLBSrXNy1+c0husWdd058SGkcFY153mUluN1X+rJ6djc659fyN+gjLG0nf1nrjyf8abG/mvLg4s4cd5Z6i+RHTNlGAa7YiBJghaGdENrjvOdSwc5IoJt4kX5S24msdq/C9Po+ROvyP+lMETpd58yVLBl681FAn+0KvbjDTO1xLcVgn3tYWryt6bCFO1U4AwrzxGyXkQDldAmTQj4EvuBk7sJoErhr7nvwxFDfjA1aynw8hsvLVDYVscrVjRpLFU+Db90A+eVKdU5a/Bb97wb7u3kEdL4wi69LVYOzr+bNJJ7Yb7zb5mjJy12cHg+ZghImIGdCABbpbKrIjpfKKJYoNJFMkGGNLaFeUy+VB7t/gqSrFIu+4BlgBALnFN037ijw7RKEt3SKneqTEPg/41hriV9UjQsdpLMXv3uLPP8uzHXr71U0JuN6neGClaUUViEzpEw1Zwwfbw0+lrObyEKB4INPQgmi7UlL+wNdGrW/wHGpqmgO2AUt9Rxly1r9A736edEM8857VRU3Md9WAANimptiuNfHsjhoLh9i2fqu51AHcQev2MYAYI5G8nFA0EHOJB1uSErn8SoTcRmv819gTNRrkzNTQuBNY5iLmb+z7s+5lqInQjRQNqZ3bwC9Lqa9PYEOrS6H82LVQZoWSBnEkHnXyjWWuQEdEIUCTSv3XbcQ7VkNFMYl88jFiZApI1rZNzO5GlmX0BM8eDJHhF6SdG2EoxntwpIvFi7SR66nWGxpt1MtxH2t+A1v0rX0LRhLbvt3OzFTCZY/EW0HMHD7wzesmzNXgLDHi5fzX+dHLrGNg5C1q1zQy7phdI1omW5HSxAxuqWyypqAql2y/DBLwFozEm/ftzr+ERKd9qF92Z8YggKRUsRu8qqMHBkp80Yzzx2jakg+0Cy+f+We7c23jxyVR4CvinBHepatm3Y1mjLzx2UM+FgLxzavqV0BvZiOrlyKru3TO7O3a7dOlHyci1+R86y16yeukn88V4ayAhwqrbLqa2oOhgHGvobUt8wngU7VCNQg0kNn7QuTfyyFOTOxuCswRLyNjp0uPTmbgEYKnckXZ2bo7G0A6U1HwE/h9wnOiOKcVeMA2tevUFayqlyC15caMv666z4+4EkfnzN/ANWDGYAheOXqfDynUgLACTgvDlUPIAl2g7bSA9dGoCvJAqyxAJ8FSd27QhqCxiWuV/LEPDiOI1R9Qos6AMtzCFK7XIOqeUCEpXdvxHgB1VjsPxgk0nd8FemizX0LXFLyBatEh53CyMRJGovdHztwKr12/6T3ClYh7DbjGLw8WnqqGN6m4LBmWJ92haDUnVpDb9WeeGHopZxk8iVXofdVcXEiVRaJWOYV/h/oTjDrXX39/UZZ6MlrirGe3lkxbgtqMa3atlTL2wg+r3C9rDLsS5sq247xU3y6Sv+XtTbJ91WVBPJVbcMioImJ68zBDC6AJehY40ytl3fOiuqzE0lbbsmnuX6yD+Yjwvlp1Vpf/0pv4b3zSEohU2kBlA8LW3HwFscNdbs5BKaOABxRbJ7NX3PNl416XG/rtBHevMuRm2+wWaNY5RrU+vP2SO/OYKS2cKUOEfhfgfgPmkoNDSHG9HnAUnD4mg/ze5MzWkw3DJTNAAAAAQAEWDUwOQAABSUwggUhMIIDCaADAgECAhBwLrRcWC1rU7wsX52RZHicMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQyNzA5NDc0N1oXDTIyMDQyMjA5NDc0N1owRzELMAkGA1UEBhMCQ0gxDjAMBgNVBAoTBUR1ZnJ5MRUwEwYDVQQLEwxJbnNpZ2h0cyBQT0MxETAPBgNVBAMTCHJlZ2lzdHJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyc+IqqKivkZOzkPHypmu7wj6gtpuAA5+bxRUJBzZ1e4qmqADmZH8MOO2kH9TWaoe1CYqA7LgOMmI9VGStP/D+DkjyadYTP2nJi6CWPSmDYsrMJ4yOmdYp7Ltpu5gaCPO7KhWnyy7Fnp5H68G5rJtjBnGKiIgwSlsf9LgFHKJla9HXirxBA3x7ZN/b9ygCKvwLX573ii5nPTwHrWq41KOWFbAJdojXdbbPX1GdU36gH47IGzohYQtpeu8yUulWmP4VQVtxyPNinSTV/cH571N6SYl4sorZP7WNJ7csR/yQbVd6TT8GgCs495Q95K3tQLi6PVglgCHElEIUgpSXx0+JQIDAQABo4IBCDCCAQQwDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMIHEBgNVHREEgbwwgbmCCHJlZ2lzdHJ5ghJyZWdpc3RyeS5jb25mbHVlbnSCFnJlZ2lzdHJ5LmNvbmZsdWVudC5zdmOCJHJlZ2lzdHJ5LmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIIUKi5yZWdpc3RyeS5jb25mbHVlbnSCJioucmVnaXN0cnkuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2Fsgh0qLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAJADP27b6KzRx4mHtqp14fJMMe66xZZGrUc3uOEGnG9f7uxsr+mN/8kPUqwIUkXYCSBoql2l4kcqSJPDyOAn9g5N87i/6JyYXogCypQhMkGjUZh3Oej6nJ9/lsKwnke3t8qimRBm6wQrMwLQIH8AZQGnTzIhbNj4xRVNEeFVTEIDYum/DZY6NA/sRFzyDbs8rHvOdbJxoVHGvuK/nu/7AGjnGneqN1iRYv8rxvBcly8jxMtYD0wu41VijyD0cA8fnFOeiyTIOjQ0QuCPq7tE2hKi53U/GE1/mSgk2FX6QlqIuVFnAwFlNxxOamm2Sqd+S0vpFj8KJ2YMDHBLHepq3P0va8l+STeKVbghBZD0w7xv2ypq4oViRZUYV8nXm5uUf+3xZe5nVbhmUdOrFDTi8dE0ywZNoNyY7fiwcA/8b8sJZ8NyHuocIWsY1OD6PkDKjWPQsmZ061abiCVzyzZfscRdP29jRO4EZy9XBeSLC3cUP9tIpMmVy9St94tQTuYzQtPVpGStJ5QO9mUKUHzAM8ZZ/F8gDE1yHxql004YGSGqe1TuX/5oX0U+9k9ReCLhT0R13uvdOmCqOeYfqcr7RPtYocPRfauogKkj3U3kKlGS9zMBIkr7gh4SuraerNUzpAaYQ4LgQx188ZvTkpK07ufxcWE4hZignCUKJjW765hMAAAACAAJjYQAAAXkSukIKAARYNTA5AAAFDDCCBQgwggLwAgkAwCk1qRAIiMUwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDE5MjExNTUyWhcNMjQwMjA3MjExNTUyWjBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALrJQmV40plWUHCZwtWRl0mRqY8RifLa6YrhemNh4GlpLT7D97hNxlc477QCZ8+9HKW+KTmRCt7t1vjbkC8Pl5Q4uVx8g7knCyMhr9SdWJnkkVQEOIwl4QYqjUKsvtWGgCaZdiJ7CtRcJVoguGaB8H8gbFeuTx/L4gNh3KzwWoS0rHAYGCeJDKQRY13OnhMmVhTunmDf9xm/Cpk91YYAXQ8X65V66ScA4wLlllmmdYMbDW3uHdgTF0XIwBsE8zm7QahAq6myjbcylSzZAqOVTtknSFpovcfaA/nqabjzrzKK5zXd9m/ClsTy7nD9WXIYa3MBjlkmBJITayw4aV/rSlBTOHehBnRL+MgOICMeCTeDLwWuqJzOR1Jlxpr69DpAZ27Iv2ZO+3P45g5C+d5/4xtVeQUd5C57dOIeMYcoiuiEzZjUeRzUnZc4Sk/6nZ3qiGKAFSELxwv8FANwfgd7rq4ba/WunC2L8mvVgQDSYEAy3Elw2uswZb2j8+17UTmjCpGOFOhQp9K+2tdq9eeAmFsI8ZGDeK+3m8cPcIFWtBpERbDBlRGf7wogeKtyx77QLuJkWAW9bKzGdeX1E59A0J+US+uRcE6bdQUX4lB4V7jVkQ83asqEXIoT9uWE1j3MluAGRhbLUwmR6Cv7EkuvvxO81Zb7d2Sq6cl4TTSN0Bt7AgMBAAEwDQYJKoZIhvcNAQELBQADggIBAHjqFcAFwJKPlw3UXj6LrzXR0RhTRKuux/9BfcggprOXe4jFtV+XWt+7pGHt0wljGBT+idhxgXWy/CGaZ66OLNiDx9hM9FYGmPeTeogZGRHQpT7IRinK5RJIHggOYAPiCtvKZfTlybX9lOAxi9CwBg7p/O/sDy7g0VZKeEnRM1WBkccuWNCIrqGIqc6Y9QCexPYN7pcBpFp7djaf+6WjcAJhA94PyByHcsN38lWxyYD47BbEZ7iyYIcCrPeVj/dn2oCWJ7qI+kU6OG6Os+s9cGL0M8s8U9ZqYE4ZtBcqkjnsrifn/rXLSW53OmnzLXpaAyiQXwDzQze3LkPGoGo+0XKpCip3TjzqsWfxuk8qkdTA0IOZgZW1le3o6AQEMIZ6Oq/HzUXo1VZpBGexfgSxklidsTxsBnBB7qA77QI0qFZaxC0kVYzilDBcIk/YO1gK5XZF1mGcO5834n76NyoS42JjlmSoc5OPvDZ8mrJSOYwk3r9MARASeV8I/JnvP8StzLv1UI8yBjuWx03E31zgmXHUE0COuXwPMg4nVu2T9g5+MjJOJqyIxsbt6o/XWsSob7wgDoW8ck2Xwm3ItW1hFOaHIU7u3LAV+DJWJYWKc4rbH8p3chWi/Vo1/LqeMvdD8Tjt0gpbdJZbX8vzVxwmWY+enJiqehXLXJT6IqbUyEainAPfsldpFZUDJvjAsK9p1TsHj8g= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZJVENDQXdtZ0F3SUJBZ0lRY0M2MFhGZ3RhMU84TEYrZGtXUjRuREFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjd09UUTNORGRhRncweU1qQTBNakl3Ck9UUTNORGRhTUVjeEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1SRXdEd1lEVlFRREV3aHlaV2RwYzNSeWVUQ0NBU0l3RFFZSktvWklodmNOQVFFQgpCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNblBpS3Fpb3I1R1RzNUR4OHFacnU4SStvTGFiZ0FPZm04VVZDUWMyZFh1CktwcWdBNW1SL0REanRwQi9VMW1xSHRRbUtnT3k0RGpKaVBWUmtyVC93L2c1SThtbldFejlweVl1Z2xqMHBnMkwKS3pDZU1qcG5XS2V5N2FidVlHZ2p6dXlvVnA4c3V4WjZlUit2QnVheWJZd1p4aW9pSU1FcGJIL1M0QlJ5aVpXdgpSMTRxOFFRTjhlMlRmMi9jb0FpcjhDMStlOTRvdVp6MDhCNjFxdU5TamxoV3dDWGFJMTNXMnoxOVJuVk4rb0IrCk95QnM2SVdFTGFYcnZNbExwVnBqK0ZVRmJjY2p6WXAwazFmM0IrZTlUZWttSmVMS0syVCsxalNlM0xFZjhrRzEKWGVrMC9Cb0FyT1BlVVBlU3Q3VUM0dWoxWUpZQWh4SlJDRklLVWw4ZFBpVUNBd0VBQWFPQ0FRZ3dnZ0VFTUE0RwpBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEClZSMFRBUUgvQkFJd0FEQ0J4QVlEVlIwUkJJRzhNSUc1Z2doeVpXZHBjM1J5ZVlJU2NtVm5hWE4wY25rdVkyOXUKWm14MVpXNTBnaFp5WldkcGMzUnllUzVqYjI1bWJIVmxiblF1YzNaamdpUnlaV2RwYzNSeWVTNWpiMjVtYkhWbApiblF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDRkNvdWNtVm5hWE4wY25rdVkyOXVabXgxWlc1MGdpWXFMbkpsCloybHpkSEo1TG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJZEtpNWpiMjVtYkhWbGJuUXUKYzNaakxtTnNkWE4wWlhJdWJHOWpZV3d3RFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUNRQXo5dTIraXMwY2VKaAo3YXFkZUh5VERIdXVzV1dScTFITjdqaEJweHZYKzdzYksvcGpmL0pEMUtzQ0ZKRjJBa2dhS3BkcGVKSEtraVR3CjhqZ0ovWU9UZk80ditpY21GNklBc3FVSVRKQm8xR1lkem5vK3B5ZmY1YkNzSjVIdDdmS29wa1FadXNFS3pNQzAKQ0IvQUdVQnAwOHlJV3pZK01VVlRSSGhWVXhDQTJMcHZ3MldPalFQN0VSYzhnMjdQS3g3em5XeWNhRlJ4cjdpdgo1N3Yrd0JvNXhwM3FqZFlrV0wvSzhid1hKY3ZJOFRMV0E5TUx1TlZZbzhnOUhBUEg1eFRub3NreURvME5FTGdqCjZ1N1JOb1NvdWQxUHhoTmY1a29KTmhWK2tKYWlMbFJad01CWlRjY1RtcHB0a3FuZmt0TDZSWS9DaWRtREF4d1MKeDNxYXR6OUwydkpma2szaWxXNElRV1E5TU84YjlzcWF1S0ZZa1dWR0ZmSjE1dWJsSC90OFdYdVoxVzRabEhUcQp4UTA0dkhSTk1zR1RhRGNtTzM0c0hBUC9HL0xDV2ZEY2g3cUhDRnJHTlRnK2o1QXlvMWowTEptZE90V200Z2xjCjhzMlg3SEVYVDl2WTBUdUJHY3ZWd1hraXd0M0ZEL2JTS1RKbGN2VXJmZUxVRTdtTTBMVDFhUmtyU2VVRHZabEMKbEI4d0RQR1dmeGZJQXhOY2g4YXBkTk9HQmtocW50VTdsLythRjlGUHZaUFVYZ2k0VTlFZGQ3cjNUcGdxam5tSAo2bksrMFQ3V0tIRDBYMnJxSUNwSTkxTjVDcFJrdmN6QVNKSys0SWVFcnEybnF6Vk02UUdtRU9DNEVNZGZQR2IwCjVLU3RPN244WEZoT0lXWW9Kd2xDaVkxdSt1WVQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRREp6NGlxb3FLK1JrN08KUThmS21hN3ZDUHFDMm00QURuNXZGRlFrSE5uVjdpcWFvQU9aa2Z3dzQ3YVFmMU5acWg3VUppb0RzdUE0eVlqMQpVWkswLzhQNE9TUEpwMWhNL2FjbUxvSlk5S1lOaXlzd25qSTZaMWluc3UybTdtQm9JODdzcUZhZkxMc1dlbmtmCnJ3Ym1zbTJNR2NZcUlpREJLV3gvMHVBVWNvbVZyMGRlS3ZFRURmSHRrMzl2M0tBSXEvQXRmbnZlS0xtYzlQQWUKdGFyalVvNVlWc0FsMmlOZDF0czlmVVoxVGZxQWZqc2diT2lGaEMybDY3ekpTNlZhWS9oVkJXM0hJODJLZEpOWAo5d2ZudlUzcEppWGl5aXRrL3RZMG50eXhIL0pCdFYzcE5Qd2FBS3pqM2xEM2tyZTFBdUxvOVdDV0FJY1NVUWhTCkNsSmZIVDRsQWdNQkFBRUNnZ0VCQUx5aVdmSjFObjE0Sm0weWVldHNIMUdiS04xcTRtcjNJVU1lMDA4MkVIK2cKc1AzN0Y2SlNERkorWnNWRjNsanZaUVdUN3EycVkxOXhNYTFzWkI3Kyt1Um9OSVZuQUdobXAvaE9mTlE5U1lGYgpWakdKalJWK1NDWG9YNjhySGIzNXlvNzNBcENpTlBYYjRKKzI4Rkp1OFdxRkpPOTVHdml5aVpJcFAvNmMyUEdwClRMVUx2OWdTOFNwd0I2aUtkQ0lZUnNBdHI1TUhRNjFDcGM4MUxsMGYrUzRlVmw0QXlMbUI3eC9oMVBoWTNScTgKU2E0N0w0VEpEclJCbmdZMzh5YjE0VHFvdWZERkpaK3lDMjJlOWx1VXArMWxMVjE2MXR2YWNxdElZV0dlTzNZNgpFNm9uZmZUcTFRdXZvbzhzdklEcFdmSzQ4TjNtYm5xN09lMk1BNzdoajRFQ2dZRUExQ29icFptSTdwczV5cVl5Ck1LL2JtSXhBUU5yQnVjVWtzSXExcE5PV2JCa28yVFZ6dG1PTWcrSTMxUlJEZXZ3WlZBa1ZoZmpXV1ZWR3NDbnMKWjI4eG1Pd2I3TXNYSi9ycFJyOHZyQWdpQURvbHNjK2dwbnRYVGpaZy9OWk5rOEVRbGFEMTJHb0lqZEdXc05pcAptWEJOU05TcTU4d2c1d1o1N2l3eDVqNGN6UEVDZ1lFQTg0SEp3R1dOTlFOY2grVGhGZkFwRTU0L3d0Wnd6eEFoCkFoUnprM3FtYzV6SW1abW5yc0V4aWtaWTBsMlpJWmxWYmgwdUZyTXcwY3N5dFoyUkdidVZzeEJPNUxMZXFLcVoKeFU1RjZLbkxBM1NHSVNzT254WmRZRVNydzR2QmZWbXVJSTBTR09Edm5Pem1TVDVNVnFkUGRsK0krOVRpVXNFTgpvc3lsNkxYODFIVUNnWUJDVzlFOTRHRzF6NU1wMFFXTnVOTkVTVW1uZjBSc2FEN3JnTmNEY0xKeHFRVGZ1eG93CkI3N2hXUllCYlU4VjNsZkZzdm1xWjRRVGVOcWRLdCtvRWwwKzZVcHFxN0xZYkdBZUlwbzBnbTZ3QjMvV3Q0d1YKeGlvdWFrKzNoUWZLbU80by9xa21RVFBmdDVnY1JBZjMxK28wUjJBVkZBR09nTFlPU29CbzlUQm80UUtCZ0NlZQplMXZ4YWVzeE05SHNmRzdjVjJLWXdka0ttT29udnFjZStyc0pIcUg2NVd5UVlvYjlhZmtNZnhFakozSWZCNVpWCjZ4VEliTzRGZUtleURsUzRmNS9WekhCTFpnemRUUTJjTWFXc1VwcXFUOVIvcys1UWJqcm1rV2ZNaWx2QnhxSUgKTWVXWVc0UVZ5MVlwYTdSQm5wMHM2QlhKU2xXYWtZUm1kYXdLU0N1dEFvR0JBTXM0SkFUTlNOTFJhU3JmaENwRgpIRVZxNGNUL2dBUWNiNTRHaG10STBxa1Rzek1NL1UwTElRaWZBWk9ZM3djM2VYUUc4YkRGUmR4VXpPL2RyM3A3CnhqNVlQZWpGSUxlRG9wekx2Y0o5RldBQlVBMXVXUFk0eVE2elZVNVNZVkd1eVh5OWJNcGNIeUdHNysyRHhlaWcKVEh3L2prblRGZkRybUNydjNJc0hrZmoxCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5ErpCCgAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGop0nmg8QgU4VXD1zTfkq5kZ392GD ---- -apiVersion: v1 -kind: Secret -metadata: - name: rest-sslcerts -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2lEQ0NBWEFDQVFBd1F6RUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9NQlVSMVpuSjVNUlV3RXdZRApWUVFMREF4SmJuTnBaMmgwY3lCUVQwTXhEVEFMQmdOVkJBTU1CSEpsYzNRd2dnRWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDdWpiK1drYjlNTGxtQnpRbTVTZ1hBeTVrNmRPNjM5bHlZSUl3K1c1TUgKTEZUQ2diN3lSQUhOY2N3a0RsaG9oVFJpY0tYc0Q3cHBzNEJtK2hsNlVta0FuZDR4NzJ6OC82dXNkMENnT1hlTwowZG04SmFxdWQrVW11cnk3Y0U1VEtTaElGL2tacmEzMFlEemRVSjhFNTFPR29NYk9lZlZRMlMwQlVTeHRRTmFLCm1aYnRoNWRQbUJEckcwamFycDhDZDRZY1BpdHRjSTNiNFdXRXZ1WHpCa2hmN21TRUpSdnBRUkI3YTgvdldMTVoKL0FoblpFRnh0UDEvSHZpckJYa0ZUNXd6MEhuY3NXcGtwd2JWbDJhYVRST0JzMTJUUGJJOXRpMnU2MnJGRHJlYgppRkZERlVVWFVjRitrYXAwRUtSYVNHRHZpai9CZkdkVHZUMFd0N1lGekE5cEFnTUJBQUdnQURBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFrOHRIQXpXY3ZTaFFJRGN3b3pzSHNpYThkNlZnNlJrbG5hbEt0SFgzY0FqRitvOWkKMnU5aWczbVFDRGVGUEpmdDlmSnlLM1gwUDUzSU9TM3VWWDRnRmpkTnU2aVNRY3ZKOXVnbWZ6cUZybWNheEg1ZgozVlZQZm9WdUpEaVpxc0FlZTJJNWhhMzEwMUNsTWdiU3A2YmZBSVNMQ0xoUiswaHVaNnYzQ0FFN2dsUHNZMnhFCjFOSE9ka1dDYm5NcU5Ib3ZWOCt6WlhEYUt3RXQxanVUeW0zMEp2VjluL1hTWGVMQVF4ZkpyMTBkWEkvc00rbzQKTWJNOW5WZzh4cVkwdit0b3NwbEwvbjdNWkNENTRIaXpsbW1KbHpRZDVSUElGaGc4UWZVd0ZHejZydzJKSWE4dQpYeGcwVURDaS8ybHlMUkR0S0QzMUVqWWhud0EzQVMyM0JMbkJ4dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo= - jksPassword.txt: amtzUGFzc3dvcmQ9Y2hhbmdlaXQKCg== - keystore.jks: /u3+7QAAAAIAAAABAAAAAQAEcmVzdAAAAXj0oI9WAAAFATCCBP0wDgYKKwYBBAEqAhEBAQUABIIE6XptDRk9DByyOU1E+J4F19K6tGx3lmtyQYXswcmvhuig4zbLvi7baWqFV9pZrCP1O2vcfsfkByXTezKCLPoJUsT6dmpGzjscwZ90kSkjWytZkvz9xLlEGAwE7DurmXgOXu+ucXtXRvdYMSb9kJsk7zsH37fFoyHxPSAMG2DdHw3yV4ysaGCTHzx56VoaQWz3Ett+Q28hltmfamyzyyGFS4osSQi9Ll/ZW/LJJXOjR5kGG8JTZevBKdEACusMG2RELbg4STBMef2LEwF0TDvCiAK+k6J5pixVP0x0+/JmA4cA/P8Vxc2nu8DapAKuWbQdzpZ3We+O5TRPhdyuFFTtJFicWQnvX3J4/82POM6rDlDI0MtgOL7mmj9mij/2OG7Fqan9eFpFuS4RUfBcTnsOhKku3wDsaAqrwlMm9n8cHk6GBkmYKj1FILYJ9HjS+m60wFdWHA1QTCSWYCCZet8m+K8eyZgI1ZxTFeogL4rgiev8aMw2ZxFphxWCjI2KZ7FsGqPnrVmWAyzjY8gOSfABpDewYTwTmieEvipPojkAEyVNyZXaNEr+bBBzHxduLY9nAL8v+LtZBKUCXpr7eZ9zY2yEBjIb2iBAOHt/+bG/kGZkpgPmJCrgPyRi1ESP+x4+nNr0fQdfgfYDL0qDYlT6971Tln3pvQwUrl3t5QQjBSKlDMa/KNl/uJEM123UodEsT27Rpl6+mLEFGbhcKGkuLfkdxMlytB+jGSdtN/CMF4o6IawvJfIuUavb4YHq/lVDdiEP7Bxi0fuTC/vE7+FR5wlnvF2ZQCk/WowGwTzw/LvBgTk3lO52mhp+lZiz3r1+dZAVwnbUNkcQjBBQqbHF3pk91SL7FXaUZTauNJZxZn+eeNMjR+VtwOpNSnKHeTabGbJczgCVOKU16hO0WqYfshg2GaxqKohOiz9XYkEkGpNQPrG9eqSlwjVOdT8CB7TE3HO5cj7Hd7XeWrY+IxiJ7J6Y1ZKmg78Ru8H0IiOAkuxKWRQamORgckWmj7T5ZJkum4pbcfhsPYrXS2qv9DcfaWmlGB6jbyo8ezLCp+wz2cbwQyXwmS3zmbcS/MftsNej72tdNLtwJHhyCEIyXgAG73AvTxu7qDPf7vKBik94ETVG9mzecJM382GcavV8JvYHGIjZEqunJxQv/MUApL3//ObYzVfYlb206YcjQnTTOFYYEvk05jaCOydOtQdCaWMOBq6jZER3VirFS22digpCpcq80eT25el7yj0b7Leigk/t7oM3hcSQP2K9FYXik6Jr80tkA3K9Zrqd5XqY417OeADFfP9itgq47tvu509/lJi8irloo6IZSkkCrrlOiKU2GJdfFXYQvh/kVkd3vFKpnYllKAjX3CQ9R0Afr200Vc/fnBAhdwe6RXePBGK2rvE5faiiVowm2aUj5cMsdLtM9RiGm05EcM5eIC6kdOJdhq1KCzRZLERCtH5zIM0ttRlE5f5SHNmk74GCui7HjyNhe+r2pa4dkev4/SuOU8gJ+8w6NJsNY01h5uvKjp8IhVU+9UMHZftsXy2aRBPtKBDb1cz1A8ouwpyuJeyy47GOmn7EIQ4OGnpBkrcp+ewLMIkCT+GF1RxUbTmiRMUTkOiY21VXGS/Azh4aRbMdAbXH7AAh3pwnO26cbfAzDYmihBWCxRuZoOibtt4WUAAAAAMABVguNTA5AAAD9DCCA/AwggLYoAMCAQICCQDoW62bU8ygFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEPMA0GA1UEAwwGU1NMIENBMB4XDTIxMDQyMTEzMzEwNVoXDTIyMDQyMTEzMzEwNVowQzELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxDTALBgNVBAMMBHJlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCujb+Wkb9MLlmBzQm5SgXAy5k6dO639lyYIIw+W5MHLFTCgb7yRAHNccwkDlhohTRicKXsD7pps4Bm+hl6UmkAnd4x72z8/6usd0CgOXeO0dm8Jaqud+Umury7cE5TKShIF/kZra30YDzdUJ8E51OGoMbOefVQ2S0BUSxtQNaKmZbth5dPmBDrG0jarp8Cd4YcPittcI3b4WWEvuXzBkhf7mSEJRvpQRB7a8/vWLMZ/AhnZEFxtP1/HvirBXkFT5wz0HncsWpkpwbVl2aaTROBs12TPbI9ti2u62rFDrebiFFDFUUXUcF+kap0EKRaSGDvij/BfGdTvT0Wt7YFzA9pAgMBAAGjgeQwgeEwgacGA1UdEQSBnzCBnIIEcmVzdIIOcmVzdC5jb25mbHVlbnSCEnJlc3QuY29uZmx1ZW50LnN2Y4IgcmVzdC5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCECoucmVzdC5jb25mbHVlbnSCIioucmVzdC5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCGCoucmVzdC5zdmMuY2x1c3Rlci5sb2NhbDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAHGKR7zEIgFLos6RAIXfwO+EYne3Q8pHB890YSchc+yW0rgDONPPGcl/k6XmsL9+Zs6AIIcO5VVBkFqusrS/h1Zt5yvY+r3elrXa5/xNa3SFLVDRqVDzowpibS7RkCc3bkdYtrOZ7kKYMmV2degBd4sih3lTLd7Qb4y5jKwFkOyvcKiWJ0dVUhRNeCL4DZcR/POA6JtrG7a6TYcz/TNUyudLfO+RFKXuC5GsmeQxVW6qLCcD7QLUBuRQshJW6nLDswnYUgNFM/84Iy8wcAC4/W4guRqj0vnIl8WC3VrFdGSbHLwfvlJqe73l77Q6e4nzxoD73UwZPMycno4KAF2MZBUABVguNTA5AAAELzCCBCswggIToAMCAQICCQCU4on800qmnDANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yMjA0MTkyMTE1NTJaMEUxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMQ8wDQYDVQQDDAZTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWuUSwQ2cXcKxH165cnuaVq07De/UGa2vFbjdkhR5A6TOU074uOqfZTiLPHhKSZ4YYH1+L4K9Q+lbat3gqhvpnUtP+n307YR1eoTyKdd6EYb8vEue4TG6DSPzgatMxsiliqpee5Q0IJQU2ng6Bb7UUR8ooudtYc7nJVi1GvxmuFejF44g/0db7hUSUvmNyDuxaipGtVj9yZqJf5Kc7JCHqih80/7WcWxIalzYMdqvVti5BVvs2bbLIqS/DSRoFy+jO/m6y0YaXi/0bWbjd6pm6noE7t0tTY2jXxmGDMyuOa9acTFWu/hS5TOTnA27p3xAWga+/w30TKvHM7l6jyaSxAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgKEMA0GCSqGSIb3DQEBCwUAA4ICAQAcfOCVH7IEzAauOklzSeDYqIYkvNKFbWtBhUqm3P5jsZoa6+RMkCe6imbNR7wYlzzF+lXuLWkCIQI10WC/dc7RjKDB3Ra6p0fsARa26C+5OaD/prPraOBnZpIP27iXeCOORETZCuePTIodzximX/mxfDp8jE3utuW1qXmxjc6gLChX/IUbHfgWiJz4fU9crSaynqzBBZCaMMpZPEgJXy00kX6tsWKIlVbVULW9KYw1AD+8lNxUzWuceIngm/XYyOM+vmZMDZ0pv+Th9YbtwRlVCAzRyBM5muC2uxg9//VsFs19mqhPr6AISj4IKoxBOCaVUn6L8STM6XhNeO9boW6NPXuaWyCeRaLKOyeMfpBdPfo+CujVacPSQ2YNKMU/a4QE3j/BSuG/P1dlFprbb8ZzGBOvfxqv01zgETfvqS9RgNkqa1D4KRKkOZLYGsuU6jdpq/UB9PXWZETAKu2QA1ckWtNLz9FMPrviGYj1HsazaCYcx7FhEzFejoIsmlarmtpZQH9taLf2cn/ZJrDDncdJBOvyZsmtefS/+k/hKLrgUKEm6QdwVR0BbFc/5GatihCwi3hgoEj0r4F0PYnbp96MLlhKO3kdO02lrXnPzgEG+j6S7dNhTreBBybtMpLl0BAdCnzeOXqQMoeGKQZXoLwn7xReGmzJYcECVzGNqezAcgAFWC41MDkAAAUMMIIFCDCCAvACCQDAKTWpEAiIxTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yNDAyMDcyMTE1NTJaMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuslCZXjSmVZQcJnC1ZGXSZGpjxGJ8trpiuF6Y2HgaWktPsP3uE3GVzjvtAJnz70cpb4pOZEK3u3W+NuQLw+XlDi5XHyDuScLIyGv1J1YmeSRVAQ4jCXhBiqNQqy+1YaAJpl2InsK1FwlWiC4ZoHwfyBsV65PH8viA2HcrPBahLSscBgYJ4kMpBFjXc6eEyZWFO6eYN/3Gb8KmT3VhgBdDxfrlXrpJwDjAuWWWaZ1gxsNbe4d2BMXRcjAGwTzObtBqECrqbKNtzKVLNkCo5VO2SdIWmi9x9oD+eppuPOvMornNd32b8KWxPLucP1ZchhrcwGOWSYEkhNrLDhpX+tKUFM4d6EGdEv4yA4gIx4JN4MvBa6onM5HUmXGmvr0OkBnbsi/Zk77c/jmDkL53n/jG1V5BR3kLnt04h4xhyiK6ITNmNR5HNSdlzhKT/qdneqIYoAVIQvHC/wUA3B+B3uurhtr9a6cLYvya9WBANJgQDLcSXDa6zBlvaPz7XtROaMKkY4U6FCn0r7a12r154CYWwjxkYN4r7ebxw9wgVa0GkRFsMGVEZ/vCiB4q3LHvtAu4mRYBb1srMZ15fUTn0DQn5RL65FwTpt1BRfiUHhXuNWRDzdqyoRcihP25YTWPcyW4AZGFstTCZHoK/sSS6+/E7zVlvt3ZKrpyXhNNI3QG3sCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAeOoVwAXAko+XDdRePouvNdHRGFNEq67H/0F9yCCms5d7iMW1X5da37ukYe3TCWMYFP6J2HGBdbL8IZpnro4s2IPH2Ez0VgaY95N6iBkZEdClPshGKcrlEkgeCA5gA+IK28pl9OXJtf2U4DGL0LAGDun87+wPLuDRVkp4SdEzVYGRxy5Y0IiuoYipzpj1AJ7E9g3ulwGkWnt2Np/7paNwAmED3g/IHIdyw3fyVbHJgPjsFsRnuLJghwKs95WP92fagJYnuoj6RTo4bo6z6z1wYvQzyzxT1mpgThm0FyqSOeyuJ+f+tctJbnc6afMteloDKJBfAPNDN7cuQ8agaj7RcqkKKndOPOqxZ/G6TyqR1MDQg5mBlbWV7ejoBAQwhno6r8fNRejVVmkEZ7F+BLGSWJ2xPGwGcEHuoDvtAjSoVlrELSRVjOKUMFwiT9g7WArldkXWYZw7nzfifvo3KhLjYmOWZKhzk4+8NnyaslI5jCTev0wBEBJ5Xwj8me8/xK3Mu/VQjzIGO5bHTcTfXOCZcdQTQI65fA8yDidW7ZP2Dn4yMk4mrIjGxu3qj9daxKhvvCAOhbxyTZfCbci1bWEU5ochTu7csBX4MlYlhYpzitsfyndyFaL9WjX8up4y90PxOO3SClt0lltfy/NXHCZZj56cmKp6FctclPoiptTIRqJD+Ym0Ks9Ms0nrQbI6SbeWkhpv4w== - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ4RENDQXRpZ0F3SUJBZ0lKQU9oYnJadFR6S0FYTUEwR0NTcUdTSWIzRFFFQkN3VUFNRVV4Q3pBSkJnTlYKQkFZVEFrTklNUTR3REFZRFZRUUtEQVZFZFdaeWVURVZNQk1HQTFVRUN3d01TVzV6YVdkb2RITWdVRTlETVE4dwpEUVlEVlFRRERBWlRVMHdnUTBFd0hoY05NakV3TkRJeE1UTXpNVEExV2hjTk1qSXdOREl4TVRNek1UQTFXakJECk1Rc3dDUVlEVlFRR0V3SkRTREVPTUF3R0ExVUVDZ3dGUkhWbWNua3hGVEFUQmdOVkJBc01ERWx1YzJsbmFIUnoKSUZCUFF6RU5NQXNHQTFVRUF3d0VjbVZ6ZERDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQwpnZ0VCQUs2TnY1YVJ2MHd1V1lITkNibEtCY0RMbVRwMDdyZjJYSmdnakQ1Ymt3Y3NWTUtCdnZKRUFjMXh6Q1FPCldHaUZOR0p3cGV3UHVtbXpnR2I2R1hwU2FRQ2Qzakh2YlB6L3E2eDNRS0E1ZDQ3UjJid2xxcTUzNVNhNnZMdHcKVGxNcEtFZ1grUm10cmZSZ1BOMVFud1RuVTRhZ3hzNTU5VkRaTFFGUkxHMUExb3FabHUySGwwK1lFT3NiU05xdQpud0ozaGh3K0syMXdqZHZoWllTKzVmTUdTRi91WklRbEcrbEJFSHRyeis5WXN4bjhDR2RrUVhHMC9YOGUrS3NGCmVRVlBuRFBRZWR5eGFtU25CdFdYWnBwTkU0R3pYWk05c2oyMkxhN3Jhc1VPdDV1SVVVTVZSUmRSd1g2UnFuUVEKcEZwSVlPK0tQOEY4WjFPOVBSYTN0Z1hNRDJrQ0F3RUFBYU9CNURDQjRUQ0Jwd1lEVlIwUkJJR2ZNSUdjZ2dSeQpaWE4wZ2c1eVpYTjBMbU52Ym1ac2RXVnVkSUlTY21WemRDNWpiMjVtYkhWbGJuUXVjM1pqZ2lCeVpYTjBMbU52CmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJUUtpNXlaWE4wTG1OdmJtWnNkV1Z1ZElJaUtpNXkKWlhOMExtTnZibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSVlLaTV5WlhOMExuTjJZeTVqYkhWegpkR1Z5TG14dlkyRnNNQWtHQTFVZEV3UUNNQUF3Q3dZRFZSMFBCQVFEQWdXZ01CMEdBMVVkSlFRV01CUUdDQ3NHCkFRVUZCd01CQmdnckJnRUZCUWNEQWpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWNZcEh2TVFpQVV1aXpwRUEKaGQvQTc0UmlkN2REeWtjSHozUmhKeUZ6N0piU3VBTTQwODhaeVgrVHBlYXd2MzVtem9BZ2h3N2xWVUdRV3E2eQp0TCtIVm0zbks5ajZ2ZDZXdGRybi9FMXJkSVV0VU5HcFVQT2pDbUp0THRHUUp6ZHVSMWkyczVudVFwZ3laWFoxCjZBRjNpeUtIZVZNdDN0QnZqTG1NckFXUTdLOXdxSlluUjFWU0ZFMTRJdmdObHhIODg0RG9tMnNidHJwTmh6UDkKTTFUSzUwdDg3NUVVcGU0TGtheVo1REZWYnFvc0p3UHRBdFFHNUZDeUVsYnFjc096Q2RoU0EwVXovemdqTHpCdwpBTGo5YmlDNUdxUFMrY2lYeFlMZFdzVjBaSnNjdkIrK1VtcDd2ZVh2dERwN2lmUEdnUHZkVEJrOHpKeWVqZ29BClhZeGtGUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcm8yL2xwRy9UQzVaZ2MwSnVVb0Z3TXVaT25UdXQvWmNtQ0NNUGx1VEJ5eFV3b0crCjhrUUJ6WEhNSkE1WWFJVTBZbkNsN0ErNmFiT0Fadm9aZWxKcEFKM2VNZTlzL1ArcnJIZEFvRGwzanRIWnZDV3EKcm5mbEpycTh1M0JPVXlrb1NCZjVHYTJ0OUdBODNWQ2ZCT2RUaHFER3pubjFVTmt0QVZFc2JVRFdpcG1XN1llWApUNWdRNnh0STJxNmZBbmVHSEQ0cmJYQ04yK0ZsaEw3bDh3WklYKzVraENVYjZVRVFlMnZQNzFpekdmd0laMlJCCmNiVDlmeDc0cXdWNUJVK2NNOUI1M0xGcVpLY0cxWmRtbWswVGdiTmRrejJ5UGJZdHJ1dHF4UTYzbTRoUlF4VkYKRjFIQmZwR3FkQkNrV2toZzc0by93WHhuVTcwOUZyZTJCY3dQYVFJREFRQUJBb0lCQVFDTmFaejdlTnhIOVl6aQpFYUI5RWpFUy9sOEc4dENyRE5YN0VQTk5XWmNGeXE1b1hnQzUrTXFWREVwY001c0FJbHBNSGdMdCtkZ0Y1anh5Ck1OQVBQMUIrQldlTGdQTUZESVNpVm9KdXk5L0dQdEJ0RXY3eUZZUDZHbkxvVDVYRTNhVWFzd0ZHQW1UWmhGWUsKM2xQVi95cTErTzdYUEFxNEV4blk1VkJldXBhVTlYNlFpUG0xYlNNSnloT0RGMVdxL2c2U3FJWW5MOVVYYUw2MgpUalRpdDFRN043VTUveFBtTW9zWDYxUDdzUm5rdE9PQTZPSVIxYWJIUnJLY083UWlPTkJaTXpIU1VKRlc1STJvCjNJbVdTYnl1dEFuVGZYdFo0dm9aRDlsMmc3V2VpZTQ1VENsSmJyN01UVVF1Zzc4MjhUckdXRVd5ZmVRR3dCbkkKSThFb2dsTjVBb0dCQU5xckdFcEhuaFhSaVB2UVF6VS9kYVorZVVnRzlxa1FqMDhtcVFYZjJTWllSdVpVeVBuUwpMOWlNUlFYNWQ1Zmt6dWEzdis2aWFaWEtsM2hYT2gyNWdqa2x5OGxaY2tKcUJjZU5EZjhoSDNmWnYxUk9ScVFuCmVRQncwYVJkL0p6MFY1aUZ2ZkZTeGdTaVo2cG9kZXVoTnFKT1VFZERXRTdoWTF0dVMwRTlIZVFuQW9HQkFNeGEKbjFCSGJOYnowb1RVd0N5QmowdFJqWklQaUU4ZjV4RFR4SDF0N1prMVg1SThHMW1qakdCTWQ2cmlpaEZ1TElYbQpaUUJDaGZ3ckoxdSs4dXZVY1dNcEtCMHM2eEdJTm9ORmNMY2FnUFcyWlRuMTV6ZDZsZFpKKzBCalpvOHI3Q24zCkMyd1VsYm9nUEZIdjQ5UWJRNzhUVDV3bm1xK2NqeUVLdjZ2ZjZkbnZBb0dBY1pZc3NQRVF5aTZrNUlGalYvYVYKNjUySTdJUkpmcnJPWm9RamlweWoxUXBJRWY5NndtS1BYZ0pISEhwZ3lETWYwck1pYlJoS2xuZTlSTkt5cXB3aApiQVFaSG9kckZkcXpFOXhPcC9lUnZCVU5FUUwwS1BNa0pMbDEvTmFoa1BwUHdqZSsyZXR3VnhueGxaQmJxTUYrCmVzTUphbXN1SlJOcEpDWmZ5d3l2U1VNQ2dZQkVMTmVKaU1xZXk2a245M0pGWnRQUFpOMitKTUJzNVUvSkpWMGcKRzFSeEVJVlozQU9qM0JRdzdGSGdDTVBYSE5KdHVYZG9wc2pjWCtrNWluS3dpcWRwVlltMGNnL2FRWDh1UERSbQpZY2swTUMyRk1LeDZyY0xmUXI4M3MvRzdRZ1AvM0JOTGMzS2dMYkR5QlA0VS9TT1UwM1J6dkNLM0E1d2NnZUdBCkRhdU9zUUtCZ0g1WEtuYzU0bWRaMzBnN0hhUlF4T1BvZWRKK21zVjlCQnpYR2hpVUFtcWhva2dpc2dVRmQ5Y24KczNCcVYxektSY1V1UEVhc3RsRTdtaVpUSFhESklOeGp5cDdLd0xtK2M0YVJzemhXTUF1NzRsbDZ5QWMwak91WAo0cnVBdVBrY0pIbzhhRSsvY3I5NXo1MlZRRDVVdTgwWDU5R21HMnFsZ015ZFRLKys5RGlkCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF47AJ+MgAFWC41MDkAAAUMMIIFCDCCAvACCQDAKTWpEAiIxTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yNDAyMDcyMTE1NTJaMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuslCZXjSmVZQcJnC1ZGXSZGpjxGJ8trpiuF6Y2HgaWktPsP3uE3GVzjvtAJnz70cpb4pOZEK3u3W+NuQLw+XlDi5XHyDuScLIyGv1J1YmeSRVAQ4jCXhBiqNQqy+1YaAJpl2InsK1FwlWiC4ZoHwfyBsV65PH8viA2HcrPBahLSscBgYJ4kMpBFjXc6eEyZWFO6eYN/3Gb8KmT3VhgBdDxfrlXrpJwDjAuWWWaZ1gxsNbe4d2BMXRcjAGwTzObtBqECrqbKNtzKVLNkCo5VO2SdIWmi9x9oD+eppuPOvMornNd32b8KWxPLucP1ZchhrcwGOWSYEkhNrLDhpX+tKUFM4d6EGdEv4yA4gIx4JN4MvBa6onM5HUmXGmvr0OkBnbsi/Zk77c/jmDkL53n/jG1V5BR3kLnt04h4xhyiK6ITNmNR5HNSdlzhKT/qdneqIYoAVIQvHC/wUA3B+B3uurhtr9a6cLYvya9WBANJgQDLcSXDa6zBlvaPz7XtROaMKkY4U6FCn0r7a12r154CYWwjxkYN4r7ebxw9wgVa0GkRFsMGVEZ/vCiB4q3LHvtAu4mRYBb1srMZ15fUTn0DQn5RL65FwTpt1BRfiUHhXuNWRDzdqyoRcihP25YTWPcyW4AZGFstTCZHoK/sSS6+/E7zVlvt3ZKrpyXhNNI3QG3sCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAeOoVwAXAko+XDdRePouvNdHRGFNEq67H/0F9yCCms5d7iMW1X5da37ukYe3TCWMYFP6J2HGBdbL8IZpnro4s2IPH2Ez0VgaY95N6iBkZEdClPshGKcrlEkgeCA5gA+IK28pl9OXJtf2U4DGL0LAGDun87+wPLuDRVkp4SdEzVYGRxy5Y0IiuoYipzpj1AJ7E9g3ulwGkWnt2Np/7paNwAmED3g/IHIdyw3fyVbHJgPjsFsRnuLJghwKs95WP92fagJYnuoj6RTo4bo6z6z1wYvQzyzxT1mpgThm0FyqSOeyuJ+f+tctJbnc6afMteloDKJBfAPNDN7cuQ8agaj7RcqkKKndOPOqxZ/G6TyqR1MDQg5mBlbWV7ejoBAQwhno6r8fNRejVVmkEZ7F+BLGSWJ2xPGwGcEHuoDvtAjSoVlrELSRVjOKUMFwiT9g7WArldkXWYZw7nzfifvo3KhLjYmOWZKhzk4+8NnyaslI5jCTev0wBEBJ5Xwj8me8/xK3Mu/VQjzIGO5bHTcTfXOCZcdQTQI65fA8yDidW7ZP2Dn4yMk4mrIjGxu3qj9daxKhvvCAOhbxyTZfCbci1bWEU5ochTu7csBX4MlYlhYpzitsfyndyFaL9WjX8up4y90PxOO3SClt0lltfy/NXHCZZj56cmKp6FctclPoiptTIRqJdoke9keGfFxrWEUmg0Pk60kFs3A== ---- -apiVersion: v1 -kind: Secret -metadata: - name: zookeeper-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRGJ6Q0NBbGNDQVFBd1NERUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhFakFRQmdOVkJBTVRDWHB2YjJ0bFpYQmxjakNDQVNJd0RRWUpLb1pJCmh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTWp2RlhTSDQ1YmRRb1NsUjNxekhkSjliWjJZZU5PZXhYYjcKSmdiOXpIKzlJT1BIaTFFOEJrbFZHRVFJOS82RUlNckVDaSsrWmRqS01Kc01jS25KazBBc2VjU3BlRVdhS0dhMQo0TEwyVTg2YzNqRHB3bG45SUxFWmd3OTNEWXBpYmNOcEFsbW5BUmVOZDdoaFczdStpKzVsS0JGT2dXbVR3WHhsCktNOUZhL1BlbGFZc1ZXTVlpa1ZGbmNRNjg3WnpWejZqenlsb2p1QjJwK3JudHZ0Vkg2RFpGQ2xUekdsY2xJSnIKRXRFNHVNMm1DbW9BSmVRUHhDVWxWZmJGbS9GYUlSbFJ5cUE4WUZQT1gxUmlYdlJ0dXBxblh0eHhaTWhIWkRyTQpmOXBpaTRKL2lmQUx0RTIvZFB2ekViclQ5UzM2dkVKekphRVFML2lhVjQ0RFR5YTlycFVDQXdFQUFhQ0I0VENCCjNnWUpLb1pJaHZjTkFRa09NWUhRTUlITk1JSEtCZ05WSFJFRWdjSXdnYitDQ1hwdmIydGxaWEJsY29JVGVtOXYKYTJWbGNHVnlMbU52Ym1ac2RXVnVkSUlYZW05dmEyVmxjR1Z5TG1OdmJtWnNkV1Z1ZEM1emRtT0NKWHB2YjJ0bApaWEJsY2k1amIyNW1iSFZsYm5RdWMzWmpMbU5zZFhOMFpYSXViRzlqWVd5Q0ZTb3VlbTl2YTJWbGNHVnlMbU52CmJtWnNkV1Z1ZElJbktpNTZiMjlyWldWd1pYSXVZMjl1Wm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnMKZ2gwcUxtTnZibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQwpBUUVBSEJqN2x0Uk9Nc1FVTWlVOUZZUFRQSTJ5NW1iQlk3WGNZNk9tVUE0ampLZ1hZVFlrSU5Cc1htcFBZTGw1CmtRTVR0VTNFSUZrdklwUEVLUE0vTFFLSjNlcHkwUTMybmh6TWFTaTdUdWg2WmpyUzRaMGxvVmpRZU9TTzJ6QVcKaGgvdU15TFBrWUlTbndZbVpqeSsrMDBYeDhRYnlNMjZtVE5FNUt4d2dNaU9HbG1ON2tvU1JGWTdob3BmcWJWeApGUVBGMUpyNm5DTFV0bTRFMVZvN0tMQVJpbGo3QXVmSGNoYVpmZ3RiS2U5Q25mQTc5cTJpYkdtbDNncDEycTZVClZkUWVLUzU1eGJvUDdBc0VycmtwR3UzQm9xMjk0RGJtTW1lV3ovYW9IdDl4N29vRFBGNW9TYlF4eVRkcUNmWXcKSnpNY3Q1Z2l0cjluRGRwNFc5WkxSbEdMWlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EqeFjgAABQEwggT9MA4GCisGAQQBKgIRAQEFAASCBOkcB/nfvwtr736A0LeqwWYJXKcMrOGsloCjEpUx2PIsz3f+CGcsbMp1mYGxsgXflHxRpfDgqhFdpwjbVIfQ0zvb4p5S/oWePL5vcynIAxAcqO6rsK08cHmN+AE2R+u5kBh0tqFW/cyl0aUA7GcNlojgoazZavgWHPhh9yqHSA/5lUOlGky6sYFhty2o7NJHDhWd++WRnEssifDmmHHEkv36EaVKpsWtgwYz5EwFWTi2CUl4K5Z0/ZmvMJqSGyMq3Dehl1y1jrwogdwEWQk7kgjcwP00NIEkAWj1OUm0P43wLahMFoxQfpLCEuZABPSePPh52AFQ9EA6x9k4+j/DZ4d9e3i6rWpFiJeCekvJt+8nvxFVa0H+d7V6cBP84NHZWfNtv5vfUdB4yIaonvkCpgvmX0QYrco1S45dc7A54HKW14FcbZmARQl+NBsyhkDR4ykqlG/fr+as2mfIGh3CQBgvNNEsRGvDEaa9yPvLTzDk7b7h6VgGYv/vLNHuwXV3KBgFvN5XMvI66iByU7f/Gep8rj1VpHr7D9uTTkusdxz8b8+DGJUQ1lq+yb1OgjKkEdpQhc/Dm4HEvXUP2A+044MH+Z6WfsYV80w5r76wG2lDsVAOXnkvyjNa0GaertgzagKMyzreT6XXtBpl7xkzsTx1Kresoz5lq0JBuEc97MRThRaQLy2sMK0/3K6K2XT6WcAPdsU7mAZb8Z4RktV0Zoj+ey1esLUTyV81uniZ8tV4pO60m9aNkm1c3FMx2xA/ruPGr9+WceQQ+bjPcmpuLM7bicrhnYTaPRmMfHsK2Bq1C9qMwvLXnQ/6jubL+CjkdR9T8WiY8SauC6FDJ2Z+a8NAZqK5E7eDFKEcKMiDt7Y7YUuF8DAkFYdvp/Pf+/k+aPI1CkZclMzIcngXwokh7aRX5PHJh+WjZa8JbG4zjupspl9m2E1WNgSGyAzeCFBtJk/S7rbK8N/vTuaaN0jXJ5kpGdTjGX6wOdGQhkfWp1FPssciLZxmvfMkU4dxanOlIDIGk7Cba+vXAIMdTbn3Ztj6BQOZI6hCi/PuRbJT6F0kc9XoWXoLvPKCg2mJVXwx1/iExMTYF0awaEQR9s30Q9f85BGy9YERk4kiKjsy4m+CcwkdjC/2aDPrB2oVdGFDvKWamPAfQuoMcfLoXdznpR2+WmLvT/zLEA37a0sfF5hX2AFDtUS/ntwCQxVpEb0nl/8nxf/g+EN28fkxEAK8tjPupU9O+9Ze4sT9Hw/2V9ddvUDLpWSqeEmvQxcB6M9wBzUlbSQ8GTftWuLS9XIRLS1mldVrNoG9BYqDeeDqeI7zomwpOSaCND4Ey12JbeFdUgWENn9lmvDJoQBkoOtMutTSrLmyDjS16j+7/ZH5dmrcijBnBAkT4nDa53fmuq8NGWVkxv5XjrF37Wj59wwPNJ1GaYOSRGRKoNRb8rEciPuFh8voGBgewZmcwuAC3XQpgq+bdXbLUghdFRA0ON1/Al1Nd0ZRTdxiqaJ8wsPnFu6y+ygcC8OIzuSj3ezmjq+ds+ci+fQOIj04jVBIMgAii2fAohm+RlGjA8xnytmkq7l+V+hYMlB42gj+f8WbefK019SYEjAOgWn9Z/pHbzgzIGAd9JYFLpyrTW3cwjHEDzDtB3EHJCEpDJdKDAE5IF8QhrklgKfyP+MxngwAAAABAARYNTA5AAAFLDCCBSgwggMQoAMCAQICEGdpJ7rgx1Lwc4iZOyigcn4wDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDI3MDkyNzE5WhcNMjIwNDIyMDkyNzE5WjBIMQswCQYDVQQGEwJDSDEOMAwGA1UEChMFRHVmcnkxFTATBgNVBAsTDEluc2lnaHRzIFBPQzESMBAGA1UEAxMJem9va2VlcGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyO8VdIfjlt1ChKVHerMd0n1tnZh4057FdvsmBv3Mf70g48eLUTwGSVUYRAj3/oQgysQKL75l2MowmwxwqcmTQCx5xKl4RZooZrXgsvZTzpzeMOnCWf0gsRmDD3cNimJtw2kCWacBF413uGFbe76L7mUoEU6BaZPBfGUoz0Vr896VpixVYxiKRUWdxDrztnNXPqPPKWiO4Han6ue2+1UfoNkUKVPMaVyUgmsS0Ti4zaYKagAl5A/EJSVV9sWb8VohGVHKoDxgU85fVGJe9G26mqde3HFkyEdkOsx/2mKLgn+J8Au0Tb90+/MRutP1Lfq8QnMloRAv+JpXjgNPJr2ulQIDAQABo4IBDjCCAQowDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMIHKBgNVHREEgcIwgb+CCXpvb2tlZXBlcoITem9va2VlcGVyLmNvbmZsdWVudIIXem9va2VlcGVyLmNvbmZsdWVudC5zdmOCJXpvb2tlZXBlci5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCFSouem9va2VlcGVyLmNvbmZsdWVudIInKi56b29rZWVwZXIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2Fsgh0qLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAc/mIXN8mtOfOY+/yEVKUEi01ZC0qyEg0frpdHQJjeaenynKyvVEbQUHQ4UT6Of4IS4Q1FunsLCvqWMLe0hkFmuj59sK+CtwKfq5cc2jTlq1BACyTJB/peTsJHUL/CQKenMlRJMJS64tRDzYIdndQSG4M0LRrfnuiw6nkPIBNhb0Ud4hv3Fu4W2TKADGGGdfxd5gGCwB6o4hMp0/0Xaj9Mks5fqQq1Gc8AeLDTnw8GgZmUzBuH071rJxM5nENAlzP2mb/FqbbwmYkZArAslTFh+ngfYa/p7YzYxsKrS6Al22IncYwk26bs8f0fMnrlClj/4BJw6PishPY2p7HuChtLEkeUG+8ITBYLUeEvHlqZ3D7cYYbtbwYkqTNRx16sNe3cYGBSpDtbT/+89CUPGdWEKckaKCKXx+LYSy8nJrmJ4yEnuixRZgdqv8fptFabZqCKjQDGJF1gr/xgobyg12k75rE6oSIrZpfG/fAagRXADRQwWU/krtKMvh6kJh3HK8JxsuYBshsK43fdBgm3Y+aCteS80SdiZGkYelM3LLMxba7tA2JlPiMTMRK2eFgzjhy9Zu4sStFLentbNAUUJtT+xRP+Y1g0e1qgu9zprH91hdX6b2StyV3MIilbmrZ23XNYFEZH3cHiqMXuCyFICh7IllqYLxVd/r5FlURFHSuqYEAAAACAAJjYQAAAXkSp4WPAARYNTA5AAAFDDCCBQgwggLwAgkAwCk1qRAIiMUwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDE5MjExNTUyWhcNMjQwMjA3MjExNTUyWjBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALrJQmV40plWUHCZwtWRl0mRqY8RifLa6YrhemNh4GlpLT7D97hNxlc477QCZ8+9HKW+KTmRCt7t1vjbkC8Pl5Q4uVx8g7knCyMhr9SdWJnkkVQEOIwl4QYqjUKsvtWGgCaZdiJ7CtRcJVoguGaB8H8gbFeuTx/L4gNh3KzwWoS0rHAYGCeJDKQRY13OnhMmVhTunmDf9xm/Cpk91YYAXQ8X65V66ScA4wLlllmmdYMbDW3uHdgTF0XIwBsE8zm7QahAq6myjbcylSzZAqOVTtknSFpovcfaA/nqabjzrzKK5zXd9m/ClsTy7nD9WXIYa3MBjlkmBJITayw4aV/rSlBTOHehBnRL+MgOICMeCTeDLwWuqJzOR1Jlxpr69DpAZ27Iv2ZO+3P45g5C+d5/4xtVeQUd5C57dOIeMYcoiuiEzZjUeRzUnZc4Sk/6nZ3qiGKAFSELxwv8FANwfgd7rq4ba/WunC2L8mvVgQDSYEAy3Elw2uswZb2j8+17UTmjCpGOFOhQp9K+2tdq9eeAmFsI8ZGDeK+3m8cPcIFWtBpERbDBlRGf7wogeKtyx77QLuJkWAW9bKzGdeX1E59A0J+US+uRcE6bdQUX4lB4V7jVkQ83asqEXIoT9uWE1j3MluAGRhbLUwmR6Cv7EkuvvxO81Zb7d2Sq6cl4TTSN0Bt7AgMBAAEwDQYJKoZIhvcNAQELBQADggIBAHjqFcAFwJKPlw3UXj6LrzXR0RhTRKuux/9BfcggprOXe4jFtV+XWt+7pGHt0wljGBT+idhxgXWy/CGaZ66OLNiDx9hM9FYGmPeTeogZGRHQpT7IRinK5RJIHggOYAPiCtvKZfTlybX9lOAxi9CwBg7p/O/sDy7g0VZKeEnRM1WBkccuWNCIrqGIqc6Y9QCexPYN7pcBpFp7djaf+6WjcAJhA94PyByHcsN38lWxyYD47BbEZ7iyYIcCrPeVj/dn2oCWJ7qI+kU6OG6Os+s9cGL0M8s8U9ZqYE4ZtBcqkjnsrifn/rXLSW53OmnzLXpaAyiQXwDzQze3LkPGoGo+0XKpCip3TjzqsWfxuk8qkdTA0IOZgZW1le3o6AQEMIZ6Oq/HzUXo1VZpBGexfgSxklidsTxsBnBB7qA77QI0qFZaxC0kVYzilDBcIk/YO1gK5XZF1mGcO5834n76NyoS42JjlmSoc5OPvDZ8mrJSOYwk3r9MARASeV8I/JnvP8StzLv1UI8yBjuWx03E31zgmXHUE0COuXwPMg4nVu2T9g5+MjJOJqyIxsbt6o/XWsSob7wgDoW8ck2Xwm3ItW1hFOaHIU7u3LAV+DJWJYWKc4rbH8p3chWi/Vo1/LqeMvdD8Tjt0gpbdJZbX8vzVxwmWY+enJiqehXLXJT6IqbUyEaieC/K8+LUymGYeLMd7VgAaaZu7jQ= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZLRENDQXhDZ0F3SUJBZ0lRWjJrbnV1REhVdkJ6aUprN0tLQnlmakFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjd09USTNNVGxhRncweU1qQTBNakl3Ck9USTNNVGxhTUVneEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1SSXdFQVlEVlFRREV3bDZiMjlyWldWd1pYSXdnZ0VpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREk3eFYwaCtPVzNVS0VwVWQ2c3gzU2ZXMmRtSGpUbnNWMit5WUcvY3gvCnZTRGp4NHRSUEFaSlZSaEVDUGYraENES3hBb3Z2bVhZeWpDYkRIQ3B5Wk5BTEhuRXFYaEZtaWhtdGVDeTlsUE8Kbk40dzZjSlovU0N4R1lNUGR3MktZbTNEYVFKWnB3RVhqWGU0WVZ0N3ZvdnVaU2dSVG9GcGs4RjhaU2pQUld2egozcFdtTEZWakdJcEZSWjNFT3ZPMmMxYytvODhwYUk3Z2RxZnE1N2I3VlIrZzJSUXBVOHhwWEpTQ2F4TFJPTGpOCnBncHFBQ1hrRDhRbEpWWDJ4WnZ4V2lFWlVjcWdQR0JUemw5VVlsNzBiYnFhcDE3Y2NXVElSMlE2ekgvYVlvdUMKZjRud0M3Uk52M1Q3OHhHNjAvVXQrcnhDY3lXaEVDLzRtbGVPQTA4bXZhNlZBZ01CQUFHamdnRU9NSUlCQ2pBTwpCZ05WSFE4QkFmOEVCQU1DQXFRd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHCkExVWRFd0VCL3dRQ01BQXdnY29HQTFVZEVRU0J3akNCdjRJSmVtOXZhMlZsY0dWeWdoTjZiMjlyWldWd1pYSXUKWTI5dVpteDFaVzUwZ2hkNmIyOXJaV1Z3WlhJdVkyOXVabXgxWlc1MExuTjJZNElsZW05dmEyVmxjR1Z5TG1OdgpibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSVZLaTU2YjI5clpXVndaWEl1WTI5dVpteDFaVzUwCmdpY3FMbnB2YjJ0bFpYQmxjaTVqYjI1bWJIVmxiblF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDSFNvdVkyOXUKWm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUJ6K1loYwozeWEwNTg1ajcvSVJVcFFTTFRWa0xTcklTRFIrdWwwZEFtTjVwNmZLY3JLOVVSdEJRZERoUlBvNS9naExoRFVXCjZld3NLK3BZd3Q3U0dRV2E2UG4yd3I0SzNBcCtybHh6YU5PV3JVRUFMSk1rSCtsNU93a2RRdjhKQXA2Y3lWRWsKd2xMcmkxRVBOZ2gyZDFCSWJnelF0R3QrZTZMRHFlUThnRTJGdlJSM2lHL2NXN2hiWk1vQU1ZWVoxL0YzbUFZTApBSHFqaUV5blQvUmRxUDB5U3psK3BDclVaendCNHNOT2ZEd2FCbVpUTUc0ZlR2V3NuRXptY1EwQ1hNL2FadjhXCnB0dkNaaVJrQ3NDeVZNV0g2ZUI5aHIrbnRqTmpHd3F0TG9DWGJZaWR4akNUYnB1engvUjh5ZXVVS1dQL2dFbkQKbytLeUU5amFuc2U0S0cwc1NSNVFiN3doTUZndFI0UzhlV3BuY1B0eGhodTF2QmlTcE0xSEhYcXcxN2R4Z1lGSwprTzF0UC83ejBKUThaMVlRcHlSb29JcGZINHRoTEx5Y211WW5qSVNlNkxGRm1CMnEveCttMFZwdG1vSXFOQU1ZCmtYV0N2L0dDaHZLRFhhVHZtc1RxaElpdG1sOGI5OEJxQkZjQU5GREJaVCtTdTBveStIcVFtSGNjcnduR3k1Z0cKeUd3cmpkOTBHQ2JkajVvSzE1THpSSjJKa2FSaDZVemNzc3pGdHJ1MERZbVUrSXhNeEVyWjRXRE9PSEwxbTdpeApLMFV0NmUxczBCUlFtMVA3RkUvNWpXRFI3V3FDNzNPbXNmM1dGMWZwdlpLM0pYY3dpS1Z1YXRuYmRjMWdVUmtmCmR3ZUtveGU0TElVZ0tIc2lXV3BndkZWMyt2a1dWUkVVZEs2cGdRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRREk3eFYwaCtPVzNVS0UKcFVkNnN4M1NmVzJkbUhqVG5zVjIreVlHL2N4L3ZTRGp4NHRSUEFaSlZSaEVDUGYraENES3hBb3Z2bVhZeWpDYgpESENweVpOQUxIbkVxWGhGbWlobXRlQ3k5bFBPbk40dzZjSlovU0N4R1lNUGR3MktZbTNEYVFKWnB3RVhqWGU0CllWdDd2b3Z1WlNnUlRvRnBrOEY4WlNqUFJXdnozcFdtTEZWakdJcEZSWjNFT3ZPMmMxYytvODhwYUk3Z2RxZnEKNTdiN1ZSK2cyUlFwVTh4cFhKU0NheExST0xqTnBncHFBQ1hrRDhRbEpWWDJ4WnZ4V2lFWlVjcWdQR0JUemw5VQpZbDcwYmJxYXAxN2NjV1RJUjJRNnpIL2FZb3VDZjRud0M3Uk52M1Q3OHhHNjAvVXQrcnhDY3lXaEVDLzRtbGVPCkEwOG12YTZWQWdNQkFBRUNnZ0VBYWh3ZjkyNy9tQjcyVHJnOW5DVlUzV0NSYjRVaVlaYlo3ckJJYjY2OXZNTnkKeC9jTHNuV0JXRjZRdHZVSmlhWGE3MWxCaTk3L1I5SFdnenE1a0dBNzI4cmc3eU1UdWFYa0tnRm9UUG5hWGlUbgpEV3VVMEJMbG5jQzhQb0YvYkJINHB4WWdRSm41OEtjcmp2b1M1ckZFa2p0blFtUno0UDQvVW1MVmYwZkk3M292ClkrUll3UCtXVjhXcHBlbjdETk00VE41T2dsVTZQUVNpcDhhRXdHWUxjZS9BTVV4TnhrWjZsVmtFZ2NLaStWdXYKTTI4YUZiV1A0bk5zWjEwQnIvZTVYSHluakV6MkxtZ1J3RGdYMTloUy9VYWc3KzFqTGwrNjMzZGhNTkR1U0lQZApOdm9rNlVSWGZPbVh2dnpBd1dvWnU1b3krSUtGL3pJSVNQNVdCT0xGb1FLQmdRRGNFT3JMUWw5UUIyZkxJYldCCjRhUU90Y0w3U3hRRGpPRGxPeHFCbjJIUzlFbFV2T1NjNklPVmp3WUlscmRBemh2VFM3d2FERExpbFQ5QzhKSngKRUdxV3IxNCt2bkZSbGdZYkgrU09kOGxOczFETklTMHFyZ1FPNlo2NjcvUW5JMjUwLzhsWitNVGFNMEk5YThhaQp5T2JtSjBRZzQwUDVpT3RCYjlVaFlRMVUyUUtCZ1FEcHZtb1hrNXBDOEJLelJJUTlQWm1RNUFUQ1VYai8yeE5ICi81VmZZYmJQQSt6U2ZoS0NUcnRNWGtMTStlMzMvcHBmbWNiL1c4M2wzOW1Kb01Vd2tTdnk2bjZ5YjJHYWdOL0wKZkRTc1ZxNFlLdUhiN1FmVWp6ZGtqNHBVVTJabkZTMkVmaDFhc3VHR0F2TEN0dklMUGh5UVNmS1BLMlRyRmY3OQo1STNFNDhCaUhRS0JnUUNmS2YwbmxaR3FLREVCMGhlZElMMnZoZmJJR2IwWDlFU1VodkxjM1pHN0tjUC83YjdMClhjQU40NnZSZW5DQUJwSkplSFZMd1pic0dsWHU3R0IrTmdsaGd1VC9MRzU1TzdDZTNhcEpBSW93RUlsWVU2NS8KTit6bmZFQzVvK05LaTIzUVlWQVlLcnoxdEMwc2owN1RYY3JpbTNQQzlaeXNWa01ReVBtMWNxUlp3UUtCZ0VWUgpGWTgyVTNua1RmZGhxMEdxQWQ5bzcweGM4dUFWTEt1ZVRNTERiSDRKc1BKZk5zZno1ekZuaHJIWXNFeHA4WWZHClI3QTBubU84Tlh2TjlJeEprTm54MW02OS94amRmUUNRTGVLcHRla3UxbG5zK2ZSOElEWXZKeHVJdkFaM3prN0wKUTVOQkZ3WXgyNklJdE5ER3M1dktnaWNZL0UyRzhWNkRwOU1xbzBPMUFvR0FKUEU1M0t0NnFDazhJT1BhYkN2ZwpHVHJXbGMvOVN4b3prb1NyMzZIc3JaZHcva2wvRHhMc0tnL0JsK0swb3NVMy9oZTl0N2tRUWFxTVNqWUp5WG1oCndvOUFjMnpWcHR4SzZtWStaNklmQ3ord21kVW1VVSt3cnNIbFoyWlNxaVdUMHZ4Ujl0a1d0eHVUWTZTZHk3NGsKMlJ5UmdNVHo0UC9FV2pzRkVubnJDMDg9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EqeFjwAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGonq6PS2Q0EZUlgvokUMUzxA3ONO3 ---- \ No newline at end of file diff --git a/kustomize/base/confluent/control-centre.yaml b/kustomize/base/confluent/control-centre.yaml index 1f21341..20d9fa3 100644 --- a/kustomize/base/confluent/control-centre.yaml +++ b/kustomize/base/confluent/control-centre.yaml @@ -18,52 +18,28 @@ spec: application: confluentinc/cp-enterprise-control-center-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 dataVolumeCapacity: 20Gi - authorization: - type: rbac tls: autoGeneratedCerts: true dependencies: kafka: - bootstrapEndpoint: kafka.confluent.svc.cluster.local:9071 - authentication: - type: plain - jaasConfig: - secretRef: credential + bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 tls: enabled: true mds: - endpoint: https://kafka.confluent.svc.cluster.local:8090 - tokenKeyPair: - secretRef: mds-token - authentication: - type: bearer - bearer: - secretRef: c3-mds-client + endpoint: https://kafka.foobar.svc.cluster.local:8090 tls: enabled: true connect: - name: connect - url: https://connect.confluent.svc.cluster.local:8083 - authentication: - type: basic - basic: - secretRef: c3-mds-client + url: https://connect.foobar.svc.cluster.local:8083 tls: enabled: true ksqldb: - name: ksqldb - url: https://ksqldb.confluent.svc.cluster.local:8088 - authentication: - type: basic - basic: - secretRef: c3-mds-client + url: https://ksqldb.foobar.svc.cluster.local:8088 tls: enabled: true schemaRegistry: - url: https://schemaregistry.confluent.svc.cluster.local:8081 - authentication: - type: basic - basic: - secretRef: c3-mds-client + url: https://schemaregistry.foobar.svc.cluster.local:8081 tls: enabled: true diff --git a/kustomize/base/confluent/kafka-connect.yaml b/kustomize/base/confluent/kafka-connect.yaml index 1d9ee05..5dc5ce0 100644 --- a/kustomize/base/confluent/kafka-connect.yaml +++ b/kustomize/base/confluent/kafka-connect.yaml @@ -9,32 +9,12 @@ spec: init: confluentinc/cp-init-container-operator:6.1.1.0 tls: autoGeneratedCerts: true - authorization: - type: rbac dependencies: kafka: - bootstrapEndpoint: kafka.confluent.svc.cluster.local:9071 - authentication: - type: plain - jaasConfig: - secretRef: credential + bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 tls: enabled: true mds: - authentication: - type: bearer - bearer: - secretRef: connect-mds-client - endpoint: https://kafka.confluent.svc.cluster.local:8090 + endpoint: https://kafka.foobar.svc.cluster.local:8090 tls: enabled: true - tokenKeyPair: - secretRef: mds-token - configOverrides: - server: - - group.id=connect-cluster - - config.storage.topic=_confluent-connect-configs - - offset.storage.topic=_confluent-connect-offsets - - status.storage.topic=_confluent-connect-status - # - rest.extension.classes=io.confluent.connect.security.ConnectSecurityExtension,io.confluent.connect.secretregistry.ConnectSecretRegistryExtension ---- \ No newline at end of file diff --git a/kustomize/base/confluent/kafka.yaml b/kustomize/base/confluent/kafka.yaml index c929437..7c3639e 100644 --- a/kustomize/base/confluent/kafka.yaml +++ b/kustomize/base/confluent/kafka.yaml @@ -10,109 +10,31 @@ spec: dataVolumeCapacity: 40Gi tls: autoGeneratedCerts: true - listeners: - # internal listener is used to access the Kafka cluster from the same Kubernetes cluster, - # i.e. in the svc.cluster.local - internal: - authentication: - type: plain - jaasConfig: - secretRef: credential - tls: - enabled: true - # external listener exposes the Kafka bootstrap and brokers as LB endpoints - external: - authentication: - type: plain - jaasConfig: - secretRef: credential - tls: - enabled: true - authorization: - type: rbac - superUsers: - - User:kafka services: mds: tls: enabled: true - tokenKeyPair: - secretRef: mds-token - provider: - type: ldap - ldap: - address: ldap://ldap.tools.svc.cluster.local:389 - authentication: - type: simple - simple: - secretRef: credential - configurations: - groupNameAttribute: cn - groupObjectClass: group - groupMemberAttribute: member - groupMemberAttributePattern: CN=(.*),DC=test,DC=com - groupSearchBase: dc=test,dc=com - userNameAttribute: cn - userMemberOfAttributePattern: CN=(.*),DC=test,DC=com - userObjectClass: organizationalRole - userSearchBase: dc=test,dc=com configOverrides: server: - # the LDAP lookup is set by default to ONE_LEVEL -# - ldap.user.search.scope=2 -# - ldap.search.mode=GROUPS - - confluent.schema.registry.url=registry.production.svc.cluster.local:8081 - # Overwrite the default settings on the INTERNAL listener -# - listener.name.internal.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER -# - listener.name.internal.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; -# - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler -# - listener.name.internal.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; -# - listener.name.internal.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler -# - listener.name.internal.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler -# # Overwrite the default settings on the EXTERNAL listener -# - listener.name.external.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER -# - listener.name.external.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; -# - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler -# - listener.name.external.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; -# - listener.name.external.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler -# - listener.name.external.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler -# # Overwrite the default settings on the REPLICATION listener -# - listener.name.replication.sasl.enabled.mechanisms=PLAIN -# - listener.name.replication.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="${file:/mnt/secrets/credential/plain.txt:username}" password="${file:/mnt/secrets/credential/plain.txt:password}"; -# - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - # log4j: - # - log4j.logger.io.confluent.security.auth.provider.ldap.LdapGroupManager=DEBUG + - confluent.schema.registry.url=registry.foobar.svc.cluster.local:8081 dependencies: - kafkaRest: - authentication: - type: bearer - bearer: - secretRef: mds-client zookeeper: - endpoint: zookeeper.confluent.svc.cluster.local:2182 - authentication: - type: digest - jaasConfig: - secretRef: credential + endpoint: zookeeper.foobar.svc.cluster.local:2182 tls: enabled: true metricReporter: enabled: true - bootstrapEndpoint: kafka.confluent.svc.cluster.local:9071 - authentication: - type: plain - jaasConfig: - secretRef: credential + bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 tls: enabled: true --- -apiVersion: platform.confluent.io/v1beta1 -kind: KafkaRestClass -metadata: - name: default -spec: - kafkaRest: - authentication: - type: bearer - bearer: - secretRef: rest-credential \ No newline at end of file +#apiVersion: platform.confluent.io/v1beta1 +#kind: KafkaRestClass +#metadata: +# name: default +#spec: +# kafkaRest: +# authentication: +# type: bearer +# bearer: +# secretRef: rest-credential \ No newline at end of file diff --git a/kustomize/base/confluent/ksqldb.yaml b/kustomize/base/confluent/ksqldb.yaml index a7cd82a..082f940 100644 --- a/kustomize/base/confluent/ksqldb.yaml +++ b/kustomize/base/confluent/ksqldb.yaml @@ -10,28 +10,12 @@ spec: dataVolumeCapacity: 10Gi tls: autoGeneratedCerts: true - authorization: - type: rbac dependencies: kafka: - bootstrapEndpoint: kafka.confluent.svc.cluster.local:9071 - authentication: - type: plain - jaasConfig: - secretRef: credential + bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 tls: enabled: true mds: - authentication: - type: bearer - bearer: - secretRef: ksqldb-mds-client - endpoint: https://kafka.confluent.svc.cluster.local:8090 + endpoint: https://kafka.foobar.svc.cluster.local:8090 tls: enabled: true - tokenKeyPair: - secretRef: mds-token - configOverrides: - server: - - ksql.service.id=ksqldb-cluster ---- \ No newline at end of file diff --git a/kustomize/base/confluent/kustomization.yaml b/kustomize/base/confluent/kustomization.yaml index a89f32d..9df20d6 100644 --- a/kustomize/base/confluent/kustomization.yaml +++ b/kustomize/base/confluent/kustomization.yaml @@ -7,4 +7,3 @@ resources: - schema-registry.yaml - control-centre.yaml - ksqldb.yaml -# - rest-proxy.yaml \ No newline at end of file diff --git a/kustomize/base/confluent/rest-proxy.yaml b/kustomize/base/confluent/rest-proxy.yaml deleted file mode 100644 index b348776..0000000 --- a/kustomize/base/confluent/rest-proxy.yaml +++ /dev/null @@ -1,192 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - annotations: - prometheus.io/port: "7778" - prometheus.io/scrape: "true" - labels: - type: rest - name: rest -spec: - podManagementPolicy: Parallel - replicas: 1 - selector: - matchLabels: - app: rest - clusterId: confluent - type: rest - serviceName: rest - template: - metadata: - labels: - app: rest - clusterId: confluent - type: rest - name: rest - spec: - containers: - - name: rest - image: confluentinc/cp-kafka-rest:6.1.1-1-ubi8 - imagePullPolicy: IfNotPresent - - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: KAFKA_REST_CONFIG_PROVIDERS - value: file - - name: KAFKA_REST_CONFIG_PROVIDERS_FILE_CLASS - value: org.apache.kafka.common.config.provider.FileConfigProvider - # duplicated for the proper generation of /etc/kafka-rest/admin.properties - - name: KAFKA_REST_CLIENT_CONFIG_PROVIDERS - value: file - - name: KAFKA_REST_CLIENT_CONFIG_PROVIDERS_FILE_CLASS - value: org.apache.kafka.common.config.provider.FileConfigProvider - - name: KAFKA_REST_BOOTSTRAP_SERVERS - value: kafka.confluent.svc.cluster.local:9071 - - name: KAFKA_REST_CLIENT_SECURITY_PROTOCOL - value: SASL_SSL - - name: KAFKA_REST_CLIENT_SASL_MECHANISM - value: PLAIN - - name: KAFKA_REST_CLIENT_SASL_JAAS_CONFIG - value: org.apache.kafka.common.security.plain.PlainLoginModule required username="${file:/mnt/secrets/rest/plain.txt:username}" password="${file:/mnt/secrets/rest/plain.txt:password}"; - - name: KAFKA_REST_CLIENT_SSL_KEY_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_CLIENT_SSL_KEYSTORE_LOCATION - value: /mnt/sslcerts/keystore.jks - - name: KAFKA_REST_CLIENT_SSL_KEYSTORE_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_CLIENT_SSL_TRUSTSTORE_LOCATION - value: /mnt/sslcerts/truststore.jks - - name: KAFKA_REST_CLIENT_SSL_TRUSTSTORE_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_LISTENERS - value: https://0.0.0.0:8080,http://localhost:9080 - - name: KAFKA_REST_SSL_ENABLED_PROTOCOLS - value: TLSv1.2 - - name: KAFKA_REST_SSL_KEY_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_SSL_KEYSTORE_LOCATION - value: /mnt/sslcerts/keystore.jks - - name: KAFKA_REST_SSL_KEYSTORE_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_SSL_TRUSTSTORE_LOCATION - value: /mnt/sslcerts/truststore.jks - - name: KAFKA_REST_SSL_TRUSTSTORE_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_SCHEMA_REGISTRY_URL - value: https://registry.confluent.svc.cluster.local:8081 - - name: KAFKA_REST_SCHEMA_REGISTRY_HTTPS_SSL_KEY_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_SCHEMA_REGISTRY_HTTPS_SSL_KEYSTORE_LOCATION - value: /mnt/sslcerts/keystore.jks - - name: KAFKA_REST_SCHEMA_REGISTRY_HTTPS_SSL_KEYSTORE_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_SCHEMA_REGISTRY_HTTPS_SSL_TRUSTSTORE_LOCATION - value: /mnt/sslcerts/truststore.jks - - name: KAFKA_REST_SCHEMA_REGISTRY_HTTPS_SSL_TRUSTSTORE_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_CONFLUENT_REST_AUTH_PROPAGATE_METHOD - value: JETTY_AUTH - - name: KAFKA_REST_KAFKA_REST_RESOURCE_EXTENSION_CLASS - value: io.confluent.kafkarest.security.KafkaRestSecurityResourceExtension - - name: KAFKA_REST_REST_SERVLET_INITIALIZOR_CLASSES - value: io.confluent.common.security.jetty.initializer.InstallBearerOrBasicSecurityHandler - - name: KAFKA_REST_PUBLIC_KEY_PATH - value: /mnt/secrets/rest/mdsPublicKey.pem - - name: KAFKA_REST_CONFLUENT_METADATA_BOOTSTRAP_SERVER_URLS - value: https://kafka.confluent.svc.cluster.local:8090 - - name: KAFKA_REST_CONFLUENT_METADATA_HTTP_AUTH_CREDENTIALS_PROVIDER - value: BASIC - - name: KAFKA_REST_CONFLUENT_METADATA_BASIC_AUTH_USER_INFO - value: ${file:/mnt/secrets/rest/basic.txt:username}:${file:/mnt/secrets/rest/basic.txt:password} - - name: KAFKA_REST_CONFLUENT_METADATA_SSL_TRUSTSTORE_LOCATION - value: /mnt/sslcerts/truststore.jks - - name: KAFKA_REST_CONFLUENT_METADATA_SSL_TRUSTSTORE_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - startupProbe: - exec: - command: - - curl - - http://localhost:9080/ - failureThreshold: 60 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - livenessProbe: - exec: - command: - - curl - - http://localhost:9080/ - failureThreshold: 5 - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 5 - ports: - - containerPort: 8080 - name: external - protocol: TCP - - containerPort: 9080 - name: internal - protocol: TCP - - containerPort: 7203 - name: jmx - protocol: TCP - - containerPort: 7777 - name: jolokia - protocol: TCP - - containerPort: 7778 - name: prometheus - protocol: TCP - - volumeMounts: - - mountPath: /mnt/sslcerts - name: sslcerts - - mountPath: /mnt/secrets/rest - name: credentials - dnsPolicy: ClusterFirst - restartPolicy: Always - volumes: - - name: sslcerts - secret: - defaultMode: 420 - secretName: rest-sslcerts - - name: credentials - secret: - defaultMode: 420 - secretName: credential - updateStrategy: - type: RollingUpdate ---- -apiVersion: v1 -kind: Service -metadata: - labels: - type: rest - name: rest -spec: - clusterIP: None - ports: - - name: external - port: 8080 - protocol: TCP - targetPort: 8080 - publishNotReadyAddresses: false - selector: - app: rest - clusterId: confluent - type: rest - sessionAffinity: ClientIP - type: ClusterIP ---- diff --git a/kustomize/base/confluent/schema-registry.yaml b/kustomize/base/confluent/schema-registry.yaml index d542db7..aded788 100644 --- a/kustomize/base/confluent/schema-registry.yaml +++ b/kustomize/base/confluent/schema-registry.yaml @@ -10,24 +10,12 @@ spec: init: confluentinc/cp-init-container-operator:6.1.1.0 tls: autoGeneratedCerts: true - authorization: - type: rbac dependencies: kafka: - bootstrapEndpoint: kafka.confluent.svc.cluster.local:9071 - authentication: - type: plain - jaasConfig: - secretRef: credential + bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 tls: enabled: true mds: - endpoint: https://kafka.confluent.svc.cluster.local:8090 - tokenKeyPair: - secretRef: mds-token - authentication: - type: bearer - bearer: - secretRef: sr-mds-client + endpoint: https://kafka.foobar.svc.cluster.local:8090 tls: enabled: true diff --git a/kustomize/base/confluent/zookeeper.yaml b/kustomize/base/confluent/zookeeper.yaml index 8257410..d14be35 100644 --- a/kustomize/base/confluent/zookeeper.yaml +++ b/kustomize/base/confluent/zookeeper.yaml @@ -10,9 +10,5 @@ spec: init: confluentinc/cp-init-container-operator:6.1.1.0 dataVolumeCapacity: 10Gi logVolumeCapacity: 10Gi - authentication: - type: digest - jaasConfig: - secretRef: credential tls: autoGeneratedCerts: true diff --git a/kustomize/base/operator/crds/kustomization.yaml b/kustomize/base/operator/crds/kustomization.yaml deleted file mode 100644 index 2ad3673..0000000 --- a/kustomize/base/operator/crds/kustomization.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - platform.confluent.io_confluentrolebindings.yaml - - platform.confluent.io_connects.yaml - - platform.confluent.io_controlcenters.yaml - - platform.confluent.io_kafkarestclasses.yaml - - platform.confluent.io_kafkas.yaml - - platform.confluent.io_kafkatopics.yaml - - platform.confluent.io_ksqldbs.yaml - - platform.confluent.io_migrationjobs.yaml - - platform.confluent.io_schemaregistries.yaml - - platform.confluent.io_zookeepers.yaml diff --git a/kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml b/kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml deleted file mode 100644 index 6ccc8de..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml +++ /dev/null @@ -1,249 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: confluentrolebindings.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: Status - type: string - - JSONPath: .status.kafkaClusterId - name: KafkaClusterId - type: string - - JSONPath: .status.principal - name: Principal - type: string - - JSONPath: .status.role - name: Role - type: string - - JSONPath: .status.kafkaRestClass - name: KafkaRestClass - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.clusterRegistryName - name: ClusterRegistryName - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: ConfluentRolebinding - listKind: ConfluentRolebindingList - plural: confluentrolebindings - shortNames: - - cfrb - - confluentrolebinding - singular: confluentrolebinding - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: ConfluentRolebinding is the Schema for the confluentrolebinding - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfluentRolebindingSpec defines the desired state of rolebinding - for cp component when rbac is enabled - properties: - clustersScopeByIds: - description: ClusterScope defines the scope of clustersId - properties: - connectClusterId: - minLength: 1 - type: string - kafkaClusterId: - minLength: 1 - type: string - ksqlClusterId: - minLength: 1 - type: string - schemaRegistryClusterId: - minLength: 1 - type: string - type: object - clustersScopeByRegistryName: - description: ClusterRegistryName defines the unique cluster name customer - registered in cluster registry - minLength: 1 - type: string - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - principal: - description: Principal defines the confluent rolebinding principal name - and the binding details. - properties: - name: - description: Name defines the name of the principal(user/group) - minLength: 1 - type: string - type: - enum: - - user - - group - type: string - required: - - name - - type - type: object - resourcePatterns: - description: ResourcePatterns define the qualified resources associated - with this rolebinding - items: - description: ResourcePattern define the qualified resource info associated - with this rolebinding - properties: - name: - description: Name defines the name of resource associated with - this rolebinding - minLength: 1 - type: string - patternType: - description: PatternType defines whether the pattern of resource - is PREFIXED or LITERAL, default is LITERAL if not set - enum: - - PREFIXED - - LITERAL - type: string - resourceType: - description: ResourceType defines the type of resource - minLength: 1 - type: string - required: - - name - - resourceType - type: object - type: array - role: - description: Role defines the name of the Role - minLength: 1 - type: string - required: - - principal - - role - type: object - status: - description: ConfluentRolebindingStatus defines the observed state of ConfluentRolebinding - properties: - clusterRegistryName: - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - kafkaClusterId: - type: string - kafkaRestClass: - type: string - mdsEndpoint: - type: string - principal: - type: string - resourcePatterns: - items: - description: ResourcePattern define the qualified resource info associated - with this rolebinding - properties: - name: - description: Name defines the name of resource associated with - this rolebinding - minLength: 1 - type: string - patternType: - description: PatternType defines whether the pattern of resource - is PREFIXED or LITERAL, default is LITERAL if not set - enum: - - PREFIXED - - LITERAL - type: string - resourceType: - description: ResourceType defines the type of resource - minLength: 1 - type: string - required: - - name - - resourceType - type: object - type: array - role: - type: string - state: - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_connects.yaml b/kustomize/base/operator/crds/platform.confluent.io_connects.yaml deleted file mode 100644 index b94a2ea..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_connects.yaml +++ /dev/null @@ -1,3103 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: connects.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.kafka.bootstrapEndpoint - name: Kafka - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: Connect - listKind: ConnectList - plural: connects - shortNames: - - connect - singular: connect - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: Connect is the Schema for the Connects API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConnectSpec defines the desired state of Connect - properties: - authentication: - description: Rest server security fields - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic credential - through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on the - server side only. Changes will be only reflected in ControlCenter - (C3). This configuration is ignored on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on the - server side only. This configuration is ignored on the client - side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme for Rest - Server - enum: - - basic - - mtls - type: string - required: - - type - type: object - authorization: - description: Authorization - properties: - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - type: - enum: - - rbac - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - connectorOverridePolicy: - description: ConnectorOverridePolicy allows policy to permit per-connector - override configuration for producer/consumer/admin prefix. More information - can be found here, https://docs.confluent.io/platform/current/connect/security.html#separate-principals - enum: - - All - - Principal - type: string - dependencies: - description: ConnectDependencies holds dependencies a connect requires - or can enable - properties: - admin: - description: configure admin client If bootstrapEndpoint is not - configured, the security is configured based on the kafka dependencies - configuration. Configure if different bootstrapEndpoint is required - for admin client - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - consumer: - description: Consumer security configuration to connect to Kafka - Cluster pointed by bootstrapEndpoint, used for sink connectors. - If bootstrapEndpoint is not configured, the security is configured - based on the kafka dependencies configuration. Configure if different - bootstrapEndpoint is required for consumer - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - interceptor: - description: configure confluent monitoring interceptor - properties: - configs: - description: Configs defines configs for the CP interceptor - Config override feature can be used to pass config - items: - type: string - type: array - consumer: - description: Consumer defines the consumer configuration for - interceptor. If not configured it will use the kafka dependency - configuration - properties: - authentication: - description: Authentication defines the authentication for - the kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's - JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference - to pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete - JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap - endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability - to discover kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is - running Uses the same namespace where Operator is - running if not configured - type: string - secretRef: - description: SecretRef defines the name of the secret - reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side - TLS setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - enabled: - description: Enabled defines to enable the CP interceptor configuration - type: boolean - producer: - description: Producer defines the producer configuration for - interceptor. If not configured it will use the kafka dependency - configuration - properties: - authentication: - description: Authentication defines the authentication for - the kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's - JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference - to pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete - JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap - endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability - to discover kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is - running Uses the same namespace where Operator is - running if not configured - type: string - secretRef: - description: SecretRef defines the name of the secret - reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side - TLS setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - publishMs: - type: integer - required: - - enabled - type: object - kafka: - description: Connect dependency for connecting to kafka. Uses discovery - if that specified - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mds: - description: Mds configurations for when RBAC is enabled - properties: - authentication: - description: Authentication defines MDS authentication configuration - properties: - bearer: - description: BearerAuthentication defines bearer authentication - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines the authentication type support - for MDS - enum: - - bearer - type: string - required: - - bearer - - type - type: object - endpoint: - description: Endpoint defines the mds endpoint - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: TokenKeyPair defines the token keypair to configure - MDS - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - authentication - - endpoint - - tokenKeyPair - type: object - producer: - description: Producer security configuration to connect to Kafka - Cluster pointed by bootstrapEndpoint, used for source connectors. - If bootstrapEndpoint is not configured, the security is configured - based on the kafka dependencies configuration. Configure if different - bootstrapEndpoint/security is required for producer - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - schemaRegistry: - description: configure connect dependency for schemaregistry - properties: - authentication: - description: Authentication defines the authentication for the - schemaregistry cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass - basic credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles - on the server side only. Changes will be only reflected - in ControlCenter (C3). This configuration is ignored - on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration is ignored - on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme - for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for schemaregistry cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - url - type: object - type: object - enableSchemas: - description: EnableSchemas defines whether to enable scheme or not - type: boolean - externalAccess: - description: CPExternalAccess holds all external access policies for - non-kafka components - properties: - ingress: - description: Ingress allows to create a ingress service Not implemented - yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user wishes - to exist. - properties: - backend: - description: A default backend capable of servicing requests - that don't match any rule. At least one of 'backend' or - 'rules' must be specified. This field is optional to allow - the loadbalancer controller or defaulting logic to specify - a global default. - properties: - resource: - description: Resource is an ObjectRef to another Kubernetes - resource in the namespace of the Ingress object. If - resource is specified, serviceName and servicePort - must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the IngressClass - cluster resource. The associated IngressClass defines - which controller will implement the resource. This replaces - the deprecated `kubernetes.io/ingress.class` annotation. - For backwards compatibility, when that annotation is set, - it must be given precedence over this field. The controller - may emit a warning if the field and annotation have different - values. Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource may - be marked as default, which can be used to set a default - value for this field. For more information, refer to the - IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure the - Ingress. If unspecified, or no rule matches, all traffic - is sent to the default backend. - items: - description: IngressRule represents the rules mapping - the paths under a specified host to the related backend - services. Incoming requests are first evaluated for - a host match, then routed to the backend associated - with the matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified domain name - of a network host, as defined by RFC 3986. Note - the following deviations from the \"host\" part - of the URI as defined in RFC 3986: 1. IPs are not - allowed. Currently an IngressRuleValue can only - apply to the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected because ports - are not allowed. \t Currently the port of an Ingress - is implicitly :80 for http and \t :443 for https. - Both these may change in the future. Incoming requests - are matched against the host before the IngressRuleValue. - If the host is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a domain name - without the terminating dot of a network host (e.g. - \"foo.bar.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. - \"*.foo.com\"). The wildcard character '*' must - appear by itself as the first DNS label and matches - only a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests will - be matched against the Host field in the following - way: 1. If Host is precise, the request matches - this rule if the http host header is equal to Host. - 2. If Host is a wildcard, then the request matches - this rule if the http host header is to equal to - the suffix (removing the first label) of the wildcard - rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list of http - selectors pointing to backends. In the example: - http:///? -> backend where - where parts of the url correspond to RFC 3986, this - resource will be used to match against everything - after the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that map requests - to backends. - items: - description: HTTPIngressPath associates a path - with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: Backend defines the referenced - service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: Resource is an ObjectRef - to another Kubernetes resource in - the namespace of the Ingress object. - If resource is specified, serviceName - and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the - referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the - referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against the - path of an incoming request. Currently - it can contain characters disallowed from - the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin - with a '/'. When unspecified, all paths - from incoming requests are matched. - type: string - pathType: - description: 'PathType determines the interpretation - of the Path matching. PathType can be - one of the following values: * Exact: - Matches the URL path exactly. * Prefix: - Matches based on a URL path prefix split - by ''/''. Matching is done on a path - element by element basis. A path element - refers is the list of labels in the - path split by the ''/'' separator. A request - is a match for path p if every p is - an element-wise prefix of p of the request - path. Note that if the last element of - the path is a substring of the last - element in request path, it is not a match - (e.g. /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching is - up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix or Exact - path types. Implementations are required - to support all path types. Defaults to - ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress only - supports a single TLS port, 443. If multiple members of - this list specify different hosts, they will be multiplexed - on the same port according to the hostname specified through - the SNI TLS extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts - with the "Host" header field used by an IngressRule, - the SNI host is used for termination and value of - the Host header is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes load balancer - service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type load balancer - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring source - range - items: - type: string - type: array - port: - description: Port allows to configure external port for client - consumption If not configured, same internal/external port - will be configured per component Information about the port - can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port offset - to be used and will go in the increasing order with respect - to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for OpenShift - Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the OpenShift - service type route - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. It defaults - to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - internalTopicReplicationFactor: - description: ' InternalTopicReplicationFactor defines internal topic - replication factor If not configured, it will be configured as 3' - format: int32 - type: integer - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - keyConverterType: - description: KeyConverter defines the supported converters package for - CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters - By default, it is configured as org.apache.kafka.connect.json.JsonConverter - minLength: 1 - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - storageClass: - description: Storage class used for creating pvc's of created connect - pods - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - telemetry: - description: ConfluentTelemetry defines the confluent telemetry reporter - configuration - properties: - global: - description: Global will allow disabling telemetry configuration. - If Operator is deployed with telemetry, this field is only is - used to disabled. By default the value is true if telemetry is - enabled in global level. - type: boolean - type: object - tls: - description: TLS allows configuring CP Component's server configuration - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - valueConverterType: - description: ValueConverter defines the supported converters package - for CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters - By default, it is configured as org.apache.kafka.connect.json.JsonConverter - minLength: 1 - type: string - required: - - image - - replicas - type: object - status: - description: ConnectStatus defines the observed state of Connect - properties: - authorizationType: - type: string - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - groupId: - type: string - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - kafka: - description: KafkaClientInfoStatus defines the kafka client side status - for all CP component - properties: - authenticationType: - description: AuthenticationType defines the authentication type - for kafka - type: string - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - type: string - tls: - description: TLS defines if tls is enabled for kafka dependency - type: boolean - type: object - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - rbac: - description: RBACInfoStatus defines RBAC related status when RBAC is - enabled - properties: - clusterId: - description: ClusterId defines the id of cluster - type: string - internalRolebindings: - description: RolebindingState defines the state of internal rolebindings - items: - type: string - type: array - type: object - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - restConfig: - description: ListenerStatus describes general information about a listeners - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to connect - to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to connect - to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_controlcenters.yaml b/kustomize/base/operator/crds/platform.confluent.io_controlcenters.yaml deleted file mode 100644 index b2c2a1d..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_controlcenters.yaml +++ /dev/null @@ -1,3032 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: controlcenters.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.kafka.bootstrapEndpoint - name: Kafka - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: ControlCenter - listKind: ControlCenterList - plural: controlcenters - shortNames: - - controlcenter - - c3 - singular: controlcenter - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: ControlCenter is the Schema for the controlcenter API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ControlCenterSpec defines the desired state of ControlCenter - properties: - authentication: - description: Authentication defines the rest-endpoint configuration - properties: - basic: - description: BasicAuthentication defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic credential - through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on the - server side only. Changes will be only reflected in ControlCenter - (C3). This configuration is ignored on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on the - server side only. This configuration is ignored on the client - side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - ldap: - description: C3LdapAuthentication defines ldap authentication - properties: - property: - additionalProperties: - type: string - description: Property defines all the properties for LDAP configuration - Make sure to use secret object to pass username/password - type: object - restrictedRoles: - description: RestrictedRoles defines restricted access roles - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on the - server side only. - items: - type: string - minItems: 1 - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - basic - - ldap - - mtls - type: string - required: - - type - type: object - authorization: - description: Authorization defines authorization configurations - properties: - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - type: - enum: - - rbac - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - dataVolumeCapacity: - anyOf: - - type: integer - - type: string - description: DataVolumeCapacity defines the data size for PV - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - dependencies: - description: Dependencies defines all the dependencies service configuration - properties: - connect: - description: Connect defines connect worker dependencies configuration - items: - description: ControlCenterConnectDependency - properties: - authentication: - description: Authentication defines the authentication for - the connect cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass - basic credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles - on the server side only. Changes will be only reflected - in ControlCenter (C3). This configuration is ignored - on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration is ignored - on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme - for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - name: - description: Name defines the cluster name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - tls: - description: TLSDependencyConfig defines the client side TLS - setting for connect cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - name - - url - type: object - type: array - kafka: - description: Kafka defines kafka dependencies configuration - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - ksqldb: - description: KsqlDB defines ksqldb dependencies configuration - items: - description: ControlCenterKSQLDependency - properties: - advertisedUrl: - description: AdvertisedURL defines the advertised url to use - in browser. - minLength: 1 - pattern: ^https?://.* - type: string - authentication: - description: Authentication defines the authentication for - the ksqldb cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass - basic credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles - on the server side only. Changes will be only reflected - in ControlCenter (C3). This configuration is ignored - on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration is ignored - on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme - for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - name: - description: Name defines the cluster name - minLength: 1 - type: string - tls: - description: TLSDependencyConfig defines the client side TLS - setting for ksqldb cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - name - - url - type: object - type: array - mds: - description: MDSDependencies defines the RBAC dependencies configurations - properties: - authentication: - description: Authentication defines MDS authentication configuration - properties: - bearer: - description: BearerAuthentication defines bearer authentication - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines the authentication type support - for MDS - enum: - - bearer - type: string - required: - - bearer - - type - type: object - endpoint: - description: Endpoint defines the mds endpoint - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: TokenKeyPair defines the token keypair to configure - MDS - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - authentication - - endpoint - - tokenKeyPair - type: object - schemaRegistry: - description: SchemaRegistry defines schema registry dependencies - configuration - properties: - authentication: - description: Authentication defines the authentication for the - schemaregistry cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass - basic credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles - on the server side only. Changes will be only reflected - in ControlCenter (C3). This configuration is ignored - on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration is ignored - on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme - for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - clusters: - items: - description: ControlCenterMultiSchemaRegistryDependency - properties: - authentication: - description: Authentication defines the authentication - for the schemaregistry cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to - pass basic credential through directory path - in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted - roles on the server side only. Changes will - be only reflected in ControlCenter (C3). This - configuration is ignored on the client side - configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration - is ignored on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication - scheme for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - name: - description: Name defines the cluster name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - tls: - description: TLSDependencyConfig defines the client side - TLS setting for schemaregistry cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the - directory path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration - for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure - ignores the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name - referenced for jks password More information - about jks password key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - name - - url - type: object - type: array - tls: - description: TLSDependencyConfig defines the client side TLS - setting for schemaregistry cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - url - type: object - type: object - externalAccess: - description: ExternalAccess defines the external access configuration - properties: - ingress: - description: Ingress allows to create a ingress service Not implemented - yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user wishes - to exist. - properties: - backend: - description: A default backend capable of servicing requests - that don't match any rule. At least one of 'backend' or - 'rules' must be specified. This field is optional to allow - the loadbalancer controller or defaulting logic to specify - a global default. - properties: - resource: - description: Resource is an ObjectRef to another Kubernetes - resource in the namespace of the Ingress object. If - resource is specified, serviceName and servicePort - must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the IngressClass - cluster resource. The associated IngressClass defines - which controller will implement the resource. This replaces - the deprecated `kubernetes.io/ingress.class` annotation. - For backwards compatibility, when that annotation is set, - it must be given precedence over this field. The controller - may emit a warning if the field and annotation have different - values. Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource may - be marked as default, which can be used to set a default - value for this field. For more information, refer to the - IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure the - Ingress. If unspecified, or no rule matches, all traffic - is sent to the default backend. - items: - description: IngressRule represents the rules mapping - the paths under a specified host to the related backend - services. Incoming requests are first evaluated for - a host match, then routed to the backend associated - with the matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified domain name - of a network host, as defined by RFC 3986. Note - the following deviations from the \"host\" part - of the URI as defined in RFC 3986: 1. IPs are not - allowed. Currently an IngressRuleValue can only - apply to the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected because ports - are not allowed. \t Currently the port of an Ingress - is implicitly :80 for http and \t :443 for https. - Both these may change in the future. Incoming requests - are matched against the host before the IngressRuleValue. - If the host is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a domain name - without the terminating dot of a network host (e.g. - \"foo.bar.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. - \"*.foo.com\"). The wildcard character '*' must - appear by itself as the first DNS label and matches - only a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests will - be matched against the Host field in the following - way: 1. If Host is precise, the request matches - this rule if the http host header is equal to Host. - 2. If Host is a wildcard, then the request matches - this rule if the http host header is to equal to - the suffix (removing the first label) of the wildcard - rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list of http - selectors pointing to backends. In the example: - http:///? -> backend where - where parts of the url correspond to RFC 3986, this - resource will be used to match against everything - after the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that map requests - to backends. - items: - description: HTTPIngressPath associates a path - with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: Backend defines the referenced - service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: Resource is an ObjectRef - to another Kubernetes resource in - the namespace of the Ingress object. - If resource is specified, serviceName - and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the - referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the - referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against the - path of an incoming request. Currently - it can contain characters disallowed from - the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin - with a '/'. When unspecified, all paths - from incoming requests are matched. - type: string - pathType: - description: 'PathType determines the interpretation - of the Path matching. PathType can be - one of the following values: * Exact: - Matches the URL path exactly. * Prefix: - Matches based on a URL path prefix split - by ''/''. Matching is done on a path - element by element basis. A path element - refers is the list of labels in the - path split by the ''/'' separator. A request - is a match for path p if every p is - an element-wise prefix of p of the request - path. Note that if the last element of - the path is a substring of the last - element in request path, it is not a match - (e.g. /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching is - up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix or Exact - path types. Implementations are required - to support all path types. Defaults to - ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress only - supports a single TLS port, 443. If multiple members of - this list specify different hosts, they will be multiplexed - on the same port according to the hostname specified through - the SNI TLS extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts - with the "Host" header field used by an IngressRule, - the SNI host is used for termination and value of - the Host header is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes load balancer - service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type load balancer - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring source - range - items: - type: string - type: array - port: - description: Port allows to configure external port for client - consumption If not configured, same internal/external port - will be configured per component Information about the port - can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port offset - to be used and will go in the increasing order with respect - to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for OpenShift - Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the OpenShift - service type route - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. It defaults - to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - id: - description: ControlCenterID identifier used as a prefix so that multiple - instances of Control Center can co-exist. - format: int32 - type: integer - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - internalTopicReplicatorFactor: - format: int32 - type: integer - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - mail: - description: ControlCenterSMTPServer, these settings control the SMTP - server and account used when an alerts triggers the email action. - properties: - authentication: - description: Authentication SMTP supports basic authentication support - only For other types of authentication use config overrides capability. - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic - credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on - the server side only. Changes will be only reflected in - ControlCenter (C3). This configuration is ignored on the - client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on - the server side only. This configuration is ignored on - the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme for - Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - checkServerIdentity: - description: CheckServerIdentity forces validation of server’s certificate - when using STARTTLS or SSL. - type: boolean - hostname: - description: Hostname of outgoing SMTP server - minLength: 1 - type: string - mailBounceAddress: - description: MailBounceAddress override for MailFrom config to send - message - minLength: 1 - type: string - mailFrom: - description: MailFrom the originating address for emails sent from - Control Center. - minLength: 1 - type: string - port: - description: Port SMTP port open on for hostname - format: int32 - type: integer - startTLSRequired: - description: StartTLSRequired forces using STARTTLS. - type: boolean - required: - - hostname - type: object - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - monitoringKafkaClusters: - description: MonitoringKafkaClusters defines configuring monitoring - clusters - items: - description: MonitoringKafkaClusters kafka cluster configuration - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - name: - description: Name defines the cluster name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - tls: - description: TLSDependencyConfig defines the client side TLS setting - for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - required: - - name - type: object - type: array - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - name: - description: ControlCenterName name of the cluster - type: string - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - storageClass: - description: StorageClass defines user provided storage class reference - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - telemetry: - description: ConfluentTelemetry defines the confluent telemetry reporter - configuration - properties: - global: - description: Global will allow disabling telemetry configuration. - If Operator is deployed with telemetry, this field is only is - used to disabled. By default the value is true if telemetry is - enabled in global level. - type: boolean - type: object - tls: - description: TLS defines tls configuration for rest-endpoint - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - dataVolumeCapacity - - image - - replicas - type: object - status: - description: ControlCenterStatus defines the observed state of ControlCenter - properties: - authorizationType: - type: string - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - controlCenterName: - type: string - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - id: - format: int32 - type: integer - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - kafka: - description: KafkaClientInfoStatus defines the kafka client side status - for all CP component - properties: - authenticationType: - description: AuthenticationType defines the authentication type - for kafka - type: string - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - type: string - tls: - description: TLS defines if tls is enabled for kafka dependency - type: boolean - type: object - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - rbac: - description: RBACInfoStatus defines RBAC related status when RBAC is - enabled - properties: - clusterId: - description: ClusterId defines the id of cluster - type: string - internalRolebindings: - description: RolebindingState defines the state of internal rolebindings - items: - type: string - type: array - type: object - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - restConfig: - description: ListenerStatus describes general information about a listeners - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to connect - to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to connect - to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - required: - - id - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_kafkarestclasses.yaml b/kustomize/base/operator/crds/platform.confluent.io_kafkarestclasses.yaml deleted file mode 100644 index 2158aca..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_kafkarestclasses.yaml +++ /dev/null @@ -1,361 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: kafkarestclasses.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: KafkaRestClass - listKind: KafkaRestClassList - plural: kafkarestclasses - shortNames: - - krc - - kafkarestclass - singular: kafkarestclass - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: KafkaRestClass is the Schema for the kafkarestclasses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaRestClassSpec defines the desired state of KafkaRestClass - properties: - kafkaClusterRef: - description: KafkaClusterRef defines the name of the kafka cluster - properties: - name: - description: Name defines name of the Kafka cluster - minLength: 1 - type: string - namespace: - description: Namespace defines namespace where kafka cluster is - running - minLength: 1 - type: string - required: - - name - type: object - kafkaRest: - description: KafkaRestApiInfo defines Kafka Rest API configuration - properties: - authentication: - description: Authentication defines authentication of Kafka Rest - API - properties: - basic: - description: BasicAuthentication defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic - credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on - the server side only. Changes will be only reflected in - ControlCenter (C3). This configuration is ignored on the - client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on - the server side only. This configuration is ignored on - the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - bearer: - description: BearerAuthentication used by MDS clients - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - basic - - bearer - type: string - required: - - type - type: object - endpoint: - description: Endpoint defines where confluent Kafka Rest API is - running - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: TLSDependencyConfig defines the client side tls configuration - to connect to Kafka Rest API - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - secondaryKafkaClusterRef: - description: SecondaryKafkaClusterRef defines the name of the secondary - kafka cluster when using centralized RBAC - properties: - name: - description: Name defines name of the Kafka cluster - minLength: 1 - type: string - namespace: - description: Namespace defines namespace where kafka cluster is - running - minLength: 1 - type: string - required: - - name - type: object - secondaryKafkaRest: - description: SeconaryKafkaRestApiInfo defines secondary Kafka Rest API - configuration when using centralized RBAC - properties: - authentication: - description: Authentication defines authentication of Kafka Rest - API - properties: - basic: - description: BasicAuthentication defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic - credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on - the server side only. Changes will be only reflected in - ControlCenter (C3). This configuration is ignored on the - client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on - the server side only. This configuration is ignored on - the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - bearer: - description: BearerAuthentication used by MDS clients - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - basic - - bearer - type: string - required: - - type - type: object - endpoint: - description: Endpoint defines where confluent Kafka Rest API is - running - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: TLSDependencyConfig defines the client side tls configuration - to connect to Kafka Rest API - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - type: object - status: - description: KafkaRestClassStatus defines the observed state of KafkaRestClass - properties: - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - endpoint: - description: Endpoint defines the kafkarest/mds endpoint - type: string - kafkaClusterId: - description: KafkaClusterId defines the cluster id of kafka cluster - If using centralized RBAC and kafkarestclass is for secondary kafka - cluster, it will be clusterId of secondary kafka cluster - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_kafkas.yaml b/kustomize/base/operator/crds/platform.confluent.io_kafkas.yaml deleted file mode 100644 index 00cfcb9..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_kafkas.yaml +++ /dev/null @@ -1,4981 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: kafkas.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.zookeeperConnect - name: Zookeeper - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: Kafka - listKind: KafkaList - plural: kafkas - shortNames: - - kafka - - broker - singular: kafka - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: Kafka is the Schema for the kafkas API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaSpec defines the desired state of CP component, Kafka - Server - properties: - authorization: - description: Authorization defines authorization support - properties: - superUsers: - description: SuperUsers defines list of supers user to give admin - privilege on the Kafka Cluster This list takes the format as User: - items: - type: string - type: array - type: - enum: - - rbac - - simple - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - dataVolumeCapacity: - anyOf: - - type: integer - - type: string - description: DataVolumeCapacity defines the PV capacity. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - dependencies: - description: Dependencies defines all the kafka dependencies like zookeeper - and centralized MDS settings - properties: - kafkaRest: - description: KafkaRestApiClientDep provides rest client auth for - MDS when RBAC is enabled - properties: - authentication: - description: Authentication defines authentication of Kafka - Rest API - properties: - bearer: - description: BearerAuthentication defines bearer authentication - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines the authentication type support - for MDS - enum: - - bearer - type: string - required: - - bearer - - type - type: object - endpoint: - description: Endpoint defines where confluent Kafka Rest API - is running - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: TLSDependencyConfig defines the client side tls - configuration to connect to Kafka Rest API - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mds: - description: KafkaPrimaryMetaDataServerDep configure a secondary - Kafka cluster managed by the MDS of the primary Kafka cluster - properties: - endpoint: - description: URLEndpoint defines the URL endpoint in format - http|s://:port - minLength: 1 - pattern: ^https?://.* - type: string - kafka: - description: KafkaClientDependency allows configuring CP component - dependency to configure kafka settings - properties: - authentication: - description: Authentication defines the authentication for - the kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's - JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference - to pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete - JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap - endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability - to discover kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is - running Uses the same namespace where Operator is - running if not configured - type: string - secretRef: - description: SecretRef defines the name of the secret - reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side - TLS setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: MDSTokenKeyPair load either through secretRef or - directory path - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - endpoint - - kafka - - tokenKeyPair - type: object - zookeeper: - description: KafkaZookeeperDependencies - properties: - authentication: - description: KafkaClientAuthentication defines the authentication - structure for all dependent CP Component for Kafka Cluster. - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - discovery: - description: Discovery discover structure used by Confluent - platform (CP) - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - endpoint: - description: Endpoint defines the endpoint for service is format - endpoint:port - minLength: 1 - pattern: .+:[0-9]+ - type: string - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - type: object - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - listeners: - description: Listeners defines listeners configurations - properties: - custom: - items: - description: KafkaCustomListener ... - properties: - authentication: - description: KafkaZkAuthentication defines authentication - structure for Kafka/ZK cluster. - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to - pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - principalMappingRules: - items: - type: string - type: array - type: - description: Type defines supported kafka authentication - types - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - externalAccess: - description: KafkaExternalAccess allows to configure external - access for Kafka cluster - properties: - ingress: - description: Ingress allows to create a ingress service - Not implemented yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations - for the kubernetes service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the - user wishes to exist. - properties: - backend: - description: A default backend capable of servicing - requests that don't match any rule. At least - one of 'backend' or 'rules' must be specified. - This field is optional to allow the loadbalancer - controller or defaulting logic to specify a - global default. - properties: - resource: - description: Resource is an ObjectRef to another - Kubernetes resource in the namespace of - the Ingress object. If resource is specified, - serviceName and servicePort must not be - specified. - properties: - apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the - IngressClass cluster resource. The associated - IngressClass defines which controller will implement - the resource. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when - that annotation is set, it must be given precedence - over this field. The controller may emit a warning - if the field and annotation have different values. - Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource - may be marked as default, which can be used - to set a default value for this field. For more - information, refer to the IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure - the Ingress. If unspecified, or no rule matches, - all traffic is sent to the default backend. - items: - description: IngressRule represents the rules - mapping the paths under a specified host to - the related backend services. Incoming requests - are first evaluated for a host match, then - routed to the backend associated with the - matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified - domain name of a network host, as defined - by RFC 3986. Note the following deviations - from the \"host\" part of the URI as defined - in RFC 3986: 1. IPs are not allowed. Currently - an IngressRuleValue can only apply to - \ the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected - because ports are not allowed. \t Currently - the port of an Ingress is implicitly :80 - for http and \t :443 for https. Both - these may change in the future. Incoming - requests are matched against the host - before the IngressRuleValue. If the host - is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a - domain name without the terminating dot - of a network host (e.g. \"foo.bar.com\") - or \"wildcard\", which is a domain name - prefixed with a single wildcard label - (e.g. \"*.foo.com\"). The wildcard character - '*' must appear by itself as the first - DNS label and matches only a single label. - You cannot have a wildcard label by itself - (e.g. Host == \"*\"). Requests will be - matched against the Host field in the - following way: 1. If Host is precise, - the request matches this rule if the http - host header is equal to Host. 2. If Host - is a wildcard, then the request matches - this rule if the http host header is to - equal to the suffix (removing the first - label) of the wildcard rule." - type: string - http: - description: 'HTTPIngressRuleValue is a - list of http selectors pointing to backends. - In the example: http:///? - -> backend where where parts of the url - correspond to RFC 3986, this resource - will be used to match against everything - after the last ''/'' and before the first - ''?'' or ''#''.' - properties: - paths: - description: A collection of paths that - map requests to backends. - items: - description: HTTPIngressPath associates - a path with a backend. Incoming - urls matching the path are forwarded - to the backend. - properties: - backend: - description: Backend defines the - referenced service endpoint - to which the traffic will be - forwarded to. - properties: - resource: - description: Resource is an - ObjectRef to another Kubernetes - resource in the namespace - of the Ingress object. If - resource is specified, serviceName - and servicePort must not - be specified. - properties: - apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the - name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the - port of the referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against - the path of an incoming request. - Currently it can contain characters - disallowed from the conventional - "path" part of a URL as defined - by RFC 3986. Paths must begin - with a '/'. When unspecified, - all paths from incoming requests - are matched. - type: string - pathType: - description: 'PathType determines - the interpretation of the Path - matching. PathType can be one - of the following values: * Exact: - Matches the URL path exactly. - * Prefix: Matches based on a - URL path prefix split by ''/''. - Matching is done on a path - element by element basis. A - path element refers is the list - of labels in the path split - by the ''/'' separator. A request - is a match for path p if every - p is an element-wise prefix - of p of the request path. - Note that if the last element - of the path is a substring of - the last element in request - path, it is not a match (e.g. - /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). - * ImplementationSpecific: Interpretation - of the Path matching is up to the - IngressClass. Implementations - can treat this as a separate - PathType or treat it identically - to Prefix or Exact path types. - Implementations are required - to support all path types. Defaults - to ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the - Ingress only supports a single TLS port, 443. - If multiple members of this list specify different - hosts, they will be multiplexed on the same - port according to the hostname specified through - the SNI TLS extension, if the ingress controller - fulfilling the ingress supports SNI. - items: - description: IngressTLS describes the transport - layer security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included - in the TLS certificate. The values in - this list must match the name/s used in - the tlsSecret. Defaults to the wildcard - host setting for the loadbalancer controller - fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the - secret used to terminate TLS traffic on - port 443. Field is left optional to allow - TLS routing based on SNI hostname alone. - If the SNI host in a listener conflicts - with the "Host" header field used by an - IngressRule, the SNI host is used for - termination and value of the Host header - is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes - load balancer service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations - for the kubernetes service type load balancer - type: object - bootstrapPrefix: - description: BootstrapPrefix defines the prefix for - bootstrap advertised endpoint and will be added - as bootstrapPrefix.domain If not configured it will - be the cluster name of CR - minLength: 1 - type: string - brokerPrefix: - description: 'BrokerPrefix defines the prefix for - broker advertised endpoint and will be added as - brokerPrefix.domain If not configured, it will add - b as a prefix, like b#.domain where # will start - from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring - source range - items: - type: string - type: array - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on - service's port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed - names such as mycompany.com/my-custom-protocol. - Field can be enabled with ServiceAppProtocol - feature gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which - this service is exposed when type=NodePort - or LoadBalancer. Usually assigned by the system. - If specified, it will be allocated to the - service if unused or else creation of the - service will fail. Default is to auto-allocate - a port if the ServiceType of this Service - requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. - Supports "TCP", "UDP", and "SCTP". Default - is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to - access on the pods targeted by the service. - Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. If this is a string, - it will be looked up as a named port in the - target Pod''s container ports. If this is - not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should - be omitted or set equal to the ''port'' field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node - port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations - for the kubernetes service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port - offset to be used and will go in the increasing - order with respect to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on - service's port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed - names such as mycompany.com/my-custom-protocol. - Field can be enabled with ServiceAppProtocol - feature gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which - this service is exposed when type=NodePort - or LoadBalancer. Usually assigned by the system. - If specified, it will be allocated to the - service if unused or else creation of the - service will fail. Default is to auto-allocate - a port if the ServiceType of this Service - requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. - Supports "TCP", "UDP", and "SCTP". Default - is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to - access on the pods targeted by the service. - Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. If this is a string, - it will be looked up as a named port in the - target Pod''s container ports. If this is - not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should - be omitted or set equal to the ''port'' field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for - OpenShift Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations - for the OpenShift service type route - type: object - bootstrapPrefix: - description: BootstrapPrefix defines the prefix for - bootstrap advertised endpoint and will be added - as bootstrapPrefix.domain If not configured it will - be the cluster name of CR - minLength: 1 - type: string - brokerPrefix: - description: 'BrokerPrefix defines the prefix for - broker advertised endpoint and will be added as - brokerPrefix.domain If not configured, it will add - b as a prefix, like b#.domain where # will start - from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. - It defaults to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - staticForHostBasedRouting: - description: StaticForHostBasedRouting allows to integrate - with external ingress controllers by doing host based - routing through SNI capability. With this schema, operator - configures kafka advertised listeners only and no kubernetes - external service will be created. - properties: - brokerPrefix: - description: 'BrokerPrefix defines the prefix for - broker advertised endpoint and will be added as - brokerPrefix.domain If not configured, it will add - b as a prefix, like b#.domain where # will start - from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - port: - description: Port defines the port to be used in the - advertised listener for a broker - format: int32 - type: integer - required: - - domain - - port - type: object - staticForPortBasedRouting: - description: StaticForPortBasedRouting allows to enable - external access by port routing With this schema, operator - configures kafka advertised listeners only and no kubernetes - external service will be created. - properties: - host: - description: Host defines the host name to be used - in the advertised listener for a broker - minLength: 1 - type: string - portOffset: - description: PortOffset defines the portOffset to - be used and will go in the increasing order with - respect to the replicas count - format: int32 - type: integer - required: - - host - - portOffset - type: object - type: - description: Type defines supported kubernetes external - services - enum: - - loadBalancer - - nodePort - - route - - staticForPortBasedRouting - - staticForHostBasedRouting - type: string - required: - - type - type: object - name: - description: Name defines the name of the custom listener - internal/external/token can't be used as they are reserved - by the Operator - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: Port will bind given port to the custom listener. - Port < 9093 is reserved by the Operator - format: int32 - minimum: 9093 - type: integer - tls: - description: ClientTLSConfig defines TLS configuration for - CP component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - required: - - name - - port - type: object - type: array - external: - description: KafkaExternalAccessListener is the kafka specific external - listener - properties: - authentication: - description: KafkaZkAuthentication defines authentication structure - for Kafka/ZK cluster. - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - principalMappingRules: - items: - type: string - type: array - type: - description: Type defines supported kafka authentication - types - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - externalAccess: - description: KafkaExternalAccess allows to configure external - access for Kafka cluster - properties: - ingress: - description: Ingress allows to create a ingress service - Not implemented yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user - wishes to exist. - properties: - backend: - description: A default backend capable of servicing - requests that don't match any rule. At least one - of 'backend' or 'rules' must be specified. This - field is optional to allow the loadbalancer controller - or defaulting logic to specify a global default. - properties: - resource: - description: Resource is an ObjectRef to another - Kubernetes resource in the namespace of the - Ingress object. If resource is specified, - serviceName and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the - resource being referenced. If APIGroup - is not specified, the specified Kind must - be in the core API group. For any other - third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the - IngressClass cluster resource. The associated - IngressClass defines which controller will implement - the resource. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when - that annotation is set, it must be given precedence - over this field. The controller may emit a warning - if the field and annotation have different values. - Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource - may be marked as default, which can be used to - set a default value for this field. For more information, - refer to the IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure - the Ingress. If unspecified, or no rule matches, - all traffic is sent to the default backend. - items: - description: IngressRule represents the rules - mapping the paths under a specified host to - the related backend services. Incoming requests - are first evaluated for a host match, then routed - to the backend associated with the matching - IngressRuleValue. - properties: - host: - description: "Host is the fully qualified - domain name of a network host, as defined - by RFC 3986. Note the following deviations - from the \"host\" part of the URI as defined - in RFC 3986: 1. IPs are not allowed. Currently - an IngressRuleValue can only apply to the - IP in the Spec of the parent Ingress. 2. - The `:` delimiter is not respected because - ports are not allowed. \t Currently the - port of an Ingress is implicitly :80 for - http and \t :443 for https. Both these - may change in the future. Incoming requests - are matched against the host before the - IngressRuleValue. If the host is unspecified, - the Ingress routes all traffic based on - the specified IngressRuleValue. \n Host - can be \"precise\" which is a domain name - without the terminating dot of a network - host (e.g. \"foo.bar.com\") or \"wildcard\", - which is a domain name prefixed with a single - wildcard label (e.g. \"*.foo.com\"). The - wildcard character '*' must appear by itself - as the first DNS label and matches only - a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests - will be matched against the Host field in - the following way: 1. If Host is precise, - the request matches this rule if the http - host header is equal to Host. 2. If Host - is a wildcard, then the request matches - this rule if the http host header is to - equal to the suffix (removing the first - label) of the wildcard rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list - of http selectors pointing to backends. - In the example: http:///? - -> backend where where parts of the url - correspond to RFC 3986, this resource will - be used to match against everything after - the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that - map requests to backends. - items: - description: HTTPIngressPath associates - a path with a backend. Incoming urls - matching the path are forwarded to - the backend. - properties: - backend: - description: Backend defines the - referenced service endpoint to - which the traffic will be forwarded - to. - properties: - resource: - description: Resource is an - ObjectRef to another Kubernetes - resource in the namespace - of the Ingress object. If - resource is specified, serviceName - and servicePort must not be - specified. - properties: - apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name - of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port - of the referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against - the path of an incoming request. - Currently it can contain characters - disallowed from the conventional - "path" part of a URL as defined - by RFC 3986. Paths must begin - with a '/'. When unspecified, - all paths from incoming requests - are matched. - type: string - pathType: - description: 'PathType determines - the interpretation of the Path - matching. PathType can be one - of the following values: * Exact: - Matches the URL path exactly. - * Prefix: Matches based on a URL - path prefix split by ''/''. Matching - is done on a path element by - element basis. A path element - refers is the list of labels - in the path split by the ''/'' - separator. A request is a match - for path p if every p is an element-wise - prefix of p of the request path. - Note that if the last element - of the path is a substring of - the last element in request path, - it is not a match (e.g. /foo/bar matches - /foo/bar/baz, but does not match - /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching - is up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix - or Exact path types. Implementations - are required to support all path - types. Defaults to ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress - only supports a single TLS port, 443. If multiple - members of this list specify different hosts, - they will be multiplexed on the same port according - to the hostname specified through the SNI TLS - extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport - layer security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included - in the TLS certificate. The values in this - list must match the name/s used in the tlsSecret. - Defaults to the wildcard host setting for - the loadbalancer controller fulfilling this - Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the - secret used to terminate TLS traffic on - port 443. Field is left optional to allow - TLS routing based on SNI hostname alone. - If the SNI host in a listener conflicts - with the "Host" header field used by an - IngressRule, the SNI host is used for termination - and value of the Host header is used for - routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes - load balancer service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type load balancer - type: object - bootstrapPrefix: - description: BootstrapPrefix defines the prefix for - bootstrap advertised endpoint and will be added as - bootstrapPrefix.domain If not configured it will be - the cluster name of CR - minLength: 1 - type: string - brokerPrefix: - description: 'BrokerPrefix defines the prefix for broker - advertised endpoint and will be added as brokerPrefix.domain - If not configured, it will add b as a prefix, like - b#.domain where # will start from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring - source range - items: - type: string - type: array - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node - port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port - offset to be used and will go in the increasing order - with respect to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for - OpenShift Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the OpenShift service type route - type: object - bootstrapPrefix: - description: BootstrapPrefix defines the prefix for - bootstrap advertised endpoint and will be added as - bootstrapPrefix.domain If not configured it will be - the cluster name of CR - minLength: 1 - type: string - brokerPrefix: - description: 'BrokerPrefix defines the prefix for broker - advertised endpoint and will be added as brokerPrefix.domain - If not configured, it will add b as a prefix, like - b#.domain where # will start from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. - It defaults to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - staticForHostBasedRouting: - description: StaticForHostBasedRouting allows to integrate - with external ingress controllers by doing host based - routing through SNI capability. With this schema, operator - configures kafka advertised listeners only and no kubernetes - external service will be created. - properties: - brokerPrefix: - description: 'BrokerPrefix defines the prefix for broker - advertised endpoint and will be added as brokerPrefix.domain - If not configured, it will add b as a prefix, like - b#.domain where # will start from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - port: - description: Port defines the port to be used in the - advertised listener for a broker - format: int32 - type: integer - required: - - domain - - port - type: object - staticForPortBasedRouting: - description: StaticForPortBasedRouting allows to enable - external access by port routing With this schema, operator - configures kafka advertised listeners only and no kubernetes - external service will be created. - properties: - host: - description: Host defines the host name to be used in - the advertised listener for a broker - minLength: 1 - type: string - portOffset: - description: PortOffset defines the portOffset to be - used and will go in the increasing order with respect - to the replicas count - format: int32 - type: integer - required: - - host - - portOffset - type: object - type: - description: Type defines supported kubernetes external - services - enum: - - loadBalancer - - nodePort - - route - - staticForPortBasedRouting - - staticForHostBasedRouting - type: string - required: - - type - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - internal: - description: Listener is the base fields for component listener - configuration - properties: - authentication: - description: KafkaZkAuthentication defines authentication structure - for Kafka/ZK cluster. - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - principalMappingRules: - items: - type: string - type: array - type: - description: Type defines supported kafka authentication - types - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - type: object - metricReporter: - description: MetricsReporter defines the metric reporter configuration - which will be enabled by default, and piggyback internal listener's - authentication and TLS if it is not set - properties: - authentication: - description: KafkaClientAuthentication defines the authentication - structure for all dependent CP Component for Kafka Cluster. - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - type: string - enabled: - type: boolean - replicationFactor: - format: int32 - type: integer - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - required: - - enabled - type: object - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - rackAssignment: - description: RackAssignment defines the rack awareness capability for - kafka - properties: - availabilityZoneCount: - description: AvailabilityZoneCount if configured will configure - broker.rack with formula (pod_id % azCount) this is mainly for - backwards compatibility with Operator 1.0 - format: int32 - type: integer - nodeLabels: - description: NodeLabels if configured uses the kubernetes node APIs - to to retrieve the value to be used in the broker.rack. This feature - requires Confluent Operaotr to run in cluster-level access - items: - type: string - minItems: 1 - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - services: - description: KafkaServices defines services supported part of kafka - properties: - kafkaRest: - description: RestApiServer embedded rest api server - properties: - externalAccess: - description: CPExternalAccess holds all external access policies - for non-kafka components - properties: - ingress: - description: Ingress allows to create a ingress service - Not implemented yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user - wishes to exist. - properties: - backend: - description: A default backend capable of servicing - requests that don't match any rule. At least one - of 'backend' or 'rules' must be specified. This - field is optional to allow the loadbalancer controller - or defaulting logic to specify a global default. - properties: - resource: - description: Resource is an ObjectRef to another - Kubernetes resource in the namespace of the - Ingress object. If resource is specified, - serviceName and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the - resource being referenced. If APIGroup - is not specified, the specified Kind must - be in the core API group. For any other - third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the - IngressClass cluster resource. The associated - IngressClass defines which controller will implement - the resource. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when - that annotation is set, it must be given precedence - over this field. The controller may emit a warning - if the field and annotation have different values. - Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource - may be marked as default, which can be used to - set a default value for this field. For more information, - refer to the IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure - the Ingress. If unspecified, or no rule matches, - all traffic is sent to the default backend. - items: - description: IngressRule represents the rules - mapping the paths under a specified host to - the related backend services. Incoming requests - are first evaluated for a host match, then routed - to the backend associated with the matching - IngressRuleValue. - properties: - host: - description: "Host is the fully qualified - domain name of a network host, as defined - by RFC 3986. Note the following deviations - from the \"host\" part of the URI as defined - in RFC 3986: 1. IPs are not allowed. Currently - an IngressRuleValue can only apply to the - IP in the Spec of the parent Ingress. 2. - The `:` delimiter is not respected because - ports are not allowed. \t Currently the - port of an Ingress is implicitly :80 for - http and \t :443 for https. Both these - may change in the future. Incoming requests - are matched against the host before the - IngressRuleValue. If the host is unspecified, - the Ingress routes all traffic based on - the specified IngressRuleValue. \n Host - can be \"precise\" which is a domain name - without the terminating dot of a network - host (e.g. \"foo.bar.com\") or \"wildcard\", - which is a domain name prefixed with a single - wildcard label (e.g. \"*.foo.com\"). The - wildcard character '*' must appear by itself - as the first DNS label and matches only - a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests - will be matched against the Host field in - the following way: 1. If Host is precise, - the request matches this rule if the http - host header is equal to Host. 2. If Host - is a wildcard, then the request matches - this rule if the http host header is to - equal to the suffix (removing the first - label) of the wildcard rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list - of http selectors pointing to backends. - In the example: http:///? - -> backend where where parts of the url - correspond to RFC 3986, this resource will - be used to match against everything after - the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that - map requests to backends. - items: - description: HTTPIngressPath associates - a path with a backend. Incoming urls - matching the path are forwarded to - the backend. - properties: - backend: - description: Backend defines the - referenced service endpoint to - which the traffic will be forwarded - to. - properties: - resource: - description: Resource is an - ObjectRef to another Kubernetes - resource in the namespace - of the Ingress object. If - resource is specified, serviceName - and servicePort must not be - specified. - properties: - apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name - of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port - of the referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against - the path of an incoming request. - Currently it can contain characters - disallowed from the conventional - "path" part of a URL as defined - by RFC 3986. Paths must begin - with a '/'. When unspecified, - all paths from incoming requests - are matched. - type: string - pathType: - description: 'PathType determines - the interpretation of the Path - matching. PathType can be one - of the following values: * Exact: - Matches the URL path exactly. - * Prefix: Matches based on a URL - path prefix split by ''/''. Matching - is done on a path element by - element basis. A path element - refers is the list of labels - in the path split by the ''/'' - separator. A request is a match - for path p if every p is an element-wise - prefix of p of the request path. - Note that if the last element - of the path is a substring of - the last element in request path, - it is not a match (e.g. /foo/bar matches - /foo/bar/baz, but does not match - /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching - is up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix - or Exact path types. Implementations - are required to support all path - types. Defaults to ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress - only supports a single TLS port, 443. If multiple - members of this list specify different hosts, - they will be multiplexed on the same port according - to the hostname specified through the SNI TLS - extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport - layer security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included - in the TLS certificate. The values in this - list must match the name/s used in the tlsSecret. - Defaults to the wildcard host setting for - the loadbalancer controller fulfilling this - Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the - secret used to terminate TLS traffic on - port 443. Field is left optional to allow - TLS routing based on SNI hostname alone. - If the SNI host in a listener conflicts - with the "Host" header field used by an - IngressRule, the SNI host is used for termination - and value of the Host header is used for - routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes - load balancer service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type load balancer - type: object - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring - source range - items: - type: string - type: array - port: - description: Port allows to configure external port - for client consumption If not configured, same internal/external - port will be configured per component Information - about the port can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured - for the given domain If prefix is not configured, - the name of the cluster will be used as a default - value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node - port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port - offset to be used and will go in the increasing order - with respect to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for - OpenShift Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the OpenShift service type route - type: object - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured - for the given domain If prefix is not configured, - the name of the cluster will be used as a default - value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. - It defaults to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external - services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mds: - description: MetaDataServer - properties: - authentication: - description: MDSAuthentication supported MDS server configuration - properties: - type: - enum: - - bearer - type: string - required: - - type - type: object - externalAccess: - description: CPExternalAccess holds all external access policies - for non-kafka components - properties: - ingress: - description: Ingress allows to create a ingress service - Not implemented yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user - wishes to exist. - properties: - backend: - description: A default backend capable of servicing - requests that don't match any rule. At least one - of 'backend' or 'rules' must be specified. This - field is optional to allow the loadbalancer controller - or defaulting logic to specify a global default. - properties: - resource: - description: Resource is an ObjectRef to another - Kubernetes resource in the namespace of the - Ingress object. If resource is specified, - serviceName and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the - resource being referenced. If APIGroup - is not specified, the specified Kind must - be in the core API group. For any other - third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the - IngressClass cluster resource. The associated - IngressClass defines which controller will implement - the resource. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when - that annotation is set, it must be given precedence - over this field. The controller may emit a warning - if the field and annotation have different values. - Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource - may be marked as default, which can be used to - set a default value for this field. For more information, - refer to the IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure - the Ingress. If unspecified, or no rule matches, - all traffic is sent to the default backend. - items: - description: IngressRule represents the rules - mapping the paths under a specified host to - the related backend services. Incoming requests - are first evaluated for a host match, then routed - to the backend associated with the matching - IngressRuleValue. - properties: - host: - description: "Host is the fully qualified - domain name of a network host, as defined - by RFC 3986. Note the following deviations - from the \"host\" part of the URI as defined - in RFC 3986: 1. IPs are not allowed. Currently - an IngressRuleValue can only apply to the - IP in the Spec of the parent Ingress. 2. - The `:` delimiter is not respected because - ports are not allowed. \t Currently the - port of an Ingress is implicitly :80 for - http and \t :443 for https. Both these - may change in the future. Incoming requests - are matched against the host before the - IngressRuleValue. If the host is unspecified, - the Ingress routes all traffic based on - the specified IngressRuleValue. \n Host - can be \"precise\" which is a domain name - without the terminating dot of a network - host (e.g. \"foo.bar.com\") or \"wildcard\", - which is a domain name prefixed with a single - wildcard label (e.g. \"*.foo.com\"). The - wildcard character '*' must appear by itself - as the first DNS label and matches only - a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests - will be matched against the Host field in - the following way: 1. If Host is precise, - the request matches this rule if the http - host header is equal to Host. 2. If Host - is a wildcard, then the request matches - this rule if the http host header is to - equal to the suffix (removing the first - label) of the wildcard rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list - of http selectors pointing to backends. - In the example: http:///? - -> backend where where parts of the url - correspond to RFC 3986, this resource will - be used to match against everything after - the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that - map requests to backends. - items: - description: HTTPIngressPath associates - a path with a backend. Incoming urls - matching the path are forwarded to - the backend. - properties: - backend: - description: Backend defines the - referenced service endpoint to - which the traffic will be forwarded - to. - properties: - resource: - description: Resource is an - ObjectRef to another Kubernetes - resource in the namespace - of the Ingress object. If - resource is specified, serviceName - and servicePort must not be - specified. - properties: - apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name - of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port - of the referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against - the path of an incoming request. - Currently it can contain characters - disallowed from the conventional - "path" part of a URL as defined - by RFC 3986. Paths must begin - with a '/'. When unspecified, - all paths from incoming requests - are matched. - type: string - pathType: - description: 'PathType determines - the interpretation of the Path - matching. PathType can be one - of the following values: * Exact: - Matches the URL path exactly. - * Prefix: Matches based on a URL - path prefix split by ''/''. Matching - is done on a path element by - element basis. A path element - refers is the list of labels - in the path split by the ''/'' - separator. A request is a match - for path p if every p is an element-wise - prefix of p of the request path. - Note that if the last element - of the path is a substring of - the last element in request path, - it is not a match (e.g. /foo/bar matches - /foo/bar/baz, but does not match - /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching - is up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix - or Exact path types. Implementations - are required to support all path - types. Defaults to ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress - only supports a single TLS port, 443. If multiple - members of this list specify different hosts, - they will be multiplexed on the same port according - to the hostname specified through the SNI TLS - extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport - layer security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included - in the TLS certificate. The values in this - list must match the name/s used in the tlsSecret. - Defaults to the wildcard host setting for - the loadbalancer controller fulfilling this - Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the - secret used to terminate TLS traffic on - port 443. Field is left optional to allow - TLS routing based on SNI hostname alone. - If the SNI host in a listener conflicts - with the "Host" header field used by an - IngressRule, the SNI host is used for termination - and value of the Host header is used for - routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes - load balancer service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type load balancer - type: object - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring - source range - items: - type: string - type: array - port: - description: Port allows to configure external port - for client consumption If not configured, same internal/external - port will be configured per component Information - about the port can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured - for the given domain If prefix is not configured, - the name of the cluster will be used as a default - value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node - port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port - offset to be used and will go in the increasing order - with respect to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for - OpenShift Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the OpenShift service type route - type: object - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured - for the given domain If prefix is not configured, - the name of the cluster will be used as a default - value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. - It defaults to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external - services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - provider: - properties: - ldap: - description: LdapService LDAP configuration for RBAC - properties: - address: - type: string - authentication: - description: LdapAuthentication supported ldap configuration - for RBAC - properties: - simple: - description: LdapSimpleAuthentication load credential - either for secret or directory path in container - for RBAC - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - simple - - mtls - type: string - required: - - type - type: object - configurations: - description: LdapSettings ldap configurations for CP - RBAC. Anything missing can be passed through configOverride - capability - properties: - groupMemberAttribute: - minLength: 1 - type: string - groupMemberAttributePattern: - minLength: 1 - type: string - groupNameAttribute: - minLength: 1 - type: string - groupObjectClass: - minLength: 1 - type: string - groupSearchBase: - minLength: 1 - type: string - groupSearchFilter: - minLength: 1 - type: string - groupSearchScope: - format: int32 - type: integer - userMemberOfAttributePattern: - minLength: 1 - type: string - userNameAttribute: - minLength: 1 - type: string - userObjectClass: - minLength: 1 - type: string - userSearchBase: - minLength: 1 - type: string - userSearchFilter: - minLength: 1 - type: string - userSearchScope: - format: int32 - type: integer - type: object - tls: - description: ClientTLSConfig defines TLS configuration - for CP component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the - directory path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration - for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure - ignores the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name - referenced for jks password - properties: - secretRef: - description: SecretRef defines the secret name - referenced for jks password More information - about jks password key/value format can be - found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - required: - - address - - authentication - - configurations - type: object - type: - enum: - - ldap - type: string - required: - - ldap - - type - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: MDSTokenKeyPair load either through secretRef or - directory path - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - provider - - tokenKeyPair - type: object - type: object - storageClass: - description: StorageClass defines the user provided storage class. If - not configured, it will use default storage class. - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - telemetry: - description: ConfluentTelemetry defines the confluent telemetry reporter - configuration - properties: - global: - description: Global will allow disabling telemetry configuration. - If Operator is deployed with telemetry, this field is only is - used to disabled. By default the value is true if telemetry is - enabled in global level. - type: boolean - type: object - tls: - description: TLS defines the global level TLS configuration which can - be used by listeners and services if they all want to share same certificate. - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - dataVolumeCapacity - - image - - replicas - type: object - status: - description: KafkaStatus defines the observed state of KafkaServer - properties: - authorizationType: - type: string - brokerIdOffset: - format: int32 - type: integer - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - externalClient: - type: string - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - listeners: - additionalProperties: - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - client: - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to - connect to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to - connect to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - type: object - minISR: - format: int32 - type: integer - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - replicationFactor: - format: int32 - type: integer - services: - additionalProperties: - description: ListenerStatus describes general information about a - listeners - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to - connect to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to - connect to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - type: object - zookeeperConnect: - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_kafkatopics.yaml b/kustomize/base/operator/crds/platform.confluent.io_kafkatopics.yaml deleted file mode 100644 index e6afabd..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_kafkatopics.yaml +++ /dev/null @@ -1,287 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: kafkatopics.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.partitionCount - name: Partition - type: string - - JSONPath: .status.state - name: Status - type: string - - JSONPath: .status.kafkaClusterId - name: ClusterId - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: KafkaTopic - listKind: KafkaTopicList - plural: kafkatopics - shortNames: - - kt - - topic - singular: kafkatopic - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: KafkaTopic is the Schema for the kafkatopics API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaTopicSpec defines the desired state of KafkaTopic - properties: - configs: - additionalProperties: - type: string - description: Configs allows passing configs for topic More information - about topic configs is available here https://docs.confluent.io/current/installation/configuration/topic-configs.html - type: object - kafkaClusterRef: - description: KafkaClusterRef defines the name of the kafka cluster - properties: - name: - description: Name defines name of the Kafka cluster - minLength: 1 - type: string - namespace: - description: Namespace defines namespace where kafka cluster is - running - minLength: 1 - type: string - required: - - name - type: object - kafkaRest: - description: KafkaRestRef defines the Kafka Rest API configuration - properties: - authentication: - description: Authentication defines authentication of Kafka Rest - API - properties: - basic: - description: BasicAuthentication defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic - credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on - the server side only. Changes will be only reflected in - ControlCenter (C3). This configuration is ignored on the - client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on - the server side only. This configuration is ignored on - the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - bearer: - description: BearerAuthentication used by MDS clients - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - basic - - bearer - type: string - required: - - type - type: object - endpoint: - description: Endpoint defines where confluent Kafka Rest API is - running - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: TLSDependencyConfig defines the client side tls configuration - to connect to Kafka Rest API - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - name: - description: Name defines the topic name. If not configured uses the - CR name as topic name. - maxLength: 255 - minLength: 1 - pattern: ^[a-zA-Z0-9\._\-]*$ - type: string - partitionCount: - description: PartitionCount defines the partition count - format: int32 - minimum: 1 - type: integer - replicas: - description: Replicas defines the replication factor for a topic - format: int32 - minimum: 1 - type: integer - type: object - status: - description: KafkaTopicStatus defines the observed state of KafkaTopic - properties: - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - kafkaClusterId: - type: string - kafkaRestEndpoint: - type: string - partitionCount: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_ksqldbs.yaml b/kustomize/base/operator/crds/platform.confluent.io_ksqldbs.yaml deleted file mode 100644 index 5f99859..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_ksqldbs.yaml +++ /dev/null @@ -1,2719 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: ksqldbs.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.kafka.bootstrapEndpoint - name: Kafka - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: KsqlDB - listKind: KsqlDBList - plural: ksqldbs - shortNames: - - ksqldb - - ksql - singular: ksqldb - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: KsqlDB is the Schema for the ksql API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaSpec defines the desired state of CP component, Kafka - Server - properties: - authentication: - description: Authentication specifies whether auth is needed when accessing - the ksqlDB rest server. - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic credential - through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on the - server side only. Changes will be only reflected in ControlCenter - (C3). This configuration is ignored on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on the - server side only. This configuration is ignored on the client - side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme for Rest - Server - enum: - - basic - - mtls - type: string - required: - - type - type: object - authorization: - description: Authorization configuration defines RBAC configuration - properties: - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - type: - enum: - - rbac - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - dataVolumeCapacity: - anyOf: - - type: integer - - type: string - description: Data volume - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - dependencies: - description: Dependencies defines dependencies Kafka, interceptor, schemaregistry, - mds dependencies - properties: - interceptor: - description: InterceptorDependency defines interceptor settings - for CP component - properties: - configs: - description: Configs defines configs for the CP interceptor - Config override feature can be used to pass config - items: - type: string - type: array - consumer: - description: Consumer defines the consumer configuration for - interceptor. If not configured it will use the kafka dependency - configuration - properties: - authentication: - description: Authentication defines the authentication for - the kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's - JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference - to pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete - JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap - endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability - to discover kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is - running Uses the same namespace where Operator is - running if not configured - type: string - secretRef: - description: SecretRef defines the name of the secret - reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side - TLS setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - enabled: - description: Enabled defines to enable the CP interceptor configuration - type: boolean - producer: - description: Producer defines the producer configuration for - interceptor. If not configured it will use the kafka dependency - configuration - properties: - authentication: - description: Authentication defines the authentication for - the kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's - JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference - to pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete - JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap - endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability - to discover kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is - running Uses the same namespace where Operator is - running if not configured - type: string - secretRef: - description: SecretRef defines the name of the secret - reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side - TLS setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - publishMs: - type: integer - required: - - enabled - type: object - kafka: - description: KafkaClientDependency allows configuring CP component - dependency to configure kafka settings - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mds: - description: MDSDependencies defines MDS configure when CP RBAC - is enabled - properties: - authentication: - description: Authentication defines MDS authentication configuration - properties: - bearer: - description: BearerAuthentication defines bearer authentication - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines the authentication type support - for MDS - enum: - - bearer - type: string - required: - - bearer - - type - type: object - endpoint: - description: Endpoint defines the mds endpoint - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: TokenKeyPair defines the token keypair to configure - MDS - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - authentication - - endpoint - - tokenKeyPair - type: object - schemaRegistry: - description: SchemaRegistryClientDependency allows configuring CP - component dependency to configure schemaRegistry settings - properties: - authentication: - description: Authentication defines the authentication for the - schemaregistry cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass - basic credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles - on the server side only. Changes will be only reflected - in ControlCenter (C3). This configuration is ignored - on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration is ignored - on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme - for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for schemaregistry cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - url - type: object - type: object - externalAccess: - description: Provides configuring endpoints and services to make ksqlDB - accessible from outside the cluster - properties: - ingress: - description: Ingress allows to create a ingress service Not implemented - yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user wishes - to exist. - properties: - backend: - description: A default backend capable of servicing requests - that don't match any rule. At least one of 'backend' or - 'rules' must be specified. This field is optional to allow - the loadbalancer controller or defaulting logic to specify - a global default. - properties: - resource: - description: Resource is an ObjectRef to another Kubernetes - resource in the namespace of the Ingress object. If - resource is specified, serviceName and servicePort - must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the IngressClass - cluster resource. The associated IngressClass defines - which controller will implement the resource. This replaces - the deprecated `kubernetes.io/ingress.class` annotation. - For backwards compatibility, when that annotation is set, - it must be given precedence over this field. The controller - may emit a warning if the field and annotation have different - values. Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource may - be marked as default, which can be used to set a default - value for this field. For more information, refer to the - IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure the - Ingress. If unspecified, or no rule matches, all traffic - is sent to the default backend. - items: - description: IngressRule represents the rules mapping - the paths under a specified host to the related backend - services. Incoming requests are first evaluated for - a host match, then routed to the backend associated - with the matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified domain name - of a network host, as defined by RFC 3986. Note - the following deviations from the \"host\" part - of the URI as defined in RFC 3986: 1. IPs are not - allowed. Currently an IngressRuleValue can only - apply to the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected because ports - are not allowed. \t Currently the port of an Ingress - is implicitly :80 for http and \t :443 for https. - Both these may change in the future. Incoming requests - are matched against the host before the IngressRuleValue. - If the host is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a domain name - without the terminating dot of a network host (e.g. - \"foo.bar.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. - \"*.foo.com\"). The wildcard character '*' must - appear by itself as the first DNS label and matches - only a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests will - be matched against the Host field in the following - way: 1. If Host is precise, the request matches - this rule if the http host header is equal to Host. - 2. If Host is a wildcard, then the request matches - this rule if the http host header is to equal to - the suffix (removing the first label) of the wildcard - rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list of http - selectors pointing to backends. In the example: - http:///? -> backend where - where parts of the url correspond to RFC 3986, this - resource will be used to match against everything - after the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that map requests - to backends. - items: - description: HTTPIngressPath associates a path - with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: Backend defines the referenced - service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: Resource is an ObjectRef - to another Kubernetes resource in - the namespace of the Ingress object. - If resource is specified, serviceName - and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the - referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the - referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against the - path of an incoming request. Currently - it can contain characters disallowed from - the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin - with a '/'. When unspecified, all paths - from incoming requests are matched. - type: string - pathType: - description: 'PathType determines the interpretation - of the Path matching. PathType can be - one of the following values: * Exact: - Matches the URL path exactly. * Prefix: - Matches based on a URL path prefix split - by ''/''. Matching is done on a path - element by element basis. A path element - refers is the list of labels in the - path split by the ''/'' separator. A request - is a match for path p if every p is - an element-wise prefix of p of the request - path. Note that if the last element of - the path is a substring of the last - element in request path, it is not a match - (e.g. /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching is - up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix or Exact - path types. Implementations are required - to support all path types. Defaults to - ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress only - supports a single TLS port, 443. If multiple members of - this list specify different hosts, they will be multiplexed - on the same port according to the hostname specified through - the SNI TLS extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts - with the "Host" header field used by an IngressRule, - the SNI host is used for termination and value of - the Host header is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes load balancer - service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type load balancer - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring source - range - items: - type: string - type: array - port: - description: Port allows to configure external port for client - consumption If not configured, same internal/external port - will be configured per component Information about the port - can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port offset - to be used and will go in the increasing order with respect - to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for OpenShift - Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the OpenShift - service type route - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. It defaults - to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - internalTopicReplicationFactor: - description: Replication factor for internal topics - format: int32 - type: integer - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - storageClass: - description: Storage class used for creating pvc's of created ksqlDB - pods - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - telemetry: - description: ConfluentTelemetry defines the confluent telemetry reporter - configuration - properties: - global: - description: Global will allow disabling telemetry configuration. - If Operator is deployed with telemetry, this field is only is - used to disabled. By default the value is true if telemetry is - enabled in global level. - type: boolean - type: object - tls: - description: Specifies TLS configurations for the ksqlDB rest server. - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - dataVolumeCapacity - - image - - replicas - type: object - status: - description: KsqlDBStatus defines the observed state of KSQLServer - properties: - authorizationType: - type: string - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - kafka: - description: KafkaClientInfoStatus defines the kafka client side status - for all CP component - properties: - authenticationType: - description: AuthenticationType defines the authentication type - for kafka - type: string - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - type: string - tls: - description: TLS defines if tls is enabled for kafka dependency - type: boolean - type: object - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - rbac: - description: RBACInfoStatus defines RBAC related status when RBAC is - enabled - properties: - clusterId: - description: ClusterId defines the id of cluster - type: string - internalRolebindings: - description: RolebindingState defines the state of internal rolebindings - items: - type: string - type: array - type: object - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - restConfig: - description: ListenerStatus describes general information about a listeners - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to connect - to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to connect - to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - serviceId: - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_migrationjobs.yaml b/kustomize/base/operator/crds/platform.confluent.io_migrationjobs.yaml deleted file mode 100644 index ead0c24..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_migrationjobs.yaml +++ /dev/null @@ -1,669 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: migrationjobs.platform.confluent.io -spec: - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: MigrationJob - listKind: MigrationJobList - plural: migrationjobs - shortNames: - - migrationjob - - migration - singular: migrationjob - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: MigrationJob is the Schema for the migrationjobs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MigrationJobSpec defines the desired state of MigrationJob - properties: - blockReconcile: - type: boolean - connect: - description: ConnectMigrationJobSpec defines the desired state of Connect - after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - controlcenter: - description: ControlCenterMigrationJobSpec defines the desired state - of ControlCenter after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - initContainerImage: - minLength: 1 - type: string - kafka: - description: KafkaMigrationJobSpec defines the descired state of Kafka - after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - ksqldb: - description: KsqlDBMigrationJobSpec defines the desired state of KsqlDB - after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - pullSecretRef: - items: - type: string - type: array - replicator: - description: ReplicatorMigrationJobSpec defines the desired state of - Replicator after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - schemaRegistry: - description: SchemaRegistryMigrationJobSpec defines the desired state - of SchemaRegistry after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - skipCleanup: - type: boolean - skipRollback: - type: boolean - zookeeper: - description: ZookeeperMigrationJobSpec defines the desired state of - Zookeeper after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - required: - - initContainerImage - type: object - status: - description: MigrationJobStatus defines the observed state of MigrationJob - properties: - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - connect: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - controlcenter: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - kafka: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - ksqldb: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - phase: - type: string - replicator: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - schemaRegistry: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - zookeeper: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - required: - - phase - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_schemaregistries.yaml b/kustomize/base/operator/crds/platform.confluent.io_schemaregistries.yaml deleted file mode 100644 index 5d5723a..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_schemaregistries.yaml +++ /dev/null @@ -1,2333 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: schemaregistries.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.kafka.bootstrapEndpoint - name: Kafka - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: SchemaRegistry - listKind: SchemaRegistryList - plural: schemaregistries - shortNames: - - schemaregistry - - sr - singular: schemaregistry - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: SchemaRegistry is the Schema for the schemaregistries API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: SchemaRegistrySpec defines the desired state of SchemaRegistry - properties: - authentication: - description: Authentication defines the rest-endpoint configuration - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic credential - through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on the - server side only. Changes will be only reflected in ControlCenter - (C3). This configuration is ignored on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on the - server side only. This configuration is ignored on the client - side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme for Rest - Server - enum: - - basic - - mtls - type: string - required: - - type - type: object - authorization: - description: Authorization defines authorization configurations - properties: - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - type: - enum: - - rbac - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - dependencies: - description: Dependencies defines all the dependencies service configuration - properties: - kafka: - description: Kafka defines kafka dependencies configuration - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mds: - description: MDSDependencies defines the RBAC dependencies configurations - properties: - authentication: - description: Authentication defines MDS authentication configuration - properties: - bearer: - description: BearerAuthentication defines bearer authentication - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines the authentication type support - for MDS - enum: - - bearer - type: string - required: - - bearer - - type - type: object - endpoint: - description: Endpoint defines the mds endpoint - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: TokenKeyPair defines the token keypair to configure - MDS - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - authentication - - endpoint - - tokenKeyPair - type: object - type: object - externalAccess: - description: ExternalAccess defines the external access configuration - properties: - ingress: - description: Ingress allows to create a ingress service Not implemented - yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user wishes - to exist. - properties: - backend: - description: A default backend capable of servicing requests - that don't match any rule. At least one of 'backend' or - 'rules' must be specified. This field is optional to allow - the loadbalancer controller or defaulting logic to specify - a global default. - properties: - resource: - description: Resource is an ObjectRef to another Kubernetes - resource in the namespace of the Ingress object. If - resource is specified, serviceName and servicePort - must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the IngressClass - cluster resource. The associated IngressClass defines - which controller will implement the resource. This replaces - the deprecated `kubernetes.io/ingress.class` annotation. - For backwards compatibility, when that annotation is set, - it must be given precedence over this field. The controller - may emit a warning if the field and annotation have different - values. Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource may - be marked as default, which can be used to set a default - value for this field. For more information, refer to the - IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure the - Ingress. If unspecified, or no rule matches, all traffic - is sent to the default backend. - items: - description: IngressRule represents the rules mapping - the paths under a specified host to the related backend - services. Incoming requests are first evaluated for - a host match, then routed to the backend associated - with the matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified domain name - of a network host, as defined by RFC 3986. Note - the following deviations from the \"host\" part - of the URI as defined in RFC 3986: 1. IPs are not - allowed. Currently an IngressRuleValue can only - apply to the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected because ports - are not allowed. \t Currently the port of an Ingress - is implicitly :80 for http and \t :443 for https. - Both these may change in the future. Incoming requests - are matched against the host before the IngressRuleValue. - If the host is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a domain name - without the terminating dot of a network host (e.g. - \"foo.bar.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. - \"*.foo.com\"). The wildcard character '*' must - appear by itself as the first DNS label and matches - only a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests will - be matched against the Host field in the following - way: 1. If Host is precise, the request matches - this rule if the http host header is equal to Host. - 2. If Host is a wildcard, then the request matches - this rule if the http host header is to equal to - the suffix (removing the first label) of the wildcard - rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list of http - selectors pointing to backends. In the example: - http:///? -> backend where - where parts of the url correspond to RFC 3986, this - resource will be used to match against everything - after the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that map requests - to backends. - items: - description: HTTPIngressPath associates a path - with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: Backend defines the referenced - service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: Resource is an ObjectRef - to another Kubernetes resource in - the namespace of the Ingress object. - If resource is specified, serviceName - and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the - referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the - referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against the - path of an incoming request. Currently - it can contain characters disallowed from - the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin - with a '/'. When unspecified, all paths - from incoming requests are matched. - type: string - pathType: - description: 'PathType determines the interpretation - of the Path matching. PathType can be - one of the following values: * Exact: - Matches the URL path exactly. * Prefix: - Matches based on a URL path prefix split - by ''/''. Matching is done on a path - element by element basis. A path element - refers is the list of labels in the - path split by the ''/'' separator. A request - is a match for path p if every p is - an element-wise prefix of p of the request - path. Note that if the last element of - the path is a substring of the last - element in request path, it is not a match - (e.g. /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching is - up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix or Exact - path types. Implementations are required - to support all path types. Defaults to - ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress only - supports a single TLS port, 443. If multiple members of - this list specify different hosts, they will be multiplexed - on the same port according to the hostname specified through - the SNI TLS extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts - with the "Host" header field used by an IngressRule, - the SNI host is used for termination and value of - the Host header is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes load balancer - service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type load balancer - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring source - range - items: - type: string - type: array - port: - description: Port allows to configure external port for client - consumption If not configured, same internal/external port - will be configured per component Information about the port - can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port offset - to be used and will go in the increasing order with respect - to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for OpenShift - Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the OpenShift - service type route - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. It defaults - to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - internalTopicReplicatorFactor: - format: int32 - minimum: 1 - type: integer - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - storageClass: - description: Storage defines - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - telemetry: - description: ConfluentTelemetry defines the confluent telemetry reporter - configuration - properties: - global: - description: Global will allow disabling telemetry configuration. - If Operator is deployed with telemetry, this field is only is - used to disabled. By default the value is true if telemetry is - enabled in global level. - type: boolean - type: object - tls: - description: TLS defines tls configuration for rest-endpoint - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - image - - replicas - type: object - status: - description: SchemaRegistryStatus defines the observed state of SchemaRegistry - properties: - authorizationType: - type: string - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - groupId: - type: string - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - kafka: - description: KafkaClientInfoStatus defines the kafka client side status - for all CP component - properties: - authenticationType: - description: AuthenticationType defines the authentication type - for kafka - type: string - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - type: string - tls: - description: TLS defines if tls is enabled for kafka dependency - type: boolean - type: object - metricPrefix: - type: string - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - rbac: - description: RBACInfoStatus defines RBAC related status when RBAC is - enabled - properties: - clusterId: - description: ClusterId defines the id of cluster - type: string - internalRolebindings: - description: RolebindingState defines the state of internal rolebindings - items: - type: string - type: array - type: object - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - restConfig: - description: ListenerStatus describes general information about a listeners - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to connect - to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to connect - to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_zookeepers.yaml b/kustomize/base/operator/crds/platform.confluent.io_zookeepers.yaml deleted file mode 100644 index e8c7c7b..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_zookeepers.yaml +++ /dev/null @@ -1,1551 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: zookeepers.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.endpoint - name: Endpoint - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: Zookeeper - listKind: ZookeeperList - plural: zookeepers - shortNames: - - zookeeper - - zk - singular: zookeeper - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: Zookeeper is the Schema for the zookeepers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ZookeeperSpec defines the desired state of Confluent Platform - (CP) component, Zookeeper - properties: - authentication: - description: Authentication defines support authentication configuration - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass required - credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced for - authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - principalMappingRules: - items: - type: string - type: array - type: - description: Type defines supported kafka authentication types - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - dataVolumeCapacity: - anyOf: - - type: integer - - type: string - description: DataVolumeCapacity defines the data volume size - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - logVolumeCapacity: - anyOf: - - type: integer - - type: string - description: LogVolumeCapacity defines the log volume size - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - storageClass: - description: StorageClass defines the user provided storage class. If - not configured, it will use default storage class. - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLS defines TLS setting - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - dataVolumeCapacity - - image - - logVolumeCapacity - - replicas - type: object - status: - description: ZookeeperStatus defines the observed state of Zookeeper - properties: - authenticationType: - type: string - authorizationType: - type: string - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - endpoint: - type: string - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - tls: - type: boolean - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/kustomization.yaml b/kustomize/base/operator/kustomization.yaml deleted file mode 100644 index ffceabe..0000000 --- a/kustomize/base/operator/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - crds - - resources \ No newline at end of file diff --git a/kustomize/base/operator/resources/clusterrole.yaml b/kustomize/base/operator/resources/clusterrole.yaml deleted file mode 100644 index e933d3a..0000000 --- a/kustomize/base/operator/resources/clusterrole.yaml +++ /dev/null @@ -1,116 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - meta.helm.sh/release-name: confluent - meta.helm.sh/release-namespace: production - labels: - app: confluent-for-kubernetes - app.kubernetes.io/component: confluent-operator - app.kubernetes.io/instance: confluent - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: confluent-for-kubernetes - helm.sh/chart: confluent-for-kubernetes-0.174.6 - helm.toolkit.fluxcd.io/name: confluent - helm.toolkit.fluxcd.io/namespace: production - name: confluent-operator-global -rules: - - apiGroups: - - cluster.confluent.com - resources: - - zookeeperclusters - - zookeeperclusters/status - - zookeeperclusters/scale - - zookeeperclusters/finalizers - - kafkaclusters - - kafkaclusters/status - - kafkaclusters/scale - - kafkaclusters/finalizers - verbs: - - '*' - - apiGroups: - - operator.confluent.cloud - resources: - - physicalstatefulclusters - - physicalstatefulclusters/scale - - physicalstatefulclusters/status - - physicalstatefulclusters/finalizers - verbs: - - '*' - - apiGroups: - - platform.confluent.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - apps - resources: - - statefulsets - - statefulsets/scale - - statefulsets/status - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - configmaps - - events - - persistentvolumeclaims - - secrets - - secrets/finalizers - - pods - - pods/exec - - services - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - networking.k8s.io - resources: - - ingresses - - ingresses/status - verbs: - - get - - list - - watch - - create - - update - - patch - - delete diff --git a/kustomize/base/operator/resources/clusterrolebinding.yaml b/kustomize/base/operator/resources/clusterrolebinding.yaml deleted file mode 100644 index 23c5f6c..0000000 --- a/kustomize/base/operator/resources/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - labels: - app: confluent-for-kubernetes - app.kubernetes.io/name: confluent-for-kubernetes - app.kubernetes.io/instance: confluent - app.kubernetes.io/managed-by: git - app.kubernetes.io/component: confluent-operator - helm.sh/chart: confluent-for-kubernetes-0.174.6 - name: confluent-operator-global -subjects: -- kind: ServiceAccount - name: confluent-for-kubernetes - namespace: production -roleRef: - kind: Role - name: confluent-operator-global - apiGroup: rbac.authorization.k8s.io diff --git a/kustomize/base/operator/resources/deployment.yaml b/kustomize/base/operator/resources/deployment.yaml deleted file mode 100644 index 2c731ba..0000000 --- a/kustomize/base/operator/resources/deployment.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: "confluent-for-kubernetes" - app.kubernetes.io/name: "confluent-for-kubernetes" - app.kubernetes.io/instance: "confluent" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: "confluent-for-kubernetes-0.174.6" - name: confluent-operator-global -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: confluent - app.kubernetes.io/name: confluent-operator - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - template: - metadata: - annotations: - prometheus.io/path: "/metrics" - prometheus.io/port: "7778" - prometheus.io/scrape: "true" - labels: - app: "confluent-operator" - app.kubernetes.io/name: "confluent-operator" - app.kubernetes.io/instance: "confluent" - confluent-platform: "true" - version: "0.174.6" - spec: - containers: - - args: - - --debug=false - - --namespaces=production - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: NODEIP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: DD_ENTITY_ID - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.uid - image: docker.io/confluentinc/confluent-operator:0.174.6 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: confluent-operator-global - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 1001 - runAsNonRoot: true - runAsUser: 1001 - serviceAccount: confluent-for-kubernetes - serviceAccountName: confluent-for-kubernetes - terminationGracePeriodSeconds: 30 \ No newline at end of file diff --git a/kustomize/base/operator/resources/kustomization.yaml b/kustomize/base/operator/resources/kustomization.yaml deleted file mode 100644 index aff33c3..0000000 --- a/kustomize/base/operator/resources/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - clusterrole.yaml - - clusterrolebinding.yaml - - deployment.yaml - - service.yaml - - serviceaccount.yaml diff --git a/kustomize/base/operator/resources/service.yaml b/kustomize/base/operator/resources/service.yaml deleted file mode 100644 index e527612..0000000 --- a/kustomize/base/operator/resources/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: "confluent-for-kubernetes" - app.kubernetes.io/name: "confluent-for-kubernetes" - app.kubernetes.io/instance: "confluent" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: "confluent-for-kubernetes-0.174.6" - name: "confluent-operator" -spec: - ports: - - name: http-metric - port: 7778 - protocol: TCP - targetPort: 7778 - selector: - app: "confluent-operator" - app.kubernetes.io/name: "confluent-operator" - type: ClusterIP - diff --git a/kustomize/base/operator/resources/serviceaccount.yaml b/kustomize/base/operator/resources/serviceaccount.yaml deleted file mode 100644 index cf95403..0000000 --- a/kustomize/base/operator/resources/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -imagePullSecrets: -- name: "confluent-registry" -kind: ServiceAccount -metadata: - labels: - app: "confluent-for-kubernetes" - app.kubernetes.io/name: "confluent-for-kubernetes" - app.kubernetes.io/instance: "confluent" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: "confluent-for-kubernetes-0.174.6" - name: confluent-for-kubernetes - diff --git a/kustomize/base/rolebindings/connect/connect-base.yaml b/kustomize/base/rolebindings/connect/connect-base.yaml deleted file mode 100644 index 0dfc382..0000000 --- a/kustomize/base/rolebindings/connect/connect-base.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: connect-cluster-base -spec: - clustersScopeByIds: - connectClusterId: confluent.connect - principal: - name: connect - type: user - role: SecurityAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: connect-resources-base -spec: - principal: - name: connect - type: user - resourcePatterns: - - name: confluent.connect - patternType: LITERAL - resourceType: Group - - name: confluent.connect- - patternType: PREFIXED - resourceType: Topic - role: ResourceOwner ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: connect-monitoring-base -spec: - principal: - name: connect - type: user - resourcePatterns: - - name: _confluent-monitoring - patternType: PREFIXED - resourceType: Topic - role: DeveloperWrite - - diff --git a/kustomize/base/rolebindings/connect/connect-groups.yaml b/kustomize/base/rolebindings/connect/connect-groups.yaml deleted file mode 100644 index c62b7b5..0000000 --- a/kustomize/base/rolebindings/connect/connect-groups.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: connect-groups -spec: - principal: - name: connect - type: user - resourcePatterns: - - name: connect-cluster - patternType: LITERAL - resourceType: Group - - name: connect-secrets - patternType: LITERAL - resourceType: Group - role: ResourceOwner diff --git a/kustomize/base/rolebindings/connect/connect-topics.yaml b/kustomize/base/rolebindings/connect/connect-topics.yaml deleted file mode 100644 index 316544e..0000000 --- a/kustomize/base/rolebindings/connect/connect-topics.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: connect-topics -spec: - principal: - name: connect - type: user - resourcePatterns: - - name: _confluent-connect-secrets - patternType: LITERAL - resourceType: Topic - - name: _confluent-connect-status - patternType: LITERAL - resourceType: Topic - - name: _confluent-connect-offsets - patternType: LITERAL - resourceType: Topic - - name: _confluent-connect-configs - patternType: LITERAL - resourceType: Topic - - name: confluent.connect- - patternType: PREFIXED - resourceType: Topic - role: ResourceOwner diff --git a/kustomize/base/rolebindings/connect/kustomization.yaml b/kustomize/base/rolebindings/connect/kustomization.yaml deleted file mode 100644 index 6275c8d..0000000 --- a/kustomize/base/rolebindings/connect/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - connect-base.yaml - - connect-groups.yaml - - connect-topics.yaml diff --git a/kustomize/base/rolebindings/controlcenter/controlcentre-base.yaml b/kustomize/base/rolebindings/controlcenter/controlcentre-base.yaml deleted file mode 100644 index 64a4063..0000000 --- a/kustomize/base/rolebindings/controlcenter/controlcentre-base.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: control-centre-base -spec: - principal: - name: ccc - type: user - role: SystemAdmin diff --git a/kustomize/base/rolebindings/controlcenter/controlcentre-clusters.yaml b/kustomize/base/rolebindings/controlcenter/controlcentre-clusters.yaml deleted file mode 100644 index 600571f..0000000 --- a/kustomize/base/rolebindings/controlcenter/controlcentre-clusters.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: control-centre-cluster-registry -spec: - clustersScopeByIds: - schemaRegistryClusterId: schema-registry - principal: - name: ccc - type: user - role: SystemAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: control-centre-cluster-connect -spec: - clustersScopeByIds: - connectClusterId: confluent.connect - principal: - name: ccc - type: user - role: SystemAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: control-centre-cluster-ksqldb -spec: - clustersScopeByIds: - ksqlClusterId: ksqldb-cluster - principal: - name: ccc - type: user - role: SystemAdmin diff --git a/kustomize/base/rolebindings/controlcenter/kustomization.yaml b/kustomize/base/rolebindings/controlcenter/kustomization.yaml deleted file mode 100644 index 5b6c76f..0000000 --- a/kustomize/base/rolebindings/controlcenter/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - controlcentre-base.yaml - - controlcentre-clusters.yaml \ No newline at end of file diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-base.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-base.yaml deleted file mode 100644 index bc777a6..0000000 --- a/kustomize/base/rolebindings/ksqldb/ksqldb-base.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-base -spec: - clustersScopeByIds: - ksqlClusterId: confluent.ksqldb_ - principal: - name: ksql - type: user - resourcePatterns: - - name: ksql-cluster - patternType: LITERAL - resourceType: KsqlCluster - role: ResourceOwner ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-resources-base -spec: - principal: - name: ksql - type: user - resourcePatterns: - - name: _confluent-ksql-confluent.ksqldb_ - patternType: PREFIXED - resourceType: Topic - role: ResourceOwner diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-cluster.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-cluster.yaml deleted file mode 100644 index ce34f3f..0000000 --- a/kustomize/base/rolebindings/ksqldb/ksqldb-cluster.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster -spec: - clustersScopeByIds: - kafkaClusterId: qrGPK1LPTaa1s9d5D4V1rw - principal: - name: ksql - type: user - resourcePatterns: - - name: kafka-cluster - resourceType: Cluster - role: DeveloperWrite \ No newline at end of file diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-groups.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-groups.yaml deleted file mode 100644 index 04083cd..0000000 --- a/kustomize/base/rolebindings/ksqldb/ksqldb-groups.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-groups -spec: - principal: - name: ksql - type: user - resourcePatterns: - - name: _confluent-ksql-ksqldb-cluster - patternType: PREFIXED - resourceType: Group - role: ResourceOwner diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml deleted file mode 100644 index 63e70dc..0000000 --- a/kustomize/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-ksqlcluster -spec: - clustersScopeByIds: - ksqlClusterId: confluent.ksqldb_ - principal: - name: ksql - type: user - resourcePatterns: - - name: ksql-cluster - patternType: LITERAL - resourceType: KsqlCluster - role: ResourceOwner ---- diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-topics.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-topics.yaml deleted file mode 100644 index 0ba6994..0000000 --- a/kustomize/base/rolebindings/ksqldb/ksqldb-topics.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-topics -spec: - principal: - name: ksql - type: user - resourcePatterns: - - name: _confluent-ksql-confluent.ksqldb_ - patternType: PREFIXED - resourceType: Topic - - name: _confluent-ksql-ksqldb-cluster_command_topic - patternType: PREFIXED - resourceType: Topic - - name: ksqldb-clusterksql_processing_log - patternType: PREFIXED - resourceType: Topic - role: ResourceOwner diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-transaction.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-transaction.yaml deleted file mode 100644 index 0e7910b..0000000 --- a/kustomize/base/rolebindings/ksqldb/ksqldb-transaction.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-transaction -spec: - principal: - name: ksql - type: user - resourcePatterns: - - name: ksqldb-cluster - patternType: PREFIXED - resourceType: TransactionalId - role: ResourceOwner diff --git a/kustomize/base/rolebindings/ksqldb/kustomization.yaml b/kustomize/base/rolebindings/ksqldb/kustomization.yaml deleted file mode 100644 index 3d026df..0000000 --- a/kustomize/base/rolebindings/ksqldb/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - ksqldb-base.yaml - - ksqldb-cluster.yaml - - ksqldb-groups.yaml - - ksqldb-ksqlcluster.yaml - - ksqldb-topics.yaml - - ksqldb-transaction.yaml \ No newline at end of file diff --git a/kustomize/base/rolebindings/kustomization.yaml b/kustomize/base/rolebindings/kustomization.yaml deleted file mode 100644 index c00c807..0000000 --- a/kustomize/base/rolebindings/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - ldap - - controlcenter - - connect - - ksqldb - - schemaregistry \ No newline at end of file diff --git a/kustomize/base/rolebindings/ldap/groups/kustomization.yaml b/kustomize/base/rolebindings/ldap/groups/kustomization.yaml deleted file mode 100644 index 3ced4b9..0000000 --- a/kustomize/base/rolebindings/ldap/groups/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - ldap-groups.yaml \ No newline at end of file diff --git a/kustomize/base/rolebindings/ldap/groups/ldap-groups.yaml b/kustomize/base/rolebindings/ldap/groups/ldap-groups.yaml deleted file mode 100644 index 755ce6e..0000000 --- a/kustomize/base/rolebindings/ldap/groups/ldap-groups.yaml +++ /dev/null @@ -1,77 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-groups-kafka-cluster-connect -spec: - clustersScopeByIds: - connectClusterId: confluent.connect - principal: - name: admins - type: group - resourcePatterns: - - name: "*" - resourceType: Connector - role: ResourceOwner ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-groups-kafka-cluster-sr -spec: - clustersScopeByIds: - schemaRegistryClusterId: schema-registry - principal: - name: admins - type: group - role: SystemAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-groups-kafka-cluster-ksql -spec: - clustersScopeByIds: - ksqlClusterId: ksqldb-cluster - principal: - name: admins - type: group - role: SystemAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-group-topics -spec: - principal: - name: admins - type: group - resourcePatterns: - - name: "*" - resourceType: Topic - role: ResourceOwner ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-group-groups -spec: - principal: - name: admins - type: group - resourcePatterns: - - name: "*" - resourceType: Group - role: ResourceOwner ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-group-transactionalid -spec: - principal: - name: admins - type: group - resourcePatterns: - - name: "*" - resourceType: TransactionalId - role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/rolebindings/ldap/kustomization.yaml b/kustomize/base/rolebindings/ldap/kustomization.yaml deleted file mode 100644 index c860fd8..0000000 --- a/kustomize/base/rolebindings/ldap/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - groups - - users \ No newline at end of file diff --git a/kustomize/base/rolebindings/ldap/users/kustomization.yaml b/kustomize/base/rolebindings/ldap/users/kustomization.yaml deleted file mode 100644 index 63f5568..0000000 --- a/kustomize/base/rolebindings/ldap/users/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - ldap-users.yaml \ No newline at end of file diff --git a/kustomize/base/rolebindings/ldap/users/ldap-users.yaml b/kustomize/base/rolebindings/ldap/users/ldap-users.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/kustomize/base/rolebindings/schemaregistry/kustomization.yaml b/kustomize/base/rolebindings/schemaregistry/kustomization.yaml deleted file mode 100644 index 9e63810..0000000 --- a/kustomize/base/rolebindings/schemaregistry/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - schemaregistry-base.yaml - - schemaregistry-groups.yaml - - schemaregistry-topics.yaml \ No newline at end of file diff --git a/kustomize/base/rolebindings/schemaregistry/schemaregistry-base.yaml b/kustomize/base/rolebindings/schemaregistry/schemaregistry-base.yaml deleted file mode 100644 index 3a9eea6..0000000 --- a/kustomize/base/rolebindings/schemaregistry/schemaregistry-base.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: registry-base - namespace: confluent -spec: - clustersScopeByIds: - schemaRegistryClusterId: id_registry_confluent - principal: - name: registry - type: user - role: SecurityAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: registry-mds-client-resources-base - namespace: confluent -spec: - principal: - name: registry - type: user - resourcePatterns: - - name: _confluent-license - patternType: LITERAL - resourceType: Topic - - name: _schemas_schemaregistry_confluent - patternType: LITERAL - resourceType: Topic - - name: id_schemaregistry_confluent - patternType: LITERAL - resourceType: Group - role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/rolebindings/schemaregistry/schemaregistry-groups.yaml b/kustomize/base/rolebindings/schemaregistry/schemaregistry-groups.yaml deleted file mode 100644 index 1696c23..0000000 --- a/kustomize/base/rolebindings/schemaregistry/schemaregistry-groups.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: registry-groups - namespace: confluent -spec: - principal: - name: registry - type: user - resourcePatterns: - - name: id_schemaregistry_confluent - patternType: LITERAL - resourceType: Group - - name: schema-registry - patternType: LITERAL - resourceType: Group - role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/rolebindings/schemaregistry/schemaregistry-topics.yaml b/kustomize/base/rolebindings/schemaregistry/schemaregistry-topics.yaml deleted file mode 100644 index ab7d24b..0000000 --- a/kustomize/base/rolebindings/schemaregistry/schemaregistry-topics.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: registry-topics - namespace: confluent -spec: - principal: - name: registry - type: user - resourcePatterns: - - name: _schemas - patternType: LITERAL - resourceType: Topic - role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/secrets/c3-mds-client.yaml b/kustomize/base/secrets/c3-mds-client.yaml deleted file mode 100644 index d88f450..0000000 --- a/kustomize/base/secrets/c3-mds-client.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -data: - basic.txt: dXNlcm5hbWU9YzMKcGFzc3dvcmQ9YzMtc2VjcmV0Cg== - bearer.txt: dXNlcm5hbWU9YzMKcGFzc3dvcmQ9YzMtc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: c3-mds-client diff --git a/kustomize/base/secrets/ca-pair.yaml b/kustomize/base/secrets/ca-pair.yaml deleted file mode 100644 index f13fa06..0000000 --- a/kustomize/base/secrets/ca-pair.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVSkp6bXBNdTJ4dzh3N2p5SUpGOTVaWDhPbHE0d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05NakV3TlRJeE1UQXlNVEF3V2hjTk1qWXdOVEl3TVRBeU1UQXdXakJrTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTgpNQXNHQTFVRUNoTUVRV050WlRFT01Bd0dBMVVFQ3hNRlRYbFBjbWN4RHpBTkJnTlZCQU1UQmxSbGMzUkRRVENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVlGTHZrQ2pUOFFoMHp5Nm9EaFdVUWkKMUtnZUViMEVrT1V5eFJEelJZa0Faa1pTMTFRZ0tNQmJBdVRvcHBNa2Z1Y3lDUGhPSmhDZEh3ZUlzM2dlWlhQVgpnUDY4WHAzdXdEYlRNTGJ0bTR1c2M0Wkl4b3g2aVlzczNoQjhOV0wwelRHZXUweXdleWhXbFd5VG11bndSU3NtClRTcGlVNVZCMTJPbWM3UWtsWkl3Wk5YNk1GVE5zLzFWQ2FPcC9HdG9NMDQ0RG95eGpNalJNQllaNDAxMjh2UnEKZFp1MFpLdTUvazUreHM2TDE4NTBkeTRNc2JrS3MzTDNTMHdKS0o0SkoxaDFZbDNhakk4Q0NvMG1ZWTBmeGl5MQovc0YxQ2NxNnVXTEJnR1gzWE02NnMycWZwN3k1OTdrKzNpUWhHdnd6bEpnYi9MUFQ3ZDk4dTlJc0dtYk0yR2tDCkF3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME8KQkJZRUZFeWMycVlqaGN2bUJMRFEvWFJxSlBSNi9zaFlNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFFMVJMQQpyako5Y1o1dDZIUTZ1L0lpK1Z1M04vbGVyKzA5YWpGZmhPZlhuNlRUYXBHcU15ZmIzVjJGUWsyNDJEZjNKTWtsCmowdXdyY2w2Qy9XMURZbmZkcmxHM1ZpaTlrQmhoVEZTbVRsQnM1NXFlVzhrME9ZcGlGbnYrLzFuMjl6L0ZuMUwKWXdTQUt0N0xDYk5NTnRVaUIvZW5KdkU3NSsxNHUwb0lwTXRzV2Jna0U0Ykc4amcyVkNWL3JmZ1hjTzRGcDh0bQorWHlON0dLVGpMcGtOU0JUd2lYMTk0eVZrQUd6VTZ1bFQ2QS8zL2pMZ2o0L3R6ZXBJbkpGK1dYL1lJZWphTTR4CjBZSzdCblA1Z2RyNEh1V1djc2JLRnBwRStVdmxQb0dOcUpVa1JqQVZ0NklyWjgweWlUQlA5eXYwblZIaFBrVlgKcElmS2hyQ294QXRiTDl6eAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeGdVdStRS05QeENIVFBMcWdPRlpSQ0xVcUI0UnZRU1E1VExGRVBORmlRQm1SbExYClZDQW93RnNDNU9pbWt5Uis1eklJK0U0bUVKMGZCNGl6ZUI1bGM5V0EvcnhlbmU3QU50TXd0dTJiaTZ4emhrakcKakhxSml5emVFSHcxWXZUTk1aNjdUTEI3S0ZhVmJKT2E2ZkJGS3laTkttSlRsVUhYWTZaenRDU1ZrakJrMWZvdwpWTTJ6L1ZVSm82bjhhMmd6VGpnT2pMR015TkV3RmhualRYYnk5R3AxbTdSa3E3bitUbjdHem92WHpuUjNMZ3l4CnVRcXpjdmRMVEFrb25na25XSFZpWGRxTWp3SUtqU1poalIvR0xMWCt3WFVKeXJxNVlzR0FaZmRjenJxemFwK24KdkxuM3VUN2VKQ0VhL0RPVW1CdjhzOVB0MzN5NzBpd2Fac3pZYVFJREFRQUJBb0lCQUQ0QkY0RS9MRTBuOXNYQQpkbTllb0ozMkxoSnFQL0dvd1ZvVE9LT2pHUTNhQXl4WCtqYk1UeFpVS1NiV05ucHlmZzRVbTd4c2MvelZ4Z2FNCjVtMWhUekVqRkY0dlM0MDJXaGVRcjN0SUVXRjk0VHFXQlIydHJPM1lZYnhWdUQzQkc1TkMrYkQ4dmNPV3dQa2IKaXZGZm03ajBLRXR5T0d2UER3dVQ3anpsQzdTWFIzZm0xRHlXYjAxY2g3ZXpLQXI0eXJ3NTdPekpEdlEybzZEKwpHb2paS1J0WmNBU1NicjBDMWoxcU5POGlLQkQyT05JL1N1Si9kaDZlcldIUGZuWGVEMG9ielNtai9qRnQwcWpoCjJhV2R4UlFnWFBPdXFGOUloYWl3ZW14ZHBVaDdqNEduYTBPRGdmdWUyTTlkdFlDKzIzbHhOenJXWkd1NHpnWisKVHZhSzZ0RUNnWUVBN1lDREdhdU03YWhONXUyNi9Od1ZSb3FNS2Z6M2pvUTBlQkRQYmMwSjJVWllaVDFnbm1xaQpFTnh5YmVzNWVnK002bzVlNlJyVkhjaFpqWEVPS1dSTFMwRlNTdG0zM2NKREwvYWxwMUpydDB3bFJKMkZZcWxsCmFMaUNwY3dwOHhUWERjNXRUdVBSV2Fjb3QxaTl6SFBJU3YrVVMxTFFqWndodGhUZEdLTjBHcVVDZ1lFQTFYRjAKbDM5OW9SakRXNWdMaFBkWHZtNk8vNitNNzhzcEVKa1N4c0NLQkpwd3lFQU9wWDFFREc0cHRZWDFJQmU1RzRUeApoWHJqWVFWV1RCQ0ppN1BLY2ZBempqWGo0cmN3UURBdEkyQWZpL2N3aE12dUFXWjFiVEZaTE1BekhTQzhQUXF6CmpVc0xwMU5WUWVBSEVXeXV2K3J1ZENuUTM3Z1JyMVZ2K1FIcEQzVUNnWUVBcXMydGV4eWc4Wm9Fekh0VDZ0M3MKZnhyTXlyV2U0K080U0ZEdW5LekUxSGwrd1BCdk4vN0FKeGdqUTJIVHFERGV5eUV3cUx3ZllKZmhyNU1LK0VHawoxSzVabkhNUGhIQmRHWFZzbFBUMWVwRk1qQmd0QVZPS0Z0SDdRM21kQWJDUEtPSzRRZkFkY3ppQVU3dUNaRE13CmJKOTU2dUhZRXIraWp1eGFSWW5ueWZFQ2dZQUZJU2ZqS0M0MXUrbWQvdVp2K0ozRU50WDY4UlliQVMvb2RUVk4KVDMxQnBSQ0d6M3RLb05zTXpXejFMdFg0UW5teFhwMkxUcXUrUGltWHhHSDUySVZKL2JMUGZSNFA2Y1VnRmNoUAo3RlIxd2FnSjJQak1VZEVLb2IvNTRsaVlINXhHZjBaWFkvRlF3U0R3WjFqa0kwK0R6enFSMGh0eDlQTi8yamJKCnJqRVNyUUtCZ1FDZnpJRk5UNmdiMnlJWU9LR2FPcFBwUUFtVE5MbUh6V0x4ZFRmc2ZGTUlqZStGall2QjJyL0QKOEdhQXFpOFdYNW9ML1BpUHpUMEUxbHhWUlB4LzBya2taOVRWZkdaL2ZOTXhaWEZBZlNibnhkME04MTN0cU1GdQo3RHZ2bzBhc29WSFU4b2NGSDVtTFFvNWQ0Snk2SHVZd0xQSG5abStHOEtqZjVZcE9TS3pXSHc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= -kind: Secret -metadata: - name: ca-pair-sslcerts -type: kubernetes.io/tls diff --git a/kustomize/base/secrets/confluent-license.yaml b/kustomize/base/secrets/confluent-license.yaml deleted file mode 100644 index 42d6e30..0000000 --- a/kustomize/base/secrets/confluent-license.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - license.txt: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SmhkV1FpT2lKdmNHVnlZWFJ2Y2kxMGNtbGhiQ0lzSW1WNGNDSTZNVFl5TkRRME16VXpOU3dpYVdGMElqb3hOakl4T0RVeE5UTTFMQ0pwYzNNaU9pSkRiMjVtYkhWbGJuUWlMQ0p6ZFdJaU9pSmpiMjUwY205c0xXTmxiblJsY2lKOS5rak1nXzBKb0E5eGpubUNRcWd5VkFEb0ZoeVk2NklKUWZlM2ttT0wxclgydElmck1XY0dBek95aXVXYXlWVjJDa0IwTTdPTFlLdVdyVXR2N0R1OUc2WDJnR0Ntd0hVRTdjeW4wd0lxZm9ObllqTnBGVklNakZ6NlBUTDJobGRZTEJSMW93aXNHQjgyRC1lNU54d083NkRudm1zd2w1MEhXN25yYWRZdjJxOXk1czVBTEFZcE1Vb3RGY2lRd3puVGNabEdvd2Y4SThQZ045SVRfSnlqUHpPMkpwRGJjMG1ocmpaU05kcG15U3IzcFRlbjZXaGxlQUU0Q3VJd0FTQmFhdXJrckZUa1NlMU1EVlJRZnhLVDBqV0ZJdjFBX2p5LVpKR0lyRFZDejNkX3hRNjlIMV9kbWgzRktrVXdEbE5rdkVhNndqaXA5VDVRaEdTbnJNeUgtSHc= - publicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2YUd5OFRPZGJDTXlTTTd6cVpzeApuNjJ5dUUrQmhJUGxjOXo5Y3RyWCt0QldOQ0NKZVBaYktIVFpTOXVLTGVLVWk5dTA3dHMvMzVYUm5FNEFURDZxCmx3am5Tb0pPa2VJWGNZaUorWEdFeE4xb1JFOFJsNW90dmRtSkVzYjlZNkpzZmUybFJDQ3NaTng2azFzMU5tUUYKUjR3blJpS3lsSWlZSjl1V1VHZkgxOEpLWnFNOHo5UXFrWi8relFrekhOWXNYbi9ZeVJ1RElRWGVVU2VjaHI5MwpKanQ3OUFpa3NraWNvVDA0bHF6L0dhSHoyV0pFeXV2TExFMWpOQk9Db21LbDA1UWIreXZKbUdudC83SFg2SFQ3CjNobkNYYnNsd3R6cDBDbWVHT2lKUmJKeGJhaGtURnFoMW9LcVpYVURDWnJLQ05OUnZYcU4vUUhxbmF3bzZrSnkKOHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t -kind: Secret -metadata: - name: confluent-operator-licensing diff --git a/kustomize/base/secrets/connect-mds-client.yaml b/kustomize/base/secrets/connect-mds-client.yaml deleted file mode 100644 index 19f5229..0000000 --- a/kustomize/base/secrets/connect-mds-client.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9Y29ubmVjdApwYXNzd29yZD1jb25uZWN0LXNlY3JldAo= -kind: Secret -metadata: - name: connect-mds-client diff --git a/kustomize/base/secrets/credential.yaml b/kustomize/base/secrets/credential.yaml deleted file mode 100644 index 053a4d6..0000000 --- a/kustomize/base/secrets/credential.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -data: - basic.txt: YzM6IGMzLXNlY3JldCxBZG1pbmlzdHJhdG9ycwphZG1pbjogRGV2ZWxvcGVyMSxBZG1pbmlzdHJhdG9ycwphZG1pbjE6IERldmVsb3BlcjEsQWRtaW5pc3RyYXRvcnMK - digest-users.json: ewogICJrYWZrYSI6ICJrYWZrYS1zZWNyZXQiCn0K - digest.txt: dXNlcm5hbWU9ImthZmthIgpwYXNzd29yZD0ia2Fma2Etc2VjcmV0Ig== - ldap.txt: dXNlcm5hbWU9Y249bWRzLGRjPXRlc3QsZGM9Y29tCnBhc3N3b3JkPURldmVsb3BlciEK - mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t - mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== - plain-users.json: ewogICJrYWZrYV9jbGllbnQiOiAia2Fma2FfY2xpZW50LXNlY3JldCIsCiAgImMzIjogImMzLXNlY3JldCIsCiAgImthZmthIjogImthZmthLXNlY3JldCIKfQ== - plain.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: credential diff --git a/kustomize/base/secrets/ksqldb-mds-client.yaml b/kustomize/base/secrets/ksqldb-mds-client.yaml deleted file mode 100644 index 6a053fc..0000000 --- a/kustomize/base/secrets/ksqldb-mds-client.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9a3NxbApwYXNzd29yZD1rc3FsLXNlY3JldAo= -kind: Secret -metadata: - creationTimestamp: null - name: ksqldb-mds-client diff --git a/kustomize/base/secrets/kustomization.yaml b/kustomize/base/secrets/kustomization.yaml deleted file mode 100644 index 5f21d00..0000000 --- a/kustomize/base/secrets/kustomization.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ca-pair.yaml - - c3-mds-client.yaml - - confluent-license.yaml - - connect-mds-client.yaml - - credential.yaml - - ksqldb-mds-client.yaml - - mds-client.yaml - - mds-token.yaml - - rest-credential.yaml - - sr-mds-client.yaml \ No newline at end of file diff --git a/kustomize/base/secrets/mds-client.yaml b/kustomize/base/secrets/mds-client.yaml deleted file mode 100644 index 24de26d..0000000 --- a/kustomize/base/secrets/mds-client.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: mds-client diff --git a/kustomize/base/secrets/mds-token.yaml b/kustomize/base/secrets/mds-token.yaml deleted file mode 100644 index ae87e43..0000000 --- a/kustomize/base/secrets/mds-token.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -data: - mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t - mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== -kind: Secret -metadata: - creationTimestamp: null - name: mds-token diff --git a/kustomize/base/secrets/rest-credential.yaml b/kustomize/base/secrets/rest-credential.yaml deleted file mode 100644 index f7901ac..0000000 --- a/kustomize/base/secrets/rest-credential.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -data: - basic.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== - bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== - plain.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: rest-credential diff --git a/kustomize/base/secrets/sr-mds-client.yaml b/kustomize/base/secrets/sr-mds-client.yaml deleted file mode 100644 index fb57182..0000000 --- a/kustomize/base/secrets/sr-mds-client.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9c3IKcGFzc3dvcmQ9c3Itc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: sr-mds-client diff --git a/kustomize/base/topics/example-topic.yaml b/kustomize/base/topics/example-topic.yaml deleted file mode 100644 index 6e62221..0000000 --- a/kustomize/base/topics/example-topic.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: KafkaTopic -metadata: - name: foobar -spec: - replicas: 1 - partitionCount: 6 diff --git a/kustomize/base/topics/kustomization.yaml b/kustomize/base/topics/kustomization.yaml deleted file mode 100644 index dc31c2e..0000000 --- a/kustomize/base/topics/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - example-topic.yaml diff --git a/kustomize/environments/dev/kafka.yaml b/kustomize/environments/dev/kafka.yaml deleted file mode 100644 index 5179afb..0000000 --- a/kustomize/environments/dev/kafka.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Kafka -metadata: - name: kafka -spec: - dependencies: - zookeeper: - endpoint: zookeeper.dev.svc.cluster.local:2182 - metricReporter: - bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 diff --git a/kustomize/environments/kustomization.yaml b/kustomize/environments/kustomization.yaml index f847377..481ee6d 100644 --- a/kustomize/environments/kustomization.yaml +++ b/kustomize/environments/kustomization.yaml @@ -1,3 +1,2 @@ resources: -- dev -- production +- sandbox diff --git a/kustomize/environments/production/control-centre.yaml b/kustomize/environments/production/control-centre.yaml deleted file mode 100644 index 9a3a67e..0000000 --- a/kustomize/environments/production/control-centre.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ControlCenter -metadata: - name: controlcenter -spec: - tls: - secretRef: tls-group1 - dependencies: - kafka: - bootstrapEndpoint: kafka.production.svc.cluster.local:9071 - mds: - endpoint: https://kafka.production.svc.cluster.local:8090 - connect: - - name: connect - url: https://connect.production.svc.cluster.local:8083 - ksqldb: - - name: ksqldb - url: https://ksqldb.production.svc.cluster.local:8088 - schemaRegistry: - url: https://registry.production.svc.cluster.local:8081 diff --git a/kustomize/environments/production/example-topic.yaml b/kustomize/environments/production/example-topic.yaml deleted file mode 100644 index e7460c7..0000000 --- a/kustomize/environments/production/example-topic.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: KafkaTopic -metadata: - name: foobar -spec: - kafkaClusterRef: - name: kafka - namespace: production - kafkaRest: - authentication: - type: bearer - bearer: - secretRef: mds-client - endpoint: https://kafka.production.svc.cluster.local:8090 diff --git a/kustomize/environments/production/kafka-connect.yaml b/kustomize/environments/production/kafka-connect.yaml deleted file mode 100644 index 40bc5ac..0000000 --- a/kustomize/environments/production/kafka-connect.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Connect -metadata: - name: connect -spec: - tls: - secretRef: tls-group1 - dependencies: - kafka: - bootstrapEndpoint: kafka.production.svc.cluster.local:9071 - mds: - endpoint: https://kafka.production.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/production/kafka.yaml b/kustomize/environments/production/kafka.yaml deleted file mode 100644 index 94684b0..0000000 --- a/kustomize/environments/production/kafka.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Kafka -metadata: - name: kafka -spec: - tls: - secretRef: tls-group1 - dependencies: - zookeeper: - endpoint: zookeeper.production.svc.cluster.local:2182 - metricReporter: - bootstrapEndpoint: kafka.production.svc.cluster.local:9071 diff --git a/kustomize/environments/production/ksqldb.yaml b/kustomize/environments/production/ksqldb.yaml deleted file mode 100644 index d80f4cb..0000000 --- a/kustomize/environments/production/ksqldb.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: KsqlDB -metadata: - name: ksqldb -spec: - tls: - secretRef: tls-group1 - dependencies: - kafka: - bootstrapEndpoint: kafka.production.svc.cluster.local:9071 - mds: - endpoint: https://kafka.production.svc.cluster.local:8090 diff --git a/kustomize/environments/production/kustomization.yaml b/kustomize/environments/production/kustomization.yaml deleted file mode 100644 index c91af77..0000000 --- a/kustomize/environments/production/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -namespace: production -resources: -- ../../base -patchesStrategicMerge: - - control-centre.yaml - - kafka.yaml - - kafka-connect.yaml - - ksqldb.yaml - - schema-registry.yaml - - example-topic.yaml diff --git a/kustomize/environments/production/schema-registry.yaml b/kustomize/environments/production/schema-registry.yaml deleted file mode 100644 index afea6b4..0000000 --- a/kustomize/environments/production/schema-registry.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: SchemaRegistry -metadata: - name: registry -spec: - tls: - secretRef: tls-group1 - configOverrides: - server: - - confluent.schema.registry.anonymous.principal=true - - authentication.skip.paths=/* - dependencies: - kafka: - bootstrapEndpoint: kafka.production.svc.cluster.local:9071 - mds: - endpoint: https://kafka.production.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/dev/control-centre.yaml b/kustomize/environments/sandbox/control-centre.yaml similarity index 53% rename from kustomize/environments/dev/control-centre.yaml rename to kustomize/environments/sandbox/control-centre.yaml index 0fbd39b..0924182 100644 --- a/kustomize/environments/dev/control-centre.yaml +++ b/kustomize/environments/sandbox/control-centre.yaml @@ -6,6 +6,6 @@ metadata: spec: dependencies: kafka: - bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 + bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 mds: - endpoint: https://kafka.dev.svc.cluster.local:8090 \ No newline at end of file + endpoint: https://kafka.sandbox.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/dev/kafka-connect.yaml b/kustomize/environments/sandbox/kafka-connect.yaml similarity index 51% rename from kustomize/environments/dev/kafka-connect.yaml rename to kustomize/environments/sandbox/kafka-connect.yaml index ed69f20..282783f 100644 --- a/kustomize/environments/dev/kafka-connect.yaml +++ b/kustomize/environments/sandbox/kafka-connect.yaml @@ -6,6 +6,6 @@ metadata: spec: dependencies: kafka: - bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 + bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 mds: - endpoint: https://kafka.dev.svc.cluster.local:8090 \ No newline at end of file + endpoint: https://kafka.sandbox.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/sandbox/kafka.yaml b/kustomize/environments/sandbox/kafka.yaml new file mode 100644 index 0000000..29a9098 --- /dev/null +++ b/kustomize/environments/sandbox/kafka.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + configOverrides: + server: + - confluent.schema.registry.url=registry.sandbox.svc.cluster.local:8081 + dependencies: + zookeeper: + endpoint: zookeeper.sandbox.svc.cluster.local:2182 + metricReporter: + bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 diff --git a/kustomize/environments/dev/ksqldb.yaml b/kustomize/environments/sandbox/ksqldb.yaml similarity index 50% rename from kustomize/environments/dev/ksqldb.yaml rename to kustomize/environments/sandbox/ksqldb.yaml index 87ed05d..051d287 100644 --- a/kustomize/environments/dev/ksqldb.yaml +++ b/kustomize/environments/sandbox/ksqldb.yaml @@ -6,6 +6,6 @@ metadata: spec: dependencies: kafka: - bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 + bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 mds: - endpoint: https://kafka.dev.svc.cluster.local:8090 + endpoint: https://kafka.sandbox.svc.cluster.local:8090 diff --git a/kustomize/environments/dev/kustomization.yaml b/kustomize/environments/sandbox/kustomization.yaml similarity index 100% rename from kustomize/environments/dev/kustomization.yaml rename to kustomize/environments/sandbox/kustomization.yaml diff --git a/kustomize/environments/dev/schema-registry.yaml b/kustomize/environments/sandbox/schema-registry.yaml similarity index 52% rename from kustomize/environments/dev/schema-registry.yaml rename to kustomize/environments/sandbox/schema-registry.yaml index 38942b2..9cec2da 100644 --- a/kustomize/environments/dev/schema-registry.yaml +++ b/kustomize/environments/sandbox/schema-registry.yaml @@ -6,6 +6,6 @@ metadata: spec: dependencies: kafka: - bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 + bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 mds: - endpoint: https://kafka.dev.svc.cluster.local:8090 \ No newline at end of file + endpoint: https://kafka.sandbox.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/infrastructure/confluent-operator-credentials.yaml b/kustomize/infrastructure/confluent-operator-credentials.yaml deleted file mode 100644 index c366c6e..0000000 --- a/kustomize/infrastructure/confluent-operator-credentials.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta1 -kind: HelmRepository -metadata: - name: confluent-private - namespace: flux-system -spec: - url: https://packages.confluent.io/helm - interval: 1m diff --git a/kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml b/kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml index 6d2989f..36dc3b6 100644 --- a/kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml +++ b/kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml @@ -2,18 +2,17 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: confluent - namespace: confluent + namespace: sandbox spec: interval: 1m chart: spec: chart: confluent-for-kubernetes sourceRef: + name: confluent-for-kubernetes kind: HelmRepository - name: confluent-private namespace: flux-system values: image: registry: docker.io - rbac: true name: confluent-operator-global \ No newline at end of file diff --git a/kustomize/infrastructure/confluent-operator-helm-release-dev.yaml b/kustomize/infrastructure/confluent-operator-helm-release-dev.yaml deleted file mode 100644 index de8b74f..0000000 --- a/kustomize/infrastructure/confluent-operator-helm-release-dev.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: confluent - namespace: dev -spec: - interval: 1m - chart: - spec: - chart: confluent-for-kubernetes - sourceRef: - kind: HelmRepository - name: confluent-private - namespace: flux-system - values: - image: - registry: docker.io \ No newline at end of file diff --git a/kustomize/infrastructure/confluent-operator-helm-release-production.yaml b/kustomize/infrastructure/confluent-operator-helm-release-production.yaml deleted file mode 100644 index 3f16b0c..0000000 --- a/kustomize/infrastructure/confluent-operator-helm-release-production.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: confluent - namespace: production -spec: - interval: 1m - chart: - spec: - chart: confluent-for-kubernetes - sourceRef: - kind: HelmRepository - name: confluent-private - namespace: flux-system - values: - image: - registry: docker.io - name: confluent-operator-global - rbac: true - namespaced: true - namespaceList: ["dev", "production", "confluent"] diff --git a/kustomize/infrastructure/kustomization.yaml b/kustomize/infrastructure/kustomization.yaml index ffd02fd..2b7b859 100644 --- a/kustomize/infrastructure/kustomization.yaml +++ b/kustomize/infrastructure/kustomization.yaml @@ -1,10 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - namespaces.yaml - - proxy.yaml - - ldap.yaml -# - confluent-operator-credentials.yaml -# - confluent-operator-helm-release-dev.yaml -# - confluent-operator-helm-release-production.yaml -# - confluent-operator-helm-release-confluent.yaml \ No newline at end of file + - confluent-operator-helm-release-confluent.yaml + - namespaces.yaml \ No newline at end of file diff --git a/kustomize/infrastructure/ldap.yaml b/kustomize/infrastructure/ldap.yaml deleted file mode 100644 index b9b9485..0000000 --- a/kustomize/infrastructure/ldap.yaml +++ /dev/null @@ -1,149 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: ldap - namespace: tools - labels: - role: ldap - app: ldap -spec: - containers: - - name: ldap - args: - - --copy-service - - --loglevel=debug - image: osixia/openldap:1.4.0 - ports: - - name: ldap - containerPort: 389 - - name: ldaps - containerPort: 636 - livenessProbe: - tcpSocket: - port: 389 - initialDelaySeconds: 15 - periodSeconds: 20 - env: - - name: LDAP_ORGANISATION - value: "Test Inc" - - name: LDAP_DOMAIN - value: "test.com" - - name: LDAP_BASE_DN - value: "dc=test,dc=com" - - name: LDAP_ADMIN_PASSWORD - value: "confluentrox" - - name: LDAP_CONFIG_PASSWORD - value: "confluentconfigrox" - - name: KEEP_EXISTING_CONFIG - value: "False" - - name: LDAP_REMOVE_CONFIG_AFTER_SETUP - value: "True" - - name: LDAP_READONLY_USER - value: "True" - - name: LDAP_READONLY_USER_USERNAME - value: "mds" - - name: LDAP_READONLY_USER_PASSWORD - value: "Developer!" - - name: LDAP_TLS - value: "False" - volumeMounts: - - mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom - name: customldif - - mountPath: /var/lib/ldap - name: ldap-data - - mountPath: /etc/ldap/slapd.d - name: ldap-config - volumes: - - name: customldif - configMap: - defaultMode: 420 - name: ldap-ldifs - - name: ldap-data - emptyDir: {} - - name: ldap-config - emptyDir: {} - - restartPolicy: Always ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: ldap-ldifs - namespace: tools -data: - kafka.ldif: |- - dn: cn=kafka,dc=test,dc=com - userPassword: kafka-secret - description: kafka user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: kafka - erp.ldif: |- - dn: cn=erp,dc=test,dc=com - userPassword: erp-secret - description: erp user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: erp - sr.ldif: |- - dn: cn=sr,dc=test,dc=com - userPassword: sr-secret - description: schema registry user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: sr - c3.ldif: |- - dn: cn=c3,dc=test,dc=com - userPassword: c3-secret - description: control center user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: c3 - ksql.ldif: |- - dn: cn=ksql,dc=test,dc=com - userPassword: ksql-secret - description: ksql user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: ksql - connect.ldif: |- - dn: cn=connect,dc=test,dc=com - userPassword: connect-secret - description: connect user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: connect - replicator.ldif: |- - dn: cn=replicator,dc=test,dc=com - userPassword: replicator-secret - description: replicator user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: replicator - c3-test.ldif: |- - dn: cn=testadmin,dc=test,dc=com - userPassword: testadmin - description: testadmin user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: testadmin ---- -apiVersion: v1 -kind: Service -metadata: - name: ldap - labels: - app: ldap - namespace: tools -spec: - ports: - - port: 389 - name: ldap - - port: 636 - name: ldaps - clusterIP: None - selector: - app: ldap - - - diff --git a/kustomize/infrastructure/namespaces.yaml b/kustomize/infrastructure/namespaces.yaml index b2edc54..723893d 100644 --- a/kustomize/infrastructure/namespaces.yaml +++ b/kustomize/infrastructure/namespaces.yaml @@ -1,22 +1,7 @@ apiVersion: v1 kind: Namespace metadata: - name: tools ---- -apiVersion: v1 -kind: Namespace -metadata: - name: dev ---- -apiVersion: v1 -kind: Namespace -metadata: - name: staging ---- -apiVersion: v1 -kind: Namespace -metadata: - name: production + name: sandbox --- apiVersion: v1 kind: Namespace diff --git a/kustomize/infrastructure/proxy.yaml b/kustomize/infrastructure/proxy.yaml deleted file mode 100644 index 5f39f80..0000000 --- a/kustomize/infrastructure/proxy.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: proxy - namespace: tools - labels: - role: proxy -spec: - containers: - - name: proxy - image: serjs/go-socks5-proxy - ports: - - name: web - containerPort: 9100 - protocol: TCP - env: - - name: PROXY_PORT - value: "9100" \ No newline at end of file diff --git a/resources/application-secrets/README.md b/resources/application-secrets/README.md deleted file mode 100644 index a5a8d30..0000000 --- a/resources/application-secrets/README.md +++ /dev/null @@ -1,2 +0,0 @@ -### Application Secrets -The script populate_secrets.sh \ No newline at end of file diff --git a/resources/application-secrets/certs/mds-publickey.txt b/resources/application-secrets/certs/mds-publickey.txt deleted file mode 100644 index fadcb74..0000000 --- a/resources/application-secrets/certs/mds-publickey.txt +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMyjnP4qfdTKhCS5sPbV -qiXVyQ15wreVAsEqEsnMFt2JtML13ELOQ2szWn57Wzu782byEtYFlF3ToVW3cl4d -OJRzaSEQ6xe10R/i7TneItEQfpJr/2L4bubuQRGNe/KrLME0ivr9u4IEbbRS+ltu -6A9ggzGcaDSxV/eyKMNPadHQ/AN4BZijAeKZcDTjz6bHjJ6EQ3YNgqyn846reQk9 -ToHZl8bGHOhz5C7yoIfsxZgYHlnx6JGsiUZ5P36WGc38ZIB/m45o8cv4ifUVPUB0 -IQQ9AhYI5ZuMrxDsRPDX2GG6E5bW2vqDWyqXOY7cSoI7AikFdwATW4Rv7euEJUyz -NwIDAQAB ------END PUBLIC KEY----- \ No newline at end of file diff --git a/resources/application-secrets/certs/mds-tokenkeypair.txt b/resources/application-secrets/certs/mds-tokenkeypair.txt deleted file mode 100644 index 5e4c415..0000000 --- a/resources/application-secrets/certs/mds-tokenkeypair.txt +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAwMyjnP4qfdTKhCS5sPbVqiXVyQ15wreVAsEqEsnMFt2JtML1 -3ELOQ2szWn57Wzu782byEtYFlF3ToVW3cl4dOJRzaSEQ6xe10R/i7TneItEQfpJr -/2L4bubuQRGNe/KrLME0ivr9u4IEbbRS+ltu6A9ggzGcaDSxV/eyKMNPadHQ/AN4 -BZijAeKZcDTjz6bHjJ6EQ3YNgqyn846reQk9ToHZl8bGHOhz5C7yoIfsxZgYHlnx -6JGsiUZ5P36WGc38ZIB/m45o8cv4ifUVPUB0IQQ9AhYI5ZuMrxDsRPDX2GG6E5bW -2vqDWyqXOY7cSoI7AikFdwATW4Rv7euEJUyzNwIDAQABAoIBAQCKzIhZhI14q1Hk -kj/wy7ME3FotdPscmGe5ZPDyN78rEvCJZvXzTVELLkj5NCeAhd+ImqtZriS0LFwo -QPphZqnoys7Pd5OjfB1T4X3QRSHLtPEH/kerw0eRJ8WMqKNQAWMERE+cYpd6f17K -z9ARFvQgMrnLmVK9nnmyF8t2Fy27wqUVBmYXX/m+ne/+2S4PO8ZsPd3wY2Y9R8LV -ufbHC+H2ExA8nE4ztefg9zPyn1wMi/GMUg1WiCT3B2u3CZsWaZJzVItT6t7qnAZJ -XzkgNpIHn9mWuwh8kxgMd6sxDRAOD5iPd6a9i0oLSaS3/0LDezULC0VhTPy3G2oR -A0AJeOnRAoGBAPV1uz1pPJAtemr8wLiKhQOe8jAsxtnSzV8Fqd11qJYgnihwai+Y -k44hOJ/02/6wyq49FhMGmkyFWv5dUDERGV7McXP6bEfY5c1P+PdRUAm5H5nef37z -NR9f7oifV3j+49uy2VfUQCr/h+T+ywzAoc0iZyYGaI1wjKXQr3+1o55vAoGBAMkU -Bq2IaIDwomBgQCKQjCy/ANjQ32yMAGHf/mE32RTFpu5SZELe9yrGQr3xHFtQ9aQL -Vv5P09wZfb4IOdp/3wwHMqFjNjNdG8sw7RyNS+wfQGu8v1GfYssuBuXi9v0XGXFH -WenNQEUPbibRbocJ92OJTJK4P/s5vv132HDR/pu5AoGBAJ+Y8Sm45zwHlfVCajyT -NHFqQ6a3NoQi4I3MLOplujwC8VLx5NkVp7teNmcq2m/7m403AsdUH7dpbgS9v4pn -x8svuwTh6s28ZY7dVM/Z+uSXjciKNvPgRsYjpgEHOeTeNmF/JHpK834Br+ZhFL0x -8wJiQBclS43LhGe8DKBJBh3ZAoGAN5bHudXKPktIOKijUmrvtbcgPtCP0+xodqZ8 -JthPtURnP9+bRDlrz3F8JhKwKjaZkj5oUGo1QdXyQ0T26YcMXMDoqGFLLKwC8QuX -oZsWcDK7lo1ZvvD3WQBie89hRNrL99sn6lEKAY2ggC7KBZ8lu2jLuIwjdAqk2GH3 -fkkvwFECgYAyXj5z6COPIDJ1E1VLrJiw1YBXaa7ZLk5Epw3QvCM7hTKSFbuSNwsp -EuLmM7g8wMPZAbzs/RQOaf9IhE/x53dO2Imk5PARaoEsSFjND4dpVHaKem2cBomt -x5q0SqUVq6xv42213glBQMDJ4qQXTrsEBdpNynv7oVeXXwcaOTUaBw== ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/resources/application-secrets/licensing/license-key.txt b/resources/application-secrets/licensing/license-key.txt deleted file mode 100644 index 122a234..0000000 --- a/resources/application-secrets/licensing/license-key.txt +++ /dev/null @@ -1 +0,0 @@ -eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJvcGVyYXRvci10cmlhbCIsImV4cCI6MTYyNDQ0MzUzNSwiaWF0IjoxNjIxODUxNTM1LCJpc3MiOiJDb25mbHVlbnQiLCJzdWIiOiJjb250cm9sLWNlbnRlciJ9.kjMg_0JoA9xjnmCQqgyVADoFhyY66IJQfe3kmOL1rX2tIfrMWcGAzOyiuWayVV2CkB0M7OLYKuWrUtv7Du9G6X2gGCmwHUE7cyn0wIqfoNnYjNpFVIMjFz6PTL2hldYLBR1owisGB82D-e5NxwO76Dnvmswl50HW7nradYv2q9y5s5ALAYpMUotFciQwznTcZlGowf8I8PgN9IT_JyjPzO2JpDbc0mhrjZSNdpmySr3pTen6WhleAE4CuIwASBaaurkrFTkSe1MDVRQfxKT0jWFIv1A_jy-ZJGIrDVCz3d_xQ69H1_dmh3FKkUwDlNkvEa6wjip9T5QhGSnrMyH-Hw \ No newline at end of file diff --git a/resources/application-secrets/licensing/license-pem.txt b/resources/application-secrets/licensing/license-pem.txt deleted file mode 100644 index bdd4a81..0000000 --- a/resources/application-secrets/licensing/license-pem.txt +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaGy8TOdbCMySM7zqZsx -n62yuE+BhIPlc9z9ctrX+tBWNCCJePZbKHTZS9uKLeKUi9u07ts/35XRnE4ATD6q -lwjnSoJOkeIXcYiJ+XGExN1oRE8Rl5otvdmJEsb9Y6Jsfe2lRCCsZNx6k1s1NmQF -R4wnRiKylIiYJ9uWUGfH18JKZqM8z9QqkZ/+zQkzHNYsXn/YyRuDIQXeUSechr93 -Jjt79AikskicoT04lqz/GaHz2WJEyuvLLE1jNBOComKl05Qb+yvJmGnt/7HX6HT7 -3hnCXbslwtzp0CmeGOiJRbJxbahkTFqh1oKqZXUDCZrKCNNRvXqN/QHqnawo6kJy -8wIDAQAB ------END PUBLIC KEY----- \ No newline at end of file diff --git a/resources/application-secrets/populate_secrets.sh b/resources/application-secrets/populate_secrets.sh deleted file mode 100755 index 3992946..0000000 --- a/resources/application-secrets/populate_secrets.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -kubectl create secret generic credential \ ---from-file=plain-users.json=./users/creds-kafka-sasl-users.json \ ---from-file=digest-users.json=./users/creds-zookeeper-sasl-digest-users.json \ ---from-file=digest.txt=./users/creds-kafka-zookeeper-credentials.txt \ ---from-file=plain.txt=./users/creds-client-kafka-sasl-user.txt \ ---from-file=basic.txt=./users/creds-control-center-users.txt \ ---from-file=ldap.txt=./users/ldap.txt \ ---from-file=mdsPublicKey.pem=./certs/mds-publickey.txt \ ---from-file=mdsTokenKeyPair.pem=./certs/mds-tokenkeypair.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/credential.yaml - -kubectl create secret generic mds-token \ ---from-file=mdsPublicKey.pem=./certs/mds-publickey.txt \ ---from-file=mdsTokenKeyPair.pem=./certs/mds-tokenkeypair.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/mds-token.yaml - -# Kafka RBAC credential -kubectl create secret generic mds-client \ ---from-file=bearer.txt=./users/bearer.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/mds-client.yaml -# Control Center RBAC credential -kubectl create secret generic c3-mds-client \ ---from-file=bearer.txt=./users/c3-mds-client.txt \ ---from-file=basic.txt=./users/c3-mds-client.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/c3-mds-client.yaml -# Connect RBAC credential -kubectl create secret generic connect-mds-client \ ---from-file=bearer.txt=./users/connect-mds-client.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/connect-mds-client.yaml -# Schema Registry RBAC credential -kubectl create secret generic sr-mds-client \ ---from-file=bearer.txt=./users/sr-mds-client.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/sr-mds-client.yaml -# ksqlDB RBAC credential -kubectl create secret generic ksqldb-mds-client \ ---from-file=bearer.txt=./users/ksqldb-mds-client.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/ksqldb-mds-client.yaml -# Kafka REST credential -kubectl create secret generic rest-credential \ ---from-file=bearer.txt=./users/bearer.txt \ ---from-file=basic.txt=./users/bearer.txt \ ---from-file=plain.txt=./users/bearer.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/rest-credential.yaml - -# Confluent licensing -kubectl create secret generic confluent-operator-licensing \ ---from-file=license.txt=./licensing/license-key.txt \ ---from-file=publicKey.pem=./licensing/license-pem.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/confluent-license.yaml \ No newline at end of file diff --git a/resources/application-secrets/users/bearer.txt b/resources/application-secrets/users/bearer.txt deleted file mode 100644 index eb2fc71..0000000 --- a/resources/application-secrets/users/bearer.txt +++ /dev/null @@ -1,2 +0,0 @@ -username=kafka -password=kafka-secret diff --git a/resources/application-secrets/users/c3-mds-client.txt b/resources/application-secrets/users/c3-mds-client.txt deleted file mode 100644 index 5a28076..0000000 --- a/resources/application-secrets/users/c3-mds-client.txt +++ /dev/null @@ -1,2 +0,0 @@ -username=c3 -password=c3-secret diff --git a/resources/application-secrets/users/connect-mds-client.txt b/resources/application-secrets/users/connect-mds-client.txt deleted file mode 100644 index ce4c7e7..0000000 --- a/resources/application-secrets/users/connect-mds-client.txt +++ /dev/null @@ -1,2 +0,0 @@ -username=connect -password=connect-secret diff --git a/resources/application-secrets/users/creds-client-kafka-sasl-user.txt b/resources/application-secrets/users/creds-client-kafka-sasl-user.txt deleted file mode 100644 index eb2fc71..0000000 --- a/resources/application-secrets/users/creds-client-kafka-sasl-user.txt +++ /dev/null @@ -1,2 +0,0 @@ -username=kafka -password=kafka-secret diff --git a/resources/application-secrets/users/creds-control-center-users.txt b/resources/application-secrets/users/creds-control-center-users.txt deleted file mode 100644 index 846ac30..0000000 --- a/resources/application-secrets/users/creds-control-center-users.txt +++ /dev/null @@ -1,3 +0,0 @@ -c3: c3-secret,Administrators -admin: Developer1,Administrators -admin1: Developer1,Administrators diff --git a/resources/application-secrets/users/creds-kafka-sasl-users.json b/resources/application-secrets/users/creds-kafka-sasl-users.json deleted file mode 100644 index d4537b7..0000000 --- a/resources/application-secrets/users/creds-kafka-sasl-users.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "kafka_client": "kafka_client-secret", - "c3": "c3-secret", - "kafka": "kafka-secret" -} \ No newline at end of file diff --git a/resources/application-secrets/users/creds-kafka-zookeeper-credentials.txt b/resources/application-secrets/users/creds-kafka-zookeeper-credentials.txt deleted file mode 100644 index 94e3cde..0000000 --- a/resources/application-secrets/users/creds-kafka-zookeeper-credentials.txt +++ /dev/null @@ -1,2 +0,0 @@ -username="kafka" -password="kafka-secret" \ No newline at end of file diff --git a/resources/application-secrets/users/creds-zookeeper-sasl-digest-users.json b/resources/application-secrets/users/creds-zookeeper-sasl-digest-users.json deleted file mode 100644 index 1df68af..0000000 --- a/resources/application-secrets/users/creds-zookeeper-sasl-digest-users.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "kafka": "kafka-secret" -} diff --git a/resources/application-secrets/users/ksqldb-mds-client.txt b/resources/application-secrets/users/ksqldb-mds-client.txt deleted file mode 100644 index 9e1f256..0000000 --- a/resources/application-secrets/users/ksqldb-mds-client.txt +++ /dev/null @@ -1,2 +0,0 @@ -username=ksql -password=ksql-secret diff --git a/resources/application-secrets/users/ldap.txt b/resources/application-secrets/users/ldap.txt deleted file mode 100644 index dfa92e7..0000000 --- a/resources/application-secrets/users/ldap.txt +++ /dev/null @@ -1,2 +0,0 @@ -username=cn=mds,dc=test,dc=com -password=Developer! diff --git a/resources/application-secrets/users/sr-mds-client.txt b/resources/application-secrets/users/sr-mds-client.txt deleted file mode 100644 index 854f639..0000000 --- a/resources/application-secrets/users/sr-mds-client.txt +++ /dev/null @@ -1,2 +0,0 @@ -username=sr -password=sr-secret diff --git a/resources/certificates/base-ca-config.json b/resources/certificates/base-ca-config.json deleted file mode 100644 index 9c9f5ac..0000000 --- a/resources/certificates/base-ca-config.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "signing": { - "default": { - "expiry": "43800h" - }, - "profiles": { - "server": { - "expiry": "43800h", - "usages": [ - "signing", - "key encipherment", - "server auth", - "client auth" - ] - }, - "client": { - "expiry": "43800h", - "usages": [ - "signing", - "key encipherment", - "client auth" - ] - } - } - } -} diff --git a/resources/certificates/base-ca-csr.json b/resources/certificates/base-ca-csr.json deleted file mode 100644 index d1eec56..0000000 --- a/resources/certificates/base-ca-csr.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "CN": "TestCA", - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "C": "Universe", - "L": "Earth", - "O": "Acme", - "ST": "Pangea", - "OU": "MyOrg" - } - ] -} diff --git a/resources/certificates/base-server-domain.json b/resources/certificates/base-server-domain.json deleted file mode 100644 index b804d2f..0000000 --- a/resources/certificates/base-server-domain.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "CN": "*.svc.cluster.local", - "hosts": [ - "*.production.svc.cluster.local", - "*.zookeeper.production.svc.cluster.local", - "*.kafka.production.svc.cluster.local" - ], - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "C": "Universe", - "ST": "Pangea", - "L": "Earth" - } - ] -} diff --git a/resources/certificates/generate_certificate.sh b/resources/certificates/generate_certificate.sh deleted file mode 100755 index ef5ccaf..0000000 --- a/resources/certificates/generate_certificate.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -cfssl gencert -initca base-ca-csr.json | cfssljson -bare ./sensitive-ca - -# Verify with this: -#openssl x509 -in sensitive-ca.pem -text -noout -cfssl gencert -ca=./sensitive-ca.pem -ca-key=./sensitive-ca-key.pem -config=./base-ca-config.json -profile=server base-server-domain.json | cfssljson -bare sensitive-server -# Verify with this: -#openssl x509 -in sensitive-server.pem -text -noout - -kubectl create namespace production -kubectl create namespace dev -kubectl create secret -n production generic tls-group1 \ - --dry-run=client \ - --from-file=fullchain.pem=./sensitive-server.pem \ - --from-file=cacerts.pem=./sensitive-ca.pem \ - --from-file=privkey.pem=./sensitive-server-key.pem -o yaml | kubectl apply -f - -kubectl create secret -n production tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=sensitive-ca.pem \ ---key=sensitive-ca-key.pem -o yaml | kubectl apply -f - -kubectl create secret -n dev tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=./sensitive-ca.pem \ ---key=./sensitive-ca-key.pem -o yaml | kubectl apply -f - - -md5sum sensitive-ca.pem -md5sum sensitive-server.pem \ No newline at end of file diff --git a/resources/certificates/replace_certificate.sh b/resources/certificates/replace_certificate.sh deleted file mode 100755 index 8e1a0fd..0000000 --- a/resources/certificates/replace_certificate.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -cfssl gencert -initca base-ca-csr.json | cfssljson -bare ./sensitive-ca - -# Verify with this: -#openssl x509 -in sensitive-ca.pem -text -noout -cfssl gencert -ca=./sensitive-ca.pem -ca-key=./sensitive-ca-key.pem -config=./base-ca-config.json -profile=server base-server-domain.json | cfssljson -bare sensitive-server -# Verify with this: -#openssl x509 -in sensitive-server.pem -text -noout - -kubectl create secret -n production generic tls-group1 \ - --dry-run=client \ - --from-file=fullchain.pem=./sensitive-server.pem \ - --from-file=cacerts.pem=./sensitive-ca.pem \ - --from-file=privkey.pem=./sensitive-server-key.pem -o yaml | kubectl replace -f - -kubectl create secret -n production tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=sensitive-ca.pem \ ---key=sensitive-ca-key.pem -o yaml | kubectl replace -f - - -kubectl create secret -n dev tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=./sensitive-ca.pem \ ---key=./sensitive-ca-key.pem -o yaml | kubectl replace -f - - -md5sum sensitive-ca.pem -md5sum sensitive-server.pem \ No newline at end of file From f99ab16aa13d6bfd316acb8a37cecfaae4b0845c Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Thu, 1 Jul 2021 10:45:07 +0100 Subject: [PATCH 02/10] wip of cleanup --- MANUAL_PROCESS.md | 29 ++++++++----- README.md | 41 ++----------------- flux-system/git_repo.sh | 6 +++ flux-system/gotk-sync.yaml | 10 ++--- kustomize/base/confluent/control-centre.yaml | 4 -- kustomize/base/confluent/kafka-connect.yaml | 4 -- kustomize/base/confluent/kafka.yaml | 4 -- kustomize/base/confluent/ksqldb.yaml | 4 -- kustomize/base/confluent/schema-registry.yaml | 4 -- kustomize/base/kustomization.yaml | 5 +-- .../environments/sandbox/control-centre.yaml | 2 - .../environments/sandbox/kafka-connect.yaml | 2 - kustomize/environments/sandbox/ksqldb.yaml | 3 +- .../environments/sandbox/kustomization.yaml | 2 +- .../environments/sandbox/schema-registry.yaml | 2 - ...luent-operator-helm-release-confluent.yaml | 13 +++++- .../kustomization.yaml | 0 .../namespaces.yaml | 0 18 files changed, 45 insertions(+), 90 deletions(-) create mode 100755 flux-system/git_repo.sh rename kustomize/{infrastructure => operator}/confluent-operator-helm-release-confluent.yaml (55%) rename kustomize/{infrastructure => operator}/kustomization.yaml (100%) rename kustomize/{infrastructure => operator}/namespaces.yaml (100%) diff --git a/MANUAL_PROCESS.md b/MANUAL_PROCESS.md index ba07cab..72c9407 100644 --- a/MANUAL_PROCESS.md +++ b/MANUAL_PROCESS.md @@ -1,22 +1,29 @@ +## Forking this repository. + +In order to showcase the GitOps behaviour of the FluxCD toolkit you will require the ability to write to a repository. Fork this repository, and update line 11 of the file `./flux-system/gotk-sync.yaml` to the new https git address. Also make note of line 10 'branch'; this is the branch of the repository which Flux will monitor + ## Deploy base Flux components -* Navigate to ./flux-system -* Run `kubectl apply -f gotk-components.yaml` +### Overview +This step will install the base Flux kubernetes components onto your kubernetes cluster. To inspect what is being applied, simply look through the contents of `./flux-system/gotk-components.yaml`. You will see a mix of Custom Resource Definitions, Service Accounts, Deployments, and other various components. After application is finished, you should see the following pods running: -## Add GitHub Deploy Key -* Navigate to ./resources/git -* Generate identity, identity.pub, knownhosts file -* Add identity.pub to 'deploy keys' in github -* run git_repo.sh +* Helm-Controller + +* Kustomize Controller -[comment]: <> (## Deploy confluent-helm chart secrets) +* Notification Controller + +* Source Controller + * Monitor the logs of this pod to observe the polling FluxCD will perform on the git repository. -[comment]: <> (* Navigate to ./resources/confluent-helm) +### Deployment Process +* Navigate to `./flux-system` +* Run `kubectl apply -f gotk-components.yaml` -[comment]: <> (* Set ENV Vars) -[comment]: <> (* run `senstive_secrets.sh`) ## Deploy Flux Sync +### Overview +This next step will tell Flux what repository to monitor, and, within that repository, what kustomization files to start with. * Navigate to ./flux-system * run `kubectl apply -f gotk-sync.yaml` diff --git a/README.md b/README.md index 6d3bfde..39f9e34 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ For this example we assume a single clusters simulated a production environment. The end goal is to leverage Flux and Kustomize to manage [Confluent Operator for Kubernetes](https://github.com/confluentinc/operator-earlyaccess). You can extend the with another cluster while minimizing duplicated declarations. -We will configure [Flux](https://fluxcd.io/) to install, deploy and config the [Confluent Platform](https://www.confluent.io/product/confluent-platform) using their private `HelmRepository` and `HelmRelease` custom resources. +We will configure [Flux](https://fluxcd.io/) to install, deploy and config the [Confluent Platform](https://www.confluent.io/product/confluent-platform) using their `HelmRepository` and `HelmRelease` custom resources. Flux will monitor the Helm repository, and it will automatically upgrade the Helm releases to their latest chart version based on semver ranges. You may find this project helpful by simply referencing the documentation, code, and strategies for managing Kafka resources on Kubernetes. Additionally, if you just wish to operate a working example of the new Confluent operator, the following usage instructions will guide you. @@ -25,7 +25,6 @@ Install the Confluent CLI curl -sL --http1.1 https://cnfl.io/cli | sh -s -- latest ``` -Get early access by registering interest here: [Confluent Operator Early Access Registration](https://events.confluent.io/confluentoperatorearlyaccess) For this Early Access program, you will have received an API key (associated with your email address) to the Confluent JFrog Artifactory. This is required to pull down the Helm charts and Confluent Docker images. ## Repository structure @@ -109,46 +108,11 @@ export GITHUB_USER= export GITHUB_REPO= ``` -2. After forking and cloning the repository, navigate to the project root and verify that your production cluster folder satisfies the prerequisites with: -```sh -flux check --pre -``` - -3. Flux will now need connectivity do your cluster, ensure the correct kubectl context to your cluster and bootstrap Flux: -```sh -flux bootstrap github \ - --owner=${GITHUB_USER} \ - --repository=${GITHUB_REPO} \ - --branch=main \ - --personal \ - --path=clusters/production -``` - -```sh -flux bootstrap github \ - --owner=${GITHUB_USER} \ - --repository=${GITHUB_REPO} \ - --branch=develop-andrewmccully \ - --personal \ - --path=kustomize -``` - -4. Deploy the secrets required by the application. The secrets referenced in `./resources/populate_secrets.sh` will match up to the LDAP/LDIFs located at `./infrastructure/tools/ldap.yaml` -```sh -./resources/populate_secrets.sh -``` - -5. The source controller will be unable to pull the Helm chart or connect to the Docker registry. You now should create the following secrets using Confluent early access credentials: ```sh export USER= export APIKEY= export EMAIL= -kubectl create secret docker-registry confluent-registry -n dev \ - --docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ - --docker-username=$USER \ - --docker-password=$APIKEY \ - --docker-email=$EMAIL && \ kubectl create secret -n flux-system generic https-credentials \ --from-literal=username=$USER \ --from-literal=password=$APIKEY @@ -156,7 +120,8 @@ kubectl create secret -n flux-system generic https-credentials \ ``` Watch for the Helm releases being installed in production cluster: -```console +``` +console $ watch flux get helmreleases --all-namespaces ``` diff --git a/flux-system/git_repo.sh b/flux-system/git_repo.sh new file mode 100755 index 0000000..fa0c801 --- /dev/null +++ b/flux-system/git_repo.sh @@ -0,0 +1,6 @@ +#!/bin/bash +kubectl create ns flux-system && +kubectl create secret -n flux-system generic flux-system \ +--from-file=identity=./identity \ +--from-file=identity.pub=./identity.pub \ +--from-file=known_hosts=./known_hosts \ No newline at end of file diff --git a/flux-system/gotk-sync.yaml b/flux-system/gotk-sync.yaml index cbc4614..64035fa 100644 --- a/flux-system/gotk-sync.yaml +++ b/flux-system/gotk-sync.yaml @@ -7,10 +7,8 @@ metadata: spec: interval: 1m0s ref: - branch: playground - secretRef: - name: flux-system - url: ssh://git@github.com/osodevops/kafka-gitops + branch: clean-up + url: https://github.com/osodevops/kafka-gitops.git --- apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 kind: Kustomization @@ -19,7 +17,7 @@ metadata: namespace: flux-system spec: interval: 10m0s - path: ./kustomize/infrastructure + path: ./kustomize/operator prune: true sourceRef: kind: GitRepository @@ -28,7 +26,7 @@ spec: - apiVersion: helm.toolkit.fluxcd.io/v1beta1 kind: HelmRelease name: confluent - namespace: confluent + namespace: sandbox validation: client --- apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 diff --git a/kustomize/base/confluent/control-centre.yaml b/kustomize/base/confluent/control-centre.yaml index 20d9fa3..0ad8fd6 100644 --- a/kustomize/base/confluent/control-centre.yaml +++ b/kustomize/base/confluent/control-centre.yaml @@ -25,10 +25,6 @@ spec: bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 tls: enabled: true - mds: - endpoint: https://kafka.foobar.svc.cluster.local:8090 - tls: - enabled: true connect: - name: connect url: https://connect.foobar.svc.cluster.local:8083 diff --git a/kustomize/base/confluent/kafka-connect.yaml b/kustomize/base/confluent/kafka-connect.yaml index 5dc5ce0..baaba78 100644 --- a/kustomize/base/confluent/kafka-connect.yaml +++ b/kustomize/base/confluent/kafka-connect.yaml @@ -14,7 +14,3 @@ spec: bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 tls: enabled: true - mds: - endpoint: https://kafka.foobar.svc.cluster.local:8090 - tls: - enabled: true diff --git a/kustomize/base/confluent/kafka.yaml b/kustomize/base/confluent/kafka.yaml index 7c3639e..5d04e56 100644 --- a/kustomize/base/confluent/kafka.yaml +++ b/kustomize/base/confluent/kafka.yaml @@ -10,10 +10,6 @@ spec: dataVolumeCapacity: 40Gi tls: autoGeneratedCerts: true - services: - mds: - tls: - enabled: true configOverrides: server: - confluent.schema.registry.url=registry.foobar.svc.cluster.local:8081 diff --git a/kustomize/base/confluent/ksqldb.yaml b/kustomize/base/confluent/ksqldb.yaml index 082f940..f30747a 100644 --- a/kustomize/base/confluent/ksqldb.yaml +++ b/kustomize/base/confluent/ksqldb.yaml @@ -15,7 +15,3 @@ spec: bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 tls: enabled: true - mds: - endpoint: https://kafka.foobar.svc.cluster.local:8090 - tls: - enabled: true diff --git a/kustomize/base/confluent/schema-registry.yaml b/kustomize/base/confluent/schema-registry.yaml index aded788..4beba5d 100644 --- a/kustomize/base/confluent/schema-registry.yaml +++ b/kustomize/base/confluent/schema-registry.yaml @@ -15,7 +15,3 @@ spec: bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 tls: enabled: true - mds: - endpoint: https://kafka.foobar.svc.cluster.local:8090 - tls: - enabled: true diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index 7a392bb..9509326 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -1,8 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - secrets - - operator - confluent - - rolebindings - - topics + diff --git a/kustomize/environments/sandbox/control-centre.yaml b/kustomize/environments/sandbox/control-centre.yaml index 0924182..bf03965 100644 --- a/kustomize/environments/sandbox/control-centre.yaml +++ b/kustomize/environments/sandbox/control-centre.yaml @@ -7,5 +7,3 @@ spec: dependencies: kafka: bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 - mds: - endpoint: https://kafka.sandbox.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/sandbox/kafka-connect.yaml b/kustomize/environments/sandbox/kafka-connect.yaml index 282783f..9dd6049 100644 --- a/kustomize/environments/sandbox/kafka-connect.yaml +++ b/kustomize/environments/sandbox/kafka-connect.yaml @@ -7,5 +7,3 @@ spec: dependencies: kafka: bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 - mds: - endpoint: https://kafka.sandbox.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/sandbox/ksqldb.yaml b/kustomize/environments/sandbox/ksqldb.yaml index 051d287..95d38e0 100644 --- a/kustomize/environments/sandbox/ksqldb.yaml +++ b/kustomize/environments/sandbox/ksqldb.yaml @@ -7,5 +7,4 @@ spec: dependencies: kafka: bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 - mds: - endpoint: https://kafka.sandbox.svc.cluster.local:8090 + diff --git a/kustomize/environments/sandbox/kustomization.yaml b/kustomize/environments/sandbox/kustomization.yaml index 370dc91..57305ff 100644 --- a/kustomize/environments/sandbox/kustomization.yaml +++ b/kustomize/environments/sandbox/kustomization.yaml @@ -1,4 +1,4 @@ -namespace: dev +namespace: sandbox resources: - ../../base patchesStrategicMerge: diff --git a/kustomize/environments/sandbox/schema-registry.yaml b/kustomize/environments/sandbox/schema-registry.yaml index 9cec2da..c4fc874 100644 --- a/kustomize/environments/sandbox/schema-registry.yaml +++ b/kustomize/environments/sandbox/schema-registry.yaml @@ -7,5 +7,3 @@ spec: dependencies: kafka: bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 - mds: - endpoint: https://kafka.sandbox.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml b/kustomize/operator/confluent-operator-helm-release-confluent.yaml similarity index 55% rename from kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml rename to kustomize/operator/confluent-operator-helm-release-confluent.yaml index 36dc3b6..b4216b9 100644 --- a/kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml +++ b/kustomize/operator/confluent-operator-helm-release-confluent.yaml @@ -1,3 +1,12 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: confluentinc + namespace: flux-system +spec: + url: https://packages.confluent.io/helm + interval: 1m +--- apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: @@ -9,10 +18,10 @@ spec: spec: chart: confluent-for-kubernetes sourceRef: - name: confluent-for-kubernetes + name: confluentinc kind: HelmRepository namespace: flux-system values: image: registry: docker.io - name: confluent-operator-global \ No newline at end of file + name: confluent-operator-global diff --git a/kustomize/infrastructure/kustomization.yaml b/kustomize/operator/kustomization.yaml similarity index 100% rename from kustomize/infrastructure/kustomization.yaml rename to kustomize/operator/kustomization.yaml diff --git a/kustomize/infrastructure/namespaces.yaml b/kustomize/operator/namespaces.yaml similarity index 100% rename from kustomize/infrastructure/namespaces.yaml rename to kustomize/operator/namespaces.yaml From effab6f90c3ab96da1bbdb5458ee28b5a6c8c8d2 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Thu, 1 Jul 2021 11:04:37 +0100 Subject: [PATCH 03/10] removing TLS as we would require a CA --- MANUAL_PROCESS.md | 5 +--- flux-system/git_repo.sh | 6 ----- git_repo.sh | 6 ----- kustomize/base/confluent/control-centre.yaml | 26 +++++++++---------- kustomize/base/confluent/kafka-connect.yaml | 8 +++--- kustomize/base/confluent/kafka.yaml | 12 ++++----- kustomize/base/confluent/ksqldb.yaml | 8 +++--- kustomize/base/confluent/schema-registry.yaml | 8 +++--- kustomize/base/confluent/zookeeper.yaml | 4 +-- 9 files changed, 34 insertions(+), 49 deletions(-) delete mode 100755 flux-system/git_repo.sh delete mode 100755 git_repo.sh diff --git a/MANUAL_PROCESS.md b/MANUAL_PROCESS.md index 72c9407..5196b2b 100644 --- a/MANUAL_PROCESS.md +++ b/MANUAL_PROCESS.md @@ -7,13 +7,10 @@ In order to showcase the GitOps behaviour of the FluxCD toolkit you will require This step will install the base Flux kubernetes components onto your kubernetes cluster. To inspect what is being applied, simply look through the contents of `./flux-system/gotk-components.yaml`. You will see a mix of Custom Resource Definitions, Service Accounts, Deployments, and other various components. After application is finished, you should see the following pods running: * Helm-Controller - * Kustomize Controller - * Notification Controller - * Source Controller - * Monitor the logs of this pod to observe the polling FluxCD will perform on the git repository. + ### Deployment Process * Navigate to `./flux-system` diff --git a/flux-system/git_repo.sh b/flux-system/git_repo.sh deleted file mode 100755 index fa0c801..0000000 --- a/flux-system/git_repo.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -kubectl create ns flux-system && -kubectl create secret -n flux-system generic flux-system \ ---from-file=identity=./identity \ ---from-file=identity.pub=./identity.pub \ ---from-file=known_hosts=./known_hosts \ No newline at end of file diff --git a/git_repo.sh b/git_repo.sh deleted file mode 100755 index fa0c801..0000000 --- a/git_repo.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -kubectl create ns flux-system && -kubectl create secret -n flux-system generic flux-system \ ---from-file=identity=./identity \ ---from-file=identity.pub=./identity.pub \ ---from-file=known_hosts=./known_hosts \ No newline at end of file diff --git a/kustomize/base/confluent/control-centre.yaml b/kustomize/base/confluent/control-centre.yaml index 0ad8fd6..01bbf48 100644 --- a/kustomize/base/confluent/control-centre.yaml +++ b/kustomize/base/confluent/control-centre.yaml @@ -18,24 +18,24 @@ spec: application: confluentinc/cp-enterprise-control-center-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 dataVolumeCapacity: 20Gi - tls: - autoGeneratedCerts: true +# tls: +# autoGeneratedCerts: true dependencies: kafka: bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 - tls: - enabled: true +# tls: +# enabled: true connect: - name: connect - url: https://connect.foobar.svc.cluster.local:8083 - tls: - enabled: true + url: http://connect.foobar.svc.cluster.local:8083 +# tls: +# enabled: true ksqldb: - name: ksqldb - url: https://ksqldb.foobar.svc.cluster.local:8088 - tls: - enabled: true + url: http://ksqldb.foobar.svc.cluster.local:8088 +# tls: +# enabled: true schemaRegistry: - url: https://schemaregistry.foobar.svc.cluster.local:8081 - tls: - enabled: true + url: http://schemaregistry.foobar.svc.cluster.local:8081 +# tls: +# enabled: true diff --git a/kustomize/base/confluent/kafka-connect.yaml b/kustomize/base/confluent/kafka-connect.yaml index baaba78..7ef159f 100644 --- a/kustomize/base/confluent/kafka-connect.yaml +++ b/kustomize/base/confluent/kafka-connect.yaml @@ -7,10 +7,10 @@ spec: image: application: confluentinc/cp-server-connect-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 - tls: - autoGeneratedCerts: true +# tls: +# autoGeneratedCerts: true dependencies: kafka: bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 - tls: - enabled: true +# tls: +# enabled: true diff --git a/kustomize/base/confluent/kafka.yaml b/kustomize/base/confluent/kafka.yaml index 5d04e56..6bb9ca6 100644 --- a/kustomize/base/confluent/kafka.yaml +++ b/kustomize/base/confluent/kafka.yaml @@ -8,21 +8,21 @@ spec: application: confluentinc/cp-server-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 dataVolumeCapacity: 40Gi - tls: - autoGeneratedCerts: true +# tls: +# autoGeneratedCerts: true configOverrides: server: - confluent.schema.registry.url=registry.foobar.svc.cluster.local:8081 dependencies: zookeeper: endpoint: zookeeper.foobar.svc.cluster.local:2182 - tls: - enabled: true +# tls: +# enabled: true metricReporter: enabled: true bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 - tls: - enabled: true +# tls: +# enabled: true --- #apiVersion: platform.confluent.io/v1beta1 #kind: KafkaRestClass diff --git a/kustomize/base/confluent/ksqldb.yaml b/kustomize/base/confluent/ksqldb.yaml index f30747a..34853a6 100644 --- a/kustomize/base/confluent/ksqldb.yaml +++ b/kustomize/base/confluent/ksqldb.yaml @@ -8,10 +8,10 @@ spec: application: confluentinc/cp-ksqldb-server-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 dataVolumeCapacity: 10Gi - tls: - autoGeneratedCerts: true +# tls: +# autoGeneratedCerts: true dependencies: kafka: bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 - tls: - enabled: true +# tls: +# enabled: true diff --git a/kustomize/base/confluent/schema-registry.yaml b/kustomize/base/confluent/schema-registry.yaml index 4beba5d..2a718e8 100644 --- a/kustomize/base/confluent/schema-registry.yaml +++ b/kustomize/base/confluent/schema-registry.yaml @@ -8,10 +8,10 @@ spec: image: application: confluentinc/cp-schema-registry-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 - tls: - autoGeneratedCerts: true +# tls: +# autoGeneratedCerts: true dependencies: kafka: bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 - tls: - enabled: true +# tls: +# enabled: true diff --git a/kustomize/base/confluent/zookeeper.yaml b/kustomize/base/confluent/zookeeper.yaml index d14be35..c16e0dd 100644 --- a/kustomize/base/confluent/zookeeper.yaml +++ b/kustomize/base/confluent/zookeeper.yaml @@ -10,5 +10,5 @@ spec: init: confluentinc/cp-init-container-operator:6.1.1.0 dataVolumeCapacity: 10Gi logVolumeCapacity: 10Gi - tls: - autoGeneratedCerts: true +# tls: +# autoGeneratedCerts: true From 80d93effc85766a586ed4ed2e56fc0e18f257c11 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Thu, 1 Jul 2021 12:35:17 +0100 Subject: [PATCH 04/10] additional wip --- MANUAL_PROCESS.md | 44 ++++++++++++++++-- README.md | 28 ----------- .../base/confluent/ca-pair-sslcerts.yaml | 8 ++++ kustomize/base/confluent/control-centre.yaml | 26 +++++------ kustomize/base/confluent/kafka-connect.yaml | 8 ++-- kustomize/base/confluent/kafka.yaml | 26 ++++++----- kustomize/base/confluent/ksqldb.yaml | 8 ++-- kustomize/base/confluent/kustomization.yaml | 1 + kustomize/base/confluent/schema-registry.yaml | 8 ++-- kustomize/base/confluent/zookeeper.yaml | 4 +- .../environments/sandbox/control-centre.yaml | 16 +++++++ kustomize/environments/sandbox/kafka.yaml | 2 +- tldr.sh | 46 ------------------- 13 files changed, 107 insertions(+), 118 deletions(-) create mode 100644 kustomize/base/confluent/ca-pair-sslcerts.yaml delete mode 100755 tldr.sh diff --git a/MANUAL_PROCESS.md b/MANUAL_PROCESS.md index 5196b2b..0ec0681 100644 --- a/MANUAL_PROCESS.md +++ b/MANUAL_PROCESS.md @@ -1,5 +1,34 @@ -## Forking this repository. +# GitOps for Apache Kafka Example + +For this example we assume a single clusters simulated a production environment. The end goal is to leverage Flux and Kustomize to manage [Confluent Operator for Kubernetes](https://github.com/confluentinc/operator-earlyaccess). You can extend the with another cluster while minimizing duplicated declarations. + +We will configure [Flux](https://fluxcd.io/) to install, deploy and config the [Confluent Platform](https://www.confluent.io/product/confluent-platform) using their `HelmRepository` and `HelmRelease` custom resources. +Flux will monitor the Helm repository, and it will automatically upgrade the Helm releases to their latest chart version based on semver ranges. + +You may find this project helpful by simply referencing the documentation, code, and strategies for managing Kafka resources on Kubernetes. Additionally, if you just wish to operate a working example of the new Confluent operator, the following usage instructions will guide you. + + +## Repository structure + +The Git repository contains the following top directories: + +- **flux-system** dir contains the required flux +- **kustomize/base** dir contains the base definition of the confluent stack. +- **kustomize/environments** dir containing an example environment, folders could be copied to create additional environments. Files within are 'patches' which are layered on top of the definitions found in kustomize/base +- **kustomize/operator** dir the helm chart definition for confluent-for-kubernetes (CFK). + + +``` +├── flux-system +├── kustomize +│ ├── base +│ │ ├── confluent +│ ├── environments +│ │ └── sandbox +│ └── operator +``` +## Forking this repository. In order to showcase the GitOps behaviour of the FluxCD toolkit you will require the ability to write to a repository. Fork this repository, and update line 11 of the file `./flux-system/gotk-sync.yaml` to the new https git address. Also make note of line 10 'branch'; this is the branch of the repository which Flux will monitor ## Deploy base Flux components @@ -10,6 +39,8 @@ This step will install the base Flux kubernetes components onto your kubernetes * Kustomize Controller * Notification Controller * Source Controller + +For more information on what these controllers do, please review [the documentation here](https://fluxcd.io/docs/components/). ### Deployment Process @@ -17,10 +48,15 @@ This step will install the base Flux kubernetes components onto your kubernetes * Run `kubectl apply -f gotk-components.yaml` - ## Deploy Flux Sync ### Overview -This next step will tell Flux what repository to monitor, and, within that repository, what kustomization files to start with. -* Navigate to ./flux-system +This next step will tell Flux what repository to monitor, and, within that repository, what kustomization files to start with. The first Kustomize resource that Flux will look for to is located at `./kustomize/operator`. This will install the confluent-for-kubernetes Helm chart. After a successful health check of the operator (which will run as a pod), Flux will then proceed to deploy our first environment located at `./kustomize/environments/sandbox`. + +### Deployment Process +* Navigate to `./flux-system` * run `kubectl apply -f gotk-sync.yaml` +## Watch Flux in action + + + diff --git a/README.md b/README.md index 39f9e34..aec434b 100644 --- a/README.md +++ b/README.md @@ -26,34 +26,6 @@ curl -sL --http1.1 https://cnfl.io/cli | sh -s -- latest ``` -## Repository structure - -The Git repository contains the following top directories: - -- **apps** dir contains Helm releases with a custom configuration per cluster -- **infrastructure** dir contains common infra tools such as Confluent Operator, example LDAP controller and Helm repository definitions -- **clusters** dir contains the Flux configuration per cluster - -``` -├── apps -│ ├── base -│ │ ├── kafka -│ │ └── rolebindings -│ ├── production -├── infrastructure -│ ├── confluent -│ ├── sources -│ └── tools -└── clusters - └── production -``` -### /apps -The apps configuration contains all the Confluent Platform configuration and is structured into: - -- **apps/base/kakfa/** dir common values for all clusters: namespaces, certificates, secrets, Confluent components via Helm release definitions and Deployments -- **apps/base/rolebings/** dir contains the common RBAC bindings for all deployments -- **apps/production/** dir contains the production values - ### /infrastructure The infrastructure `sources` folder contains the [Flux Source Controller](https://fluxcd.io/docs/components/source/) configuration and some common tooling which is required for this Confluent LDAP / RBAC example. ```yaml diff --git a/kustomize/base/confluent/ca-pair-sslcerts.yaml b/kustomize/base/confluent/ca-pair-sslcerts.yaml new file mode 100644 index 0000000..1f134a8 --- /dev/null +++ b/kustomize/base/confluent/ca-pair-sslcerts.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVS3Mxa1FBS0lUSjZmd3N5ZFBBNkNrZ2Raekl3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05NakV3TlRJMU1USXlNekF3V2hjTk1qWXdOVEkwTVRJeU16QXdXakJrTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTgpNQXNHQTFVRUNoTUVRV050WlRFT01Bd0dBMVVFQ3hNRlRYbFBjbWN4RHpBTkJnTlZCQU1UQmxSbGMzUkRRVENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTFhBdlhEVmJoNkNIT1Q0TlBnZkR4aG8KMXpzaUk4Zk4vanhNTjU2WlZrNDlIbmtDZE1IcjFiVjRxOUZkVFpwZisrVGZmRXdoTkJTZkpkRUh6TFV6VW1rUQp6WFk5Mno4YkQ0QXZCeE5sd0E0RGVRY1F2N2tZYVhWY2tZdVRpWitvcDdHaFVIVUFxY3hQSFBhUS9qL3FXU0JzClhzVTdVRDBMeDl5VXVtN3Uwa1NZUEZoc013YW1yWG5lcmRJc1dnL0RqUlRCZ041K201cUIvZkxYTlBqWXhVZEYKRXh6WU5kclVFRDkxSnEzZEFGQVY3dlJOYXczTDV5VkJ2bE9vRGx4UEo2ZjVmZHRMYXhrRWZhSEczUDU0c3A2YwpSTUNRNmMwd3NMT1ZaWjFIeWMvNk1iSWhSVTdITVhkSTllY2UvYnVFWmVSOUZtT2g5R3orSDFTUG5PTWdHVWNDCkF3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME8KQkJZRUZCdjdUUmU0d3FQNktnV09pcjZBUTNCRVJiL1JNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUEwazBONwpHb09xR3FpUzRLbUFxNWpTWHRwMTVBYjRmS0dJL3pZSHdiVWNiTVNxUGNsczhUSkRrcXpmaFgyL2ZKN1hkc2hHCkkrTHNMbXFSM0hFNEtoNFRHcVFXTE1hRWxjSjNwYjlTbFJxY2dBbEVWMStkNDRkOXI1cVlGRlA3VkJwWTBuYWIKMVFLeHFyUWd4bmFjQzJmaTlxdGV6M01ubUJoMVRUOXowOHlaaURPVHpteHlpVTRTcmZzRFEwVEw5YXdZb2dFawpJRTUvN2thRjYrbzNNSng4TGF6UkV6TmhNYTdlQ2NCUUFmKzFXMERFdDQvNWR6bk10MVNYTmNOaENzUDFHVU1rCkZwQkIyZjIrVnloNjVjSjBWVk5rN2gvSDlPRnl5a2NYNWhEeHRaMXpuWDhvQWpZTks1WTVBbDBreVdabzZmTWQKZ3llZm1rY2VzV1dTMTdqcwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBdGNDOWNOVnVIb0ljNVBnMCtCOFBHR2pYT3lJang4MytQRXczbnBsV1RqMGVlUUowCndldlZ0WGlyMFYxTm1sLzc1Tjk4VENFMEZKOGwwUWZNdFROU2FSRE5kajNiUHhzUGdDOEhFMlhBRGdONUJ4Qy8KdVJocGRWeVJpNU9KbjZpbnNhRlFkUUNwekU4YzlwRCtQK3BaSUd4ZXhUdFFQUXZIM0pTNmJ1N1NSSmc4V0d3egpCcWF0ZWQ2dDBpeGFEOE9ORk1HQTNuNmJtb0g5OHRjMCtOakZSMFVUSE5nMTJ0UVFQM1VtcmQwQVVCWHU5RTFyCkRjdm5KVUcrVTZnT1hFOG5wL2w5MjB0ckdRUjlvY2JjL25peW5weEV3SkRwelRDd3M1VmxuVWZKei9veHNpRkYKVHNjeGQwajE1eDc5dTRSbDVIMFdZNkgwYlA0ZlZJK2M0eUFaUndJREFRQUJBb0lCQUd2aU5WQ2xqNURTWUw1VQp5blJCVTErRTA4VUk5YjRpK3ZibHN0b1VZSk5lV2hrd0tRZjJxY3JuRHUzZWVUTGFLSlhwUmttV0oralpzc1BKCjRtdm9ROUdUcExHNzg4a1lrZkhmZUU2K1JlckxpdXB6dWFudjRLRkdTaXBVY0F0eU8rQUhSYys5amd4MUpWY0MKSjdqZXJQcSsrTjRQNEFmc1Z6MEtsME5EeFZIckgwcmFJYWhrbG1jQVNjU21xbGpYc0JLd3RRY1ZaRjhGM0RTQQp6cmp4MHZPSnN6R0NDak9zaVo3NnVOOUhscTJhYmV0VDFZdkFBa091VHZVcUZweFB3RG5qTWxtOGk4dW1zdGx4ClEwcEo4N0xEcDZOZWxPSVkvS2lpb1dVdXBrdTB0REFldzk4Z3NhOFBoZUJPYzVoN1g5UkJNWmE0dTlLdm9PcngKLzF1U3Fka0NnWUVBMTF1RDdPTG5Pd010QVo2cXZrMlk5Vm80MkxpSGZtV1dJSkVuZVNQNCtwdS95bjVRUTM3dwpkVjhhRFQxc3M0NWNRU1NJVzZoOUlJSWJ1NDVhZ2JrQWtLRVhvUUNkTUxFSWFLV0hHM0hUa3ZHUHpXNjNnVGJaCm9YaU1XdWlCd3Q0TnVmV1FaSmQ4S2c1ZEtRYkVtMTFsWm1BUlhXd1JUWkI0Sk9XV2NPT0N6aDBDZ1lFQTJBMnkKNFdxN3dBTzhacUVacHNQS3B0S1JnTmV2RHM0Z3F1eVV0aUNyRjkrbjlhL0NFRkVRdS9ZWENxaWhFRnRZMDJWcwo3L2Z4dDNVWlN1Rk4wR2VKcDk2YTNnMW45OHRBdjlrMytyTTRXWUtOMlVTdnFqR0Y0SUMyQktWK0crSC9oc1N2CjNEd3pzZFA3bnZoRCs5dmVDeUtFbVZqSnE4RTVJd040UlljODk3TUNnWUJMVHo5MUtXdi9JUDh1SDlSSnRFMFgKRDdQdFphcE1NeTRxdVZmNmJ1LzBnMTZ3YXplYVF0dkh6N2dHaFVKc0VBNkc0VVdsOStlNTVJWGFNcy9IcVhCZgpJMVptQVJiM0hoRjR0dG5tYVFtNXl5dWtoV0U2bUhuR2s2ZFJheGxsa2MxdkNFYTBScDB1LzlMb00rdXhBUm9pCmtObkJ0N2JkVHZZVXdReTQ4WGFlcVFLQmdCTnNoOXlFUUFUdlVRelpCdmxiT09qdW5XNDc5ZDBhNHd6NjRCUFAKdEJJZFpYaE5LT0ZXcUc1OW5XeXo1R2NZRDFCU0dnMG8rVzVJOU5FcW1GaFlOcVFFKzE5alRTbVYrR2hIR3lWSwozNUlNanJ3dDFLMDBicGpVZVlqSmFDRVJuR3Q5VzJJdGQyaFJhcG5NTURDQWYrSDRaSHQwNUF5dy9uWUxaZEM2CmE5ekpBb0dBU0JIYlRPWVo1SGdMVmhOYTFrNVFzc1BOSEppWVIwaWk0TXVWUGh5WTJKVEpUaWNiUlZldHJ1cVcKNFlCQjRHN0RZTmNsNU9JWURyM0J6VHdsYlRUTkNqNXJIMmtwL2dyMUk4d005TlYxWFV6dUp3WFZVVTc3OGJwaApiL3FtblhyWHdqVFJLZVFsbitleis5RzlxUGIySHVPa3pyQ2UzVmlQeDRIWTYrbzVLNHc9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== +kind: Secret +metadata: + name: ca-pair-sslcerts +type: kubernetes.io/tls diff --git a/kustomize/base/confluent/control-centre.yaml b/kustomize/base/confluent/control-centre.yaml index 01bbf48..0ad8fd6 100644 --- a/kustomize/base/confluent/control-centre.yaml +++ b/kustomize/base/confluent/control-centre.yaml @@ -18,24 +18,24 @@ spec: application: confluentinc/cp-enterprise-control-center-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 dataVolumeCapacity: 20Gi -# tls: -# autoGeneratedCerts: true + tls: + autoGeneratedCerts: true dependencies: kafka: bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 -# tls: -# enabled: true + tls: + enabled: true connect: - name: connect - url: http://connect.foobar.svc.cluster.local:8083 -# tls: -# enabled: true + url: https://connect.foobar.svc.cluster.local:8083 + tls: + enabled: true ksqldb: - name: ksqldb - url: http://ksqldb.foobar.svc.cluster.local:8088 -# tls: -# enabled: true + url: https://ksqldb.foobar.svc.cluster.local:8088 + tls: + enabled: true schemaRegistry: - url: http://schemaregistry.foobar.svc.cluster.local:8081 -# tls: -# enabled: true + url: https://schemaregistry.foobar.svc.cluster.local:8081 + tls: + enabled: true diff --git a/kustomize/base/confluent/kafka-connect.yaml b/kustomize/base/confluent/kafka-connect.yaml index 7ef159f..baaba78 100644 --- a/kustomize/base/confluent/kafka-connect.yaml +++ b/kustomize/base/confluent/kafka-connect.yaml @@ -7,10 +7,10 @@ spec: image: application: confluentinc/cp-server-connect-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 -# tls: -# autoGeneratedCerts: true + tls: + autoGeneratedCerts: true dependencies: kafka: bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 -# tls: -# enabled: true + tls: + enabled: true diff --git a/kustomize/base/confluent/kafka.yaml b/kustomize/base/confluent/kafka.yaml index 6bb9ca6..7e8dee2 100644 --- a/kustomize/base/confluent/kafka.yaml +++ b/kustomize/base/confluent/kafka.yaml @@ -8,28 +8,30 @@ spec: application: confluentinc/cp-server-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 dataVolumeCapacity: 40Gi -# tls: -# autoGeneratedCerts: true + tls: + autoGeneratedCerts: true configOverrides: server: - confluent.schema.registry.url=registry.foobar.svc.cluster.local:8081 dependencies: zookeeper: endpoint: zookeeper.foobar.svc.cluster.local:2182 -# tls: -# enabled: true + tls: + enabled: true metricReporter: enabled: true bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 -# tls: -# enabled: true + tls: + enabled: true --- -#apiVersion: platform.confluent.io/v1beta1 -#kind: KafkaRestClass -#metadata: -# name: default -#spec: -# kafkaRest: +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaRestClass +metadata: + name: default +spec: + kafkaRest: + tls: + enabled: true # authentication: # type: bearer # bearer: diff --git a/kustomize/base/confluent/ksqldb.yaml b/kustomize/base/confluent/ksqldb.yaml index 34853a6..f30747a 100644 --- a/kustomize/base/confluent/ksqldb.yaml +++ b/kustomize/base/confluent/ksqldb.yaml @@ -8,10 +8,10 @@ spec: application: confluentinc/cp-ksqldb-server-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 dataVolumeCapacity: 10Gi -# tls: -# autoGeneratedCerts: true + tls: + autoGeneratedCerts: true dependencies: kafka: bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 -# tls: -# enabled: true + tls: + enabled: true diff --git a/kustomize/base/confluent/kustomization.yaml b/kustomize/base/confluent/kustomization.yaml index 9df20d6..0c39768 100644 --- a/kustomize/base/confluent/kustomization.yaml +++ b/kustomize/base/confluent/kustomization.yaml @@ -7,3 +7,4 @@ resources: - schema-registry.yaml - control-centre.yaml - ksqldb.yaml + - ca-pair-sslcerts.yaml diff --git a/kustomize/base/confluent/schema-registry.yaml b/kustomize/base/confluent/schema-registry.yaml index 2a718e8..4beba5d 100644 --- a/kustomize/base/confluent/schema-registry.yaml +++ b/kustomize/base/confluent/schema-registry.yaml @@ -8,10 +8,10 @@ spec: image: application: confluentinc/cp-schema-registry-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 -# tls: -# autoGeneratedCerts: true + tls: + autoGeneratedCerts: true dependencies: kafka: bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 -# tls: -# enabled: true + tls: + enabled: true diff --git a/kustomize/base/confluent/zookeeper.yaml b/kustomize/base/confluent/zookeeper.yaml index c16e0dd..d14be35 100644 --- a/kustomize/base/confluent/zookeeper.yaml +++ b/kustomize/base/confluent/zookeeper.yaml @@ -10,5 +10,5 @@ spec: init: confluentinc/cp-init-container-operator:6.1.1.0 dataVolumeCapacity: 10Gi logVolumeCapacity: 10Gi -# tls: -# autoGeneratedCerts: true + tls: + autoGeneratedCerts: true diff --git a/kustomize/environments/sandbox/control-centre.yaml b/kustomize/environments/sandbox/control-centre.yaml index bf03965..515d7eb 100644 --- a/kustomize/environments/sandbox/control-centre.yaml +++ b/kustomize/environments/sandbox/control-centre.yaml @@ -7,3 +7,19 @@ spec: dependencies: kafka: bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 + tls: + enabled: true + connect: + - name: connect + url: https://connect.sandbox.svc.cluster.local:8083 + tls: + enabled: true + ksqldb: + - name: ksqldb + url: https://ksqldb.sandbox.svc.cluster.local:8088 + tls: + enabled: true + schemaRegistry: + url: https://schemaregistry.sandbox.svc.cluster.local:8081 + tls: + enabled: true diff --git a/kustomize/environments/sandbox/kafka.yaml b/kustomize/environments/sandbox/kafka.yaml index 29a9098..0f4bb80 100644 --- a/kustomize/environments/sandbox/kafka.yaml +++ b/kustomize/environments/sandbox/kafka.yaml @@ -1,9 +1,9 @@ ---- apiVersion: platform.confluent.io/v1beta1 kind: Kafka metadata: name: kafka spec: +# replicas: 4 configOverrides: server: - confluent.schema.registry.url=registry.sandbox.svc.cluster.local:8081 diff --git a/tldr.sh b/tldr.sh deleted file mode 100755 index 15eb8c7..0000000 --- a/tldr.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -flux bootstrap github \ ---owner=${GITHUB_USER} \ ---repository=${GITHUB_REPO} \ ---path=clusters/production \ ---branch=develop \ ---personal -sleep 10 -echo "Sleeping for 10 seconds to ensure namespace is created" -kubectl create secret -n confluent docker-registry confluent-registry \ ---docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ ---docker-username=$USER \ ---docker-password=$APIKEY \ ---docker-email=$EMAIL && \ -kubectl create secret -n flux-system generic https-credentials \ ---from-literal=username=$USER \ ---from-literal=password=$APIKEY -kubectl create secret -n confluent generic credential \ ---from-file=plain-users.json=./resources/users/creds-kafka-sasl-users.json \ ---from-file=digest-users.json=./resources/users/creds-zookeeper-sasl-digest-users.json \ ---from-file=digest.txt=./resources/users/creds-kafka-zookeeper-credentials.txt \ ---from-file=plain.txt=./resources/users/creds-client-kafka-sasl-user.txt \ ---from-file=basic.txt=./resources/users/creds-control-center-users.txt \ ---from-file=ldap.txt=./resources/users/ldap.txt -kubectl create secret -n confluent generic mds-token \ ---from-file=mdsPublicKey.pem=./resources/certs/mds-publickey.txt \ ---from-file=mdsTokenKeyPair.pem=./resources/certs/mds-tokenkeypair.txt -# Kafka RBAC credential -kubectl create secret -n confluent generic mds-client \ ---from-file=bearer.txt=./resources/users/bearer.txt -# Control Center RBAC credential -kubectl create secret -n confluent generic c3-mds-client \ ---from-file=bearer.txt=./resources/users/c3-mds-client.txt -# Connect RBAC credential -kubectl create secret -n confluent generic connect-mds-client \ ---from-file=bearer.txt=./resources/users/connect-mds-client.txt -# Schema Registry RBAC credential -kubectl create secret -n confluent generic sr-mds-client \ ---from-file=bearer.txt=./resources/users/sr-mds-client.txt -# ksqlDB RBAC credential -kubectl create secret -n confluent generic ksqldb-mds-client \ ---from-file=bearer.txt=./resources/users/ksqldb-mds-client.txt -# Kafka REST credential -kubectl create secret -n confluent generic rest-credential \ ---from-file=bearer.txt=./resources/users/bearer.txt \ ---from-file=basic.txt=./resources/users/bearer.txt \ No newline at end of file From 5870c9e0bc95aba9091efdcb9d920c22d2004555 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Thu, 1 Jul 2021 12:48:09 +0100 Subject: [PATCH 05/10] wip --- MANUAL_PROCESS.md | 62 --------- README.md | 130 ++++++------------ kustomize/base/confluent/control-centre.yaml | 31 +---- kustomize/base/confluent/kafka-connect.yaml | 9 +- kustomize/base/confluent/kafka.yaml | 30 +--- kustomize/base/confluent/ksqldb.yaml | 7 - kustomize/base/confluent/rest-class.yaml | 9 ++ kustomize/base/confluent/schema-registry.yaml | 10 +- kustomize/base/confluent/zookeeper.yaml | 3 - .../environments/sandbox/control-centre.yaml | 6 +- .../environments/sandbox/kafka-connect.yaml | 5 + kustomize/environments/sandbox/kafka.yaml | 16 ++- kustomize/environments/sandbox/ksqldb.yaml | 5 +- .../environments/sandbox/schema-registry.yaml | 7 +- kustomize/environments/sandbox/zookeeper.yaml | 7 + 15 files changed, 92 insertions(+), 245 deletions(-) delete mode 100644 MANUAL_PROCESS.md create mode 100644 kustomize/base/confluent/rest-class.yaml create mode 100644 kustomize/environments/sandbox/zookeeper.yaml diff --git a/MANUAL_PROCESS.md b/MANUAL_PROCESS.md deleted file mode 100644 index 0ec0681..0000000 --- a/MANUAL_PROCESS.md +++ /dev/null @@ -1,62 +0,0 @@ -# GitOps for Apache Kafka Example - -For this example we assume a single clusters simulated a production environment. The end goal is to leverage Flux and Kustomize to manage [Confluent Operator for Kubernetes](https://github.com/confluentinc/operator-earlyaccess). You can extend the with another cluster while minimizing duplicated declarations. - -We will configure [Flux](https://fluxcd.io/) to install, deploy and config the [Confluent Platform](https://www.confluent.io/product/confluent-platform) using their `HelmRepository` and `HelmRelease` custom resources. -Flux will monitor the Helm repository, and it will automatically upgrade the Helm releases to their latest chart version based on semver ranges. - -You may find this project helpful by simply referencing the documentation, code, and strategies for managing Kafka resources on Kubernetes. Additionally, if you just wish to operate a working example of the new Confluent operator, the following usage instructions will guide you. - - -## Repository structure - -The Git repository contains the following top directories: - -- **flux-system** dir contains the required flux -- **kustomize/base** dir contains the base definition of the confluent stack. -- **kustomize/environments** dir containing an example environment, folders could be copied to create additional environments. Files within are 'patches' which are layered on top of the definitions found in kustomize/base -- **kustomize/operator** dir the helm chart definition for confluent-for-kubernetes (CFK). - - -``` -├── flux-system -├── kustomize -│ ├── base -│ │ ├── confluent -│ ├── environments -│ │ └── sandbox -│ └── operator -``` - -## Forking this repository. -In order to showcase the GitOps behaviour of the FluxCD toolkit you will require the ability to write to a repository. Fork this repository, and update line 11 of the file `./flux-system/gotk-sync.yaml` to the new https git address. Also make note of line 10 'branch'; this is the branch of the repository which Flux will monitor - -## Deploy base Flux components -### Overview -This step will install the base Flux kubernetes components onto your kubernetes cluster. To inspect what is being applied, simply look through the contents of `./flux-system/gotk-components.yaml`. You will see a mix of Custom Resource Definitions, Service Accounts, Deployments, and other various components. After application is finished, you should see the following pods running: - -* Helm-Controller -* Kustomize Controller -* Notification Controller -* Source Controller - -For more information on what these controllers do, please review [the documentation here](https://fluxcd.io/docs/components/). - - -### Deployment Process -* Navigate to `./flux-system` -* Run `kubectl apply -f gotk-components.yaml` - - -## Deploy Flux Sync -### Overview -This next step will tell Flux what repository to monitor, and, within that repository, what kustomization files to start with. The first Kustomize resource that Flux will look for to is located at `./kustomize/operator`. This will install the confluent-for-kubernetes Helm chart. After a successful health check of the operator (which will run as a pod), Flux will then proceed to deploy our first environment located at `./kustomize/environments/sandbox`. - -### Deployment Process -* Navigate to `./flux-system` -* run `kubectl apply -f gotk-sync.yaml` - -## Watch Flux in action - - - diff --git a/README.md b/README.md index aec434b..5fd4441 100644 --- a/README.md +++ b/README.md @@ -7,111 +7,61 @@ Flux will monitor the Helm repository, and it will automatically upgrade the Hel You may find this project helpful by simply referencing the documentation, code, and strategies for managing Kafka resources on Kubernetes. Additionally, if you just wish to operate a working example of the new Confluent operator, the following usage instructions will guide you. -## Prerequisites -You will need a Kubernetes cluster version 1.16 or newer and kubectl version 1.18. -In order to follow the guide you'll need a GitHub account and a -[personal access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) -that can create repositories (check all permissions under `repo`). +## Repository structure -Install the Flux CLI on MacOS and Linux using Homebrew: +The Git repository contains the following top directories: -```sh -brew install fluxcd/tap/flux -``` - -Install the Confluent CLI -```she -curl -sL --http1.1 https://cnfl.io/cli | sh -s -- latest -``` +- **flux-system** dir contains the required flux +- **kustomize/base** dir contains the base definition of the confluent stack. +- **kustomize/environments** dir containing an example environment, folders could be copied to create additional environments. Files within are 'patches' which are layered on top of the definitions found in kustomize/base +- **kustomize/operator** dir the helm chart definition for confluent-for-kubernetes (CFK). -### /infrastructure -The infrastructure `sources` folder contains the [Flux Source Controller](https://fluxcd.io/docs/components/source/) configuration and some common tooling which is required for this Confluent LDAP / RBAC example. -```yaml -apiVersion: source.toolkit.fluxcd.io/v1beta1 -kind: HelmRepository -metadata: - name: confluent-private - namespace: flux-system -spec: - url: https://confluent.jfrog.io/confluent/helm-early-access-operator-2 - secretRef: - name: https-credentials - interval: 5m ``` -Note secretRef: The Confluent helm repository is private and requires a username and password which we must create. -Note that with interval: 5m we configure Flux to pull the Helm repository index every five minutes. If the index contains a new chart version that matches a HelmRelease semver range, Flux will upgrade the release. - -The `confluent` folder contains the Helm release which is performed by the [Helm Controller](https://fluxcd.io/docs/components/helm/helmreleases/) and also requires access to the private Docker registry to pull down the Confluent images. -```yaml -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: confluent - namespace: confluent -spec: - interval: 1m - chart: - spec: - chart: confluent-for-kubernetes - sourceRef: - kind: HelmRepository - name: confluent-private - namespace: flux-system - values: - image: - registry: confluent-docker-internal-early-access-operator-2.jfrog.io +├── flux-system +├── kustomize +│ ├── base +│ │ ├── confluent +│ ├── environments +│ │ └── sandbox +│ └── operator ``` -Note: The Helm automatically looks for a secret called `confluent-registry` which we must create in the confluent namespace. -## Setup -Following this example, you'll set up secure Confluent Platform clusters with SASL PLAIN authentication, role-based access control (RBAC) authorization, and inter-component TLS. The clusters dir contains the Kustomization definitions:: -``` -./clusters/ -└── production - ├── apps.yaml - └── infrastructure.yaml -``` -1. Using GitOps will require the FluxCD toolkit to have read and write access to the repository. For your own local version, you must create a fork of this repository and clone it locally; otherwise, the GitOps automation will not be authorized to read and write from the repository. Fork this repository on your personal GitHub account and export your GitHub access token, username and repo name: -```sh -export GITHUB_TOKEN= -export GITHUB_USER= -export GITHUB_REPO= -``` - -```sh -export USER= -export APIKEY= -export EMAIL= +## Forking this repository. +In order to showcase the GitOps behaviour of the FluxCD toolkit you will require the ability to write to a repository. Fork this repository, and update line 11 of the file `./flux-system/gotk-sync.yaml` to the new https git address. Also make note of line 10 'branch'; this is the branch of the repository which Flux will monitor -kubectl create secret -n flux-system generic https-credentials \ ---from-literal=username=$USER \ ---from-literal=password=$APIKEY +## Deploy base Flux components +### Overview +This step will install the base Flux kubernetes components onto your kubernetes cluster. To inspect what is being applied, simply look through the contents of `./flux-system/gotk-components.yaml`. You will see a mix of Custom Resource Definitions, Service Accounts, Deployments, and other various components. After application is finished, you should see the following pods running: -``` -Watch for the Helm releases being installed in production cluster: +* Helm-Controller +* Kustomize Controller +* Notification Controller +* Source Controller + +For more information on what these controllers do, please review [the documentation here](https://fluxcd.io/docs/components/). + + +### Deployment Process +* Navigate to `./flux-system` +* Run `kubectl apply -f gotk-components.yaml` -``` -console -$ watch flux get helmreleases --all-namespaces -``` +## Deploy Flux Sync +### Overview +This next step will tell Flux what repository to monitor, and, within that repository, what kustomization files to start with. The first Kustomize resource that Flux will look for to is located at `./kustomize/operator`. This will install the confluent-for-kubernetes Helm chart. After a successful health check of the operator (which will run as a pod), Flux will then proceed to deploy our first environment located at `./kustomize/environments/sandbox`. -## Appendix -### Useful commands +### Deployment Process +* Navigate to `./flux-system` +* run `kubectl apply -f gotk-sync.yaml` -* Force Flux Reconciliation - `flux reconcile source git flux-system` +## Watch Flux in action +### Overview +Now that we have flux monitoring the forked Git repository, let's demonstrate the GitOps behaviour! If everything has deployed successfully, you should see a healthy confluent stack looking like this: -* Decode secrets - `kubectl get secrets -n flux-system https-credentials -o json | jq '.data | map_values(@base64d)'` - `kubectl get secrets -n flux-system flux-system -o json | jq '.data | map_values(@base64d)'` -* Access Control Centre - `kubectl port-forward -n confluent controlcenter-0 9021:9021`. The web UI credentials will be c3/c3-secret (as defined by the populated secrets) +To exhibit Flux, let's change our kafka replicas from the default of 3, to 4: +* In the file `./kustomize/environments/sandbox/kafka.yaml` -* LDAP Testing. Exec onto the ldap container by running: `kubectl exec -it -n tools ldap -- bash`. Running - `ldapsearch -LLL -x -H ldap://ldap.tools.svc.cluster.local:389 -b 'dc=test,dc=com' -D "cn=mds,dc=test,dc=com" -w 'Developer!'` will return a list of LDAP users presently configured -* For testing a repeatable deployment process, for example on a local minikube, a `tldr.sh` script which captures the above steps has been included at the root of this project \ No newline at end of file diff --git a/kustomize/base/confluent/control-centre.yaml b/kustomize/base/confluent/control-centre.yaml index 0ad8fd6..ca16b90 100644 --- a/kustomize/base/confluent/control-centre.yaml +++ b/kustomize/base/confluent/control-centre.yaml @@ -8,34 +8,9 @@ spec: probe: liveness: periodSeconds: 10 - failureThreshold: 60 - timeoutSeconds: 5 - readiness: - periodSeconds: 10 - failureThreshold: 60 - timeoutSeconds: 5 + failureThreshold: 5 + timeoutSeconds: 500 image: application: confluentinc/cp-enterprise-control-center-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 - dataVolumeCapacity: 20Gi - tls: - autoGeneratedCerts: true - dependencies: - kafka: - bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 - tls: - enabled: true - connect: - - name: connect - url: https://connect.foobar.svc.cluster.local:8083 - tls: - enabled: true - ksqldb: - - name: ksqldb - url: https://ksqldb.foobar.svc.cluster.local:8088 - tls: - enabled: true - schemaRegistry: - url: https://schemaregistry.foobar.svc.cluster.local:8081 - tls: - enabled: true + dataVolumeCapacity: 10Gi \ No newline at end of file diff --git a/kustomize/base/confluent/kafka-connect.yaml b/kustomize/base/confluent/kafka-connect.yaml index baaba78..5afbad7 100644 --- a/kustomize/base/confluent/kafka-connect.yaml +++ b/kustomize/base/confluent/kafka-connect.yaml @@ -6,11 +6,4 @@ spec: replicas: 1 image: application: confluentinc/cp-server-connect-operator:6.1.1.0 - init: confluentinc/cp-init-container-operator:6.1.1.0 - tls: - autoGeneratedCerts: true - dependencies: - kafka: - bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 - tls: - enabled: true + init: confluentinc/cp-init-container-operator:6.1.1.0 \ No newline at end of file diff --git a/kustomize/base/confluent/kafka.yaml b/kustomize/base/confluent/kafka.yaml index 7e8dee2..e568be2 100644 --- a/kustomize/base/confluent/kafka.yaml +++ b/kustomize/base/confluent/kafka.yaml @@ -7,32 +7,4 @@ spec: image: application: confluentinc/cp-server-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 - dataVolumeCapacity: 40Gi - tls: - autoGeneratedCerts: true - configOverrides: - server: - - confluent.schema.registry.url=registry.foobar.svc.cluster.local:8081 - dependencies: - zookeeper: - endpoint: zookeeper.foobar.svc.cluster.local:2182 - tls: - enabled: true - metricReporter: - enabled: true - bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 - tls: - enabled: true ---- -apiVersion: platform.confluent.io/v1beta1 -kind: KafkaRestClass -metadata: - name: default -spec: - kafkaRest: - tls: - enabled: true -# authentication: -# type: bearer -# bearer: -# secretRef: rest-credential \ No newline at end of file + dataVolumeCapacity: 10Gi diff --git a/kustomize/base/confluent/ksqldb.yaml b/kustomize/base/confluent/ksqldb.yaml index f30747a..7f36e97 100644 --- a/kustomize/base/confluent/ksqldb.yaml +++ b/kustomize/base/confluent/ksqldb.yaml @@ -8,10 +8,3 @@ spec: application: confluentinc/cp-ksqldb-server-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 dataVolumeCapacity: 10Gi - tls: - autoGeneratedCerts: true - dependencies: - kafka: - bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 - tls: - enabled: true diff --git a/kustomize/base/confluent/rest-class.yaml b/kustomize/base/confluent/rest-class.yaml new file mode 100644 index 0000000..21c449d --- /dev/null +++ b/kustomize/base/confluent/rest-class.yaml @@ -0,0 +1,9 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaRestClass +metadata: + name: default +spec: + kafkaRest: + authentication: + type: basic + basic: diff --git a/kustomize/base/confluent/schema-registry.yaml b/kustomize/base/confluent/schema-registry.yaml index 4beba5d..8458536 100644 --- a/kustomize/base/confluent/schema-registry.yaml +++ b/kustomize/base/confluent/schema-registry.yaml @@ -1,17 +1,9 @@ ---- apiVersion: platform.confluent.io/v1beta1 kind: SchemaRegistry metadata: - name: registry + name: schemaregistry spec: replicas: 1 image: application: confluentinc/cp-schema-registry-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 - tls: - autoGeneratedCerts: true - dependencies: - kafka: - bootstrapEndpoint: kafka.foobar.svc.cluster.local:9071 - tls: - enabled: true diff --git a/kustomize/base/confluent/zookeeper.yaml b/kustomize/base/confluent/zookeeper.yaml index d14be35..c14f5c9 100644 --- a/kustomize/base/confluent/zookeeper.yaml +++ b/kustomize/base/confluent/zookeeper.yaml @@ -1,4 +1,3 @@ ---- apiVersion: platform.confluent.io/v1beta1 kind: Zookeeper metadata: @@ -10,5 +9,3 @@ spec: init: confluentinc/cp-init-container-operator:6.1.1.0 dataVolumeCapacity: 10Gi logVolumeCapacity: 10Gi - tls: - autoGeneratedCerts: true diff --git a/kustomize/environments/sandbox/control-centre.yaml b/kustomize/environments/sandbox/control-centre.yaml index 515d7eb..4187286 100644 --- a/kustomize/environments/sandbox/control-centre.yaml +++ b/kustomize/environments/sandbox/control-centre.yaml @@ -4,6 +4,8 @@ kind: ControlCenter metadata: name: controlcenter spec: + tls: + autoGeneratedCerts: true dependencies: kafka: bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 @@ -11,12 +13,12 @@ spec: enabled: true connect: - name: connect - url: https://connect.sandbox.svc.cluster.local:8083 + url: https://connect.sandbox.svc.cluster.local:8083 tls: enabled: true ksqldb: - name: ksqldb - url: https://ksqldb.sandbox.svc.cluster.local:8088 + url: https://ksqldb.sandbox.svc.cluster.local:8088 tls: enabled: true schemaRegistry: diff --git a/kustomize/environments/sandbox/kafka-connect.yaml b/kustomize/environments/sandbox/kafka-connect.yaml index 9dd6049..ae8ceb3 100644 --- a/kustomize/environments/sandbox/kafka-connect.yaml +++ b/kustomize/environments/sandbox/kafka-connect.yaml @@ -4,6 +4,11 @@ kind: Connect metadata: name: connect spec: + tls: + secretRef: tls-group1 dependencies: kafka: bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 + tls: + enabled: true + diff --git a/kustomize/environments/sandbox/kafka.yaml b/kustomize/environments/sandbox/kafka.yaml index 0f4bb80..f875cdf 100644 --- a/kustomize/environments/sandbox/kafka.yaml +++ b/kustomize/environments/sandbox/kafka.yaml @@ -3,12 +3,20 @@ kind: Kafka metadata: name: kafka spec: -# replicas: 4 configOverrides: server: - - confluent.schema.registry.url=registry.sandbox.svc.cluster.local:8081 + - confluent.schema.registry.url=https://schemaregistry.sandbox.svc.cluster.local:8081 + tls: + autoGeneratedCerts: true + listeners: + internal: + tls: + enabled: true + external: + tls: + enabled: true dependencies: zookeeper: endpoint: zookeeper.sandbox.svc.cluster.local:2182 - metricReporter: - bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 + tls: + enabled: true diff --git a/kustomize/environments/sandbox/ksqldb.yaml b/kustomize/environments/sandbox/ksqldb.yaml index 95d38e0..940dca4 100644 --- a/kustomize/environments/sandbox/ksqldb.yaml +++ b/kustomize/environments/sandbox/ksqldb.yaml @@ -4,7 +4,10 @@ kind: KsqlDB metadata: name: ksqldb spec: + tls: + autoGeneratedCerts: true dependencies: kafka: bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 - + tls: + enabled: true diff --git a/kustomize/environments/sandbox/schema-registry.yaml b/kustomize/environments/sandbox/schema-registry.yaml index c4fc874..f98f5b6 100644 --- a/kustomize/environments/sandbox/schema-registry.yaml +++ b/kustomize/environments/sandbox/schema-registry.yaml @@ -1,9 +1,12 @@ ---- apiVersion: platform.confluent.io/v1beta1 kind: SchemaRegistry metadata: - name: registry + name: schemaregistry spec: + tls: + autoGeneratedCerts: true dependencies: kafka: bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 + tls: + enabled: true diff --git a/kustomize/environments/sandbox/zookeeper.yaml b/kustomize/environments/sandbox/zookeeper.yaml new file mode 100644 index 0000000..fbf0fb4 --- /dev/null +++ b/kustomize/environments/sandbox/zookeeper.yaml @@ -0,0 +1,7 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Zookeeper +metadata: + name: zookeeper +spec: + tls: + autoGeneratedCerts: true \ No newline at end of file From 0ec1abf0db41e3d516f49ace442957b880041c83 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Thu, 1 Jul 2021 13:51:12 +0100 Subject: [PATCH 06/10] including zookeeper patch --- kustomize/environments/sandbox/kustomization.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kustomize/environments/sandbox/kustomization.yaml b/kustomize/environments/sandbox/kustomization.yaml index 57305ff..051ba2a 100644 --- a/kustomize/environments/sandbox/kustomization.yaml +++ b/kustomize/environments/sandbox/kustomization.yaml @@ -6,4 +6,5 @@ patchesStrategicMerge: - kafka.yaml - kafka-connect.yaml - ksqldb.yaml - - schema-registry.yaml \ No newline at end of file + - schema-registry.yaml + - zookeeper.yaml \ No newline at end of file From 10b80b6a933ba39cf709138f9e79a83245750c28 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Thu, 1 Jul 2021 16:20:39 +0100 Subject: [PATCH 07/10] additional wip --- README.md | 21 ++++++++++++++++--- .../environments/sandbox/kafka-connect.yaml | 2 +- kustomize/environments/sandbox/kafka.yaml | 1 + 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 5fd4441..b76d597 100644 --- a/README.md +++ b/README.md @@ -56,12 +56,27 @@ This next step will tell Flux what repository to monitor, and, within that repos * Navigate to `./flux-system` * run `kubectl apply -f gotk-sync.yaml` -## Watch Flux in action -### Overview +## Watch Flux in action! Now that we have flux monitoring the forked Git repository, let's demonstrate the GitOps behaviour! If everything has deployed successfully, you should see a healthy confluent stack looking like this: To exhibit Flux, let's change our kafka replicas from the default of 3, to 4: -* In the file `./kustomize/environments/sandbox/kafka.yaml` +* In the file `./kustomize/environments/sandbox/kafka.yaml` uncomment the line `# replicas: 4`, commit that change to your repository (git), and push upstream. The next time flux performs a 'sync' (observable in the 'source controller' logs), it will not the change to the kafka spec, + +## Develop Locally +If you want to test configuration out locally without the need to push up to git (i.e. testing locally Minikube), the deployment can be replicated very simply: + +* Navigate to `./flux-system` +* Run `kubectl apply -f gotk-components.yaml` + +**instead of deploying the gotk-sync.yaml, we'll perform the kubectl kustomize applies.** + +* Navigate to `./kustomize/operator` +* Run `kubectl apply -k .` + +**monitor the running pods, wait until the 'confluent-operator' pod is in a running state** + +* Navigate to `./kustomize/environments/` +* Run `kubectl apply -k .` diff --git a/kustomize/environments/sandbox/kafka-connect.yaml b/kustomize/environments/sandbox/kafka-connect.yaml index ae8ceb3..0ef9e47 100644 --- a/kustomize/environments/sandbox/kafka-connect.yaml +++ b/kustomize/environments/sandbox/kafka-connect.yaml @@ -5,7 +5,7 @@ metadata: name: connect spec: tls: - secretRef: tls-group1 + enabled: true dependencies: kafka: bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 diff --git a/kustomize/environments/sandbox/kafka.yaml b/kustomize/environments/sandbox/kafka.yaml index f875cdf..710b6c7 100644 --- a/kustomize/environments/sandbox/kafka.yaml +++ b/kustomize/environments/sandbox/kafka.yaml @@ -3,6 +3,7 @@ kind: Kafka metadata: name: kafka spec: + replicas: 4 configOverrides: server: - confluent.schema.registry.url=https://schemaregistry.sandbox.svc.cluster.local:8081 From 12d4c8bd6d581fdf1fca3ac78b22e8b241837404 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Thu, 1 Jul 2021 16:22:47 +0100 Subject: [PATCH 08/10] updating spec --- kustomize/environments/sandbox/kafka-connect.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/kustomize/environments/sandbox/kafka-connect.yaml b/kustomize/environments/sandbox/kafka-connect.yaml index 0ef9e47..5c32954 100644 --- a/kustomize/environments/sandbox/kafka-connect.yaml +++ b/kustomize/environments/sandbox/kafka-connect.yaml @@ -1,14 +1,12 @@ ---- apiVersion: platform.confluent.io/v1beta1 kind: Connect metadata: name: connect spec: tls: - enabled: true + autoGeneratedCerts: true dependencies: kafka: bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 tls: enabled: true - From ebd7b321352f960b38bbd945b28dd34715c578e7 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Thu, 1 Jul 2021 16:30:16 +0100 Subject: [PATCH 09/10] roll back to 3 kafka --- README.md | 8 ++++---- flux-system/gotk-sync.yaml | 2 +- kustomize/environments/sandbox/kafka.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index b76d597..f365cb3 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ # GitOps for Apache Kafka Example -For this example we assume a single clusters simulated a production environment. The end goal is to leverage Flux and Kustomize to manage [Confluent Operator for Kubernetes](https://github.com/confluentinc/operator-earlyaccess). You can extend the with another cluster while minimizing duplicated declarations. +For this example we assume a single cluster simulating a production confluent environment. The end goal is to leverage Flux and Kustomize to manage [Confluent Operator for Kubernetes](https://github.com/confluentinc/operator-earlyaccess). You can extend with another cluster while minimizing duplicated declarations. We will configure [Flux](https://fluxcd.io/) to install, deploy and config the [Confluent Platform](https://www.confluent.io/product/confluent-platform) using their `HelmRepository` and `HelmRelease` custom resources. -Flux will monitor the Helm repository, and it will automatically upgrade the Helm releases to their latest chart version based on semver ranges. +Flux will monitor the Helm repository, and can be configured to automatically upgrade the Helm releases to their latest chart version based on semver ranges. You may find this project helpful by simply referencing the documentation, code, and strategies for managing Kafka resources on Kubernetes. Additionally, if you just wish to operate a working example of the new Confluent operator, the following usage instructions will guide you. @@ -29,11 +29,11 @@ The Git repository contains the following top directories: ``` ## Forking this repository. -In order to showcase the GitOps behaviour of the FluxCD toolkit you will require the ability to write to a repository. Fork this repository, and update line 11 of the file `./flux-system/gotk-sync.yaml` to the new https git address. Also make note of line 10 'branch'; this is the branch of the repository which Flux will monitor +In order to showcase the GitOps behaviour of the FluxCD toolkit you will require the ability to write to a repository. Fork this repository, and update line 11 of the file `./flux-system/gotk-sync.yaml` to the new https git address of your forked repository. Also make note of line 10 'branch'; this is the branch of the repository which Flux will monitor ## Deploy base Flux components ### Overview -This step will install the base Flux kubernetes components onto your kubernetes cluster. To inspect what is being applied, simply look through the contents of `./flux-system/gotk-components.yaml`. You will see a mix of Custom Resource Definitions, Service Accounts, Deployments, and other various components. After application is finished, you should see the following pods running: +This step will install the base Flux kubernetes components onto your kubernetes cluster. To inspect what is being applied, simply look through the contents of `./flux-system/gotk-components.yaml`. You will see a mix of Custom Resource Definitions, Service Accounts, Deployments, and other various components. After the application of these resource definitions is completed, you should see the following pods running: * Helm-Controller * Kustomize Controller diff --git a/flux-system/gotk-sync.yaml b/flux-system/gotk-sync.yaml index 64035fa..589f197 100644 --- a/flux-system/gotk-sync.yaml +++ b/flux-system/gotk-sync.yaml @@ -7,7 +7,7 @@ metadata: spec: interval: 1m0s ref: - branch: clean-up + branch: develop url: https://github.com/osodevops/kafka-gitops.git --- apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 diff --git a/kustomize/environments/sandbox/kafka.yaml b/kustomize/environments/sandbox/kafka.yaml index 710b6c7..ed1c269 100644 --- a/kustomize/environments/sandbox/kafka.yaml +++ b/kustomize/environments/sandbox/kafka.yaml @@ -3,7 +3,7 @@ kind: Kafka metadata: name: kafka spec: - replicas: 4 +# replicas: 4 configOverrides: server: - confluent.schema.registry.url=https://schemaregistry.sandbox.svc.cluster.local:8081 From a1be7ef8884697b3d23639223a43e1d92f84b4ce Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Thu, 1 Jul 2021 16:35:17 +0100 Subject: [PATCH 10/10] last commit before PR --- README.md | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index f365cb3..0892116 100644 --- a/README.md +++ b/README.md @@ -58,18 +58,31 @@ This next step will tell Flux what repository to monitor, and, within that repos ## Watch Flux in action! Now that we have flux monitoring the forked Git repository, let's demonstrate the GitOps behaviour! If everything has deployed successfully, you should see a healthy confluent stack looking like this: - - +```console +│ NAME PF READY RESTARTS STATUS IP NODE AGE │ +│ confluent-operator-global-7ffc5b469d-knmfj ● 1/1 0 Running 172.17.0.7 minikube 21m │ +│ connect-0 ● 1/1 0 Running 172.17.0.17 minikube 9m31s │ +│ controlcenter-0 ● 1/1 1 Running 172.17.0.11 minikube 21m │ +│ kafka-0 ● 1/1 3 Running 172.17.0.8 minikube 21m │ +│ kafka-1 ● 1/1 3 Running 172.17.0.10 minikube 21m │ +│ kafka-2 ● 1/1 3 Running 172.17.0.9 minikube 21m │ +│ ksqldb-0 ● 1/1 1 Running 172.17.0.12 minikube 21m │ +│ schemaregistry-0 ● 1/1 1 Running 172.17.0.14 minikube 21m │ +│ zookeeper-0 ● 1/1 0 Running 172.17.0.15 minikube 21m │ +│ zookeeper-1 ● 1/1 0 Running 172.17.0.16 minikube 21m │ +│ zookeeper-2 ● 1/1 0 Running 172.17.0.13 minikube 21m │ +│ +``` To exhibit Flux, let's change our kafka replicas from the default of 3, to 4: -* In the file `./kustomize/environments/sandbox/kafka.yaml` uncomment the line `# replicas: 4`, commit that change to your repository (git), and push upstream. The next time flux performs a 'sync' (observable in the 'source controller' logs), it will not the change to the kafka spec, +* In the file `./kustomize/environments/sandbox/kafka.yaml` uncomment the line `# replicas: 4`, commit that change to your repository (git), and push upstream. The next time flux performs a 'sync' (observable in the 'source controller' logs), it will the change to the kafka spec, and in turn increase our kafka cluster from size '3' to '4'. ## Develop Locally -If you want to test configuration out locally without the need to push up to git (i.e. testing locally Minikube), the deployment can be replicated very simply: +If you want to test configuration out locally without the need to push up to git (i.e. testing locally with Minikube), the deployment can be replicated very simply: * Navigate to `./flux-system` * Run `kubectl apply -f gotk-components.yaml` -**instead of deploying the gotk-sync.yaml, we'll perform the kubectl kustomize applies.** +**instead of deploying the gotk-sync.yaml, we'll perform the kubectl kustomize applies ourselves.** * Navigate to `./kustomize/operator` * Run `kubectl apply -k .`