From 4271b58b2b9dc3b7e9cad5050c6d90cb1d48a9ea Mon Sep 17 00:00:00 2001 From: Sion Smith Date: Wed, 12 May 2021 14:31:40 +0100 Subject: [PATCH 01/11] added initial docs --- README.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 49 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d9cd47e..5602764 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,49 @@ -# kakfa-gitops -A Kafka GitOps workflow example for multi-env deployments with Flux, Kustomize, Helm and Confluent Operator +# GitOps for Apache Kafka Example + +For this example we assume a single clusters simulated a production environment. The end goal is to leverage Flux and Kustomize to manage [Confluent Operator for Kubernetes](https://github.com/confluentinc/operator-earlyaccess). You can extend the with another cluster while minimizing duplicated declarations. + +We will configure [Flux](https://fluxcd.io/) to install, deploy and config the [Confluent Platform](https://www.confluent.io/product/confluent-platform) using their private `HelmRepository` and `HelmRelease` custom resources. +Flux will monitor the Helm repository, and it will automatically upgrade the Helm releases to their latest chart version based on semver ranges. + +You may find this project helpful by simply referencing the documentation, code, and strategies for managing Kafka resources on Kubernetes. Additionally, if you just wish to operate a working example of the new Confluent operator, the following usage instructions will guide you. + +## Prerequisites +You will need a Kubernetes cluster version 1.16 or newer and kubectl version 1.18. + +In order to follow the guide you'll need a GitHub account and a +[personal access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) +that can create repositories (check all permissions under `repo`). + +Install the Flux CLI on MacOS and Linux using Homebrew: + +```sh +brew install fluxcd/tap/flux +``` + +Or install the CLI by downloading precompiled binaries using a Bash script: + +```sh +curl -s https://fluxcd.io/install.sh | sudo bash +``` + +## Repository structure + +The Git repository contains the following top directories: + +- **apps** dir contains Helm releases with a custom configuration per cluster +- **infrastructure** dir contains common infra tools such as Confluent Operator, example LDAP controller and Helm repository definitions +- **clusters** dir contains the Flux configuration per cluster + +``` +├── apps +│ ├── base +│ │ ├── kafka +│ │ └── rolebindings +│ ├── production +├── infrastructure +│ ├── confluent +│ ├── sources +│ └── tools +└── clusters + └── production +``` \ No newline at end of file From f68ec4c44c81cc5fb48553580c1075ce67478fea Mon Sep 17 00:00:00 2001 From: Sion Smith Date: Wed, 12 May 2021 16:27:31 +0100 Subject: [PATCH 02/11] setup instructions --- README.md | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 80 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 5602764..32e1257 100644 --- a/README.md +++ b/README.md @@ -20,12 +20,13 @@ Install the Flux CLI on MacOS and Linux using Homebrew: brew install fluxcd/tap/flux ``` -Or install the CLI by downloading precompiled binaries using a Bash script: - -```sh -curl -s https://fluxcd.io/install.sh | sudo bash +Install the Confluent CLI +```she +curl -sL --http1.1 https://cnfl.io/cli | sh -s -- latest ``` +Get early access by registering interest here: [Confluent Operator Early Access Registration](https://events.confluent.io/confluentoperatorearlyaccess) For this Early Access program, you will have received an API key (associated with your email address) to the Confluent JFrog Artifactory. This is required to pull down the Helm charts and Confluent Docker images. + ## Repository structure The Git repository contains the following top directories: @@ -46,4 +47,79 @@ The Git repository contains the following top directories: │ └── tools └── clusters └── production +``` +### /apps +The apps configuration contains all the Confluent Platform configuration and is structured into: + +- **apps/base/kakfa/** dir common values for all clusters: namespaces, certificates, secrets, Confluent components via Helm release definitions and Deployments +- **apps/base/rolebings/** dir contains the common RBAC bindings for all deployments +- **apps/production/** dir contains the production values + +### /infrastructure +The infrastructure `sources` folder contains the [Flux Source Controller](https://fluxcd.io/docs/components/source/) configuration and some common tooling which is required for this Confluent LDAP / RBAC example. +```yaml +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: confluent-private + namespace: flux-system +spec: + url: https://confluent.jfrog.io/confluent/helm-early-access-operator-2 + secretRef: + name: https-credentials + interval: 5m +``` +Note secretRef: The Confluent helm repository is private and requires a username and password which we must create. +Note that with interval: 5m we configure Flux to pull the Helm repository index every five minutes. If the index contains a new chart version that matches a HelmRelease semver range, Flux will upgrade the release. + +The `confluent` folder contains the Helm release which is performed by the [Helm Controller](https://fluxcd.io/docs/components/helm/helmreleases/) and also requires access to the private Docker registry to pull down the Confluent images. +```yaml +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: confluent + namespace: confluent +spec: + interval: 1m + chart: + spec: + chart: confluent-for-kubernetes + sourceRef: + kind: HelmRepository + name: confluent-private + namespace: flux-system + values: + image: + registry: confluent-docker-internal-early-access-operator-2.jfrog.io +``` +Note: The Helm automatically looks for a secret called `confluent-registry` which we must create in the confluent namespace. + +## Setup +Following this example, you'll set up secure Confluent Platform clusters with SASL PLAIN authentication, role-based access control (RBAC) authorization, and inter-component TLS. The clusters dir contains the Kustomization definitions:: +``` +./clusters/ +└── production + ├── apps.yaml + └── infrastructure.yaml +``` +1. Using GitOps will require the FluxCD toolkit to have read and write access to the repository. For your own local version, you must create a fork of this repository and clone it locally; otherwise, the GitOps automation will not be authorized to read and write from the repository. Fork this repository on your personal GitHub account and export your GitHub access token, username and repo name: +```sh +export GITHUB_TOKEN= +export GITHUB_USER= +export GITHUB_REPO= +``` + +2. After forking and cloning the repository, navigate to the project root and verify that your production cluster folder satisfies the prerequisites with: +```sh +flux check --pre +``` + +3. Flux will now need connectivity do your cluster, ensure the correct kubectl context to your cluster and bootstrap Flux: +```sh +flux bootstrap github \ + --owner=${GITHUB_USER} \ + --repository=${GITHUB_REPO} \ + --branch=main \ + --personal \ + --path=clusters/production ``` \ No newline at end of file From b1bef20f1b89391301598f037a110ea1a210d515 Mon Sep 17 00:00:00 2001 From: Sion Smith Date: Thu, 13 May 2021 13:08:01 +0100 Subject: [PATCH 03/11] added setup instructions --- README.md | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 32e1257..5559f0a 100644 --- a/README.md +++ b/README.md @@ -122,4 +122,22 @@ flux bootstrap github \ --branch=main \ --personal \ --path=clusters/production -``` \ No newline at end of file +``` + +4. The source controller will be unable to pull the Helm chart or connect to the Docker registry. You now should create the following secrets using Confluent early access credentials: +```sh +export USER= +export APIKEY= +export EMAIL= + +kubectl create secret docker-registry confluent-registry -n confluent \ + --docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ + --docker-username=$EMAIL \ + --docker-password=$APIKEY \ + --docker-email=$EMAIL + +``` +Watch for the Helm releases being installed in production cluster: + +```console +$ watch flux get helmreleases --all-namespaces \ No newline at end of file From 854ebad2418a460a798da4c492738c9cf4174523 Mon Sep 17 00:00:00 2001 From: BoySherman Date: Thu, 20 May 2021 10:52:06 +0100 Subject: [PATCH 04/11] Develop andrewmccully (#3) Massive rework of kustomize procerss --- .gitignore | 5 + GETTINGSTARTED.md | 68 - MANUAL_PROCESS.md | 22 + README.md | 15 +- clusters/production/apps.yaml | 15 - clusters/production/infrastucture.yaml | 17 - flux-system/gotk-components.yaml | 2831 +++++++++++++++++ flux-system/gotk-sync.yaml | 47 + .../kustomization.yaml | 4 +- infrastructure/sources/confluent.yaml | 23 - infrastructure/tools/kustomization.yaml | 7 - kustom.yaml | 32 + kustomization.yaml | 4 + .../base/confluent-suite/broker}/kafka.yaml | 2 - .../broker}/kustomization.yaml | 1 - .../rolebindings/connect/connect-base.yaml | 3 - .../rolebindings/connect/connect-groups.yaml | 1 - .../rolebindings/connect/connect-topics.yaml | 1 - .../rolebindings/connect/kustomization.yaml | 0 .../controlcenter/controlcentre-base.yaml | 1 - .../controlcenter/controlcentre-clusters.yaml | 3 - .../controlcenter/kustomization.yaml | 0 .../rolebindings/ksqldb/ksqldb-base.yaml | 2 - .../rolebindings/ksqldb/ksqldb-cluster.yaml | 1 - .../rolebindings/ksqldb/ksqldb-groups.yaml | 1 - .../ksqldb/ksqldb-ksqlcluster.yaml | 1 - .../rolebindings/ksqldb/ksqldb-topics.yaml | 1 - .../ksqldb/ksqldb-transaction.yaml | 1 - .../rolebindings/ksqldb/kustomization.yaml | 0 .../rolebindings/kustomization.yaml | 0 .../ldap/groups/kustomization.yaml | 0 .../rolebindings/ldap/groups/ldap-groups.yaml | 6 - .../rolebindings/ldap}/kustomization.yaml | 5 +- .../ldap/users/kustomization.yaml | 0 .../rolebindings/ldap/users/ldap-users.yaml | 0 .../schemaregistry/kustomization.yaml | 0 .../schemaregistry/schemaregistry-base.yaml | 2 +- .../schemaregistry/schemaregistry-groups.yaml | 0 .../schemaregistry/schemaregistry-topics.yaml | 0 .../secrets/c3-mds-client.yaml | 7 + .../secrets/connect-mds-client.yaml | 7 + .../confluent-suite/secrets/credential.yaml | 14 + .../secrets/ksqldb-mds-client.yaml | 7 + .../secrets/kustomization.yaml | 11 + .../confluent-suite/secrets/mds-client.yaml | 7 + .../confluent-suite/secrets/mds-token.yaml | 8 + .../secrets/rest-credential.yaml | 9 + .../secrets/sr-mds-client.yaml | 7 + .../zookeeper}/certificates.yaml | 8 - .../zookeeper/kustomization.yaml | 5 + .../confluent-suite/zookeeper}/zookeeper.yaml | 1 - kustomize/base/confluent/certificates.yaml | 108 + .../base/confluent}/control-centre.yaml | 1 - .../base/confluent}/kafka-connect.yaml | 1 - kustomize/base/confluent/kafka.yaml | 122 + .../base/confluent}/ksqldb.yaml | 1 - kustomize/base/confluent/kustomization.yaml | 11 + .../base/confluent}/rest-proxy.yaml | 25 +- .../base/confluent}/schema-registry.yaml | 21 +- kustomize/base/confluent/zookeeper.yaml | 18 + {apps => kustomize}/base/kustomization.yaml | 3 +- .../rolebindings/connect/connect-base.yaml | 44 + .../rolebindings/connect/connect-groups.yaml | 16 + .../rolebindings/connect/connect-topics.yaml | 25 + .../rolebindings/connect/kustomization.yaml | 7 + .../controlcenter/controlcentre-base.yaml | 9 + .../controlcenter/controlcentre-clusters.yaml | 35 + .../controlcenter/kustomization.yaml | 6 + .../base/rolebindings/ksqldb/ksqldb-base.yaml | 29 + .../rolebindings/ksqldb/ksqldb-cluster.yaml | 14 + .../rolebindings/ksqldb/ksqldb-groups.yaml | 13 + .../ksqldb/ksqldb-ksqlcluster.yaml | 16 + .../rolebindings/ksqldb/ksqldb-topics.yaml | 19 + .../ksqldb/ksqldb-transaction.yaml | 13 + .../rolebindings/ksqldb/kustomization.yaml | 10 + .../base/rolebindings/kustomization.yaml | 9 + .../ldap/groups}/kustomization.yaml | 3 +- .../rolebindings/ldap/groups/ldap-groups.yaml | 77 + .../base/rolebindings/ldap/kustomization.yaml | 5 + .../ldap/users}/kustomization.yaml | 3 +- .../rolebindings/ldap/users/ldap-users.yaml | 0 .../schemaregistry/kustomization.yaml | 7 + .../schemaregistry/schemaregistry-base.yaml | 33 + .../schemaregistry/schemaregistry-groups.yaml | 17 + .../schemaregistry/schemaregistry-topics.yaml | 14 + kustomize/base/secrets/c3-mds-client.yaml | 7 + .../base/secrets/connect-mds-client.yaml | 7 + kustomize/base/secrets/credential.yaml | 14 + kustomize/base/secrets/ksqldb-mds-client.yaml | 7 + kustomize/base/secrets/kustomization.yaml | 11 + kustomize/base/secrets/mds-client.yaml | 7 + kustomize/base/secrets/mds-token.yaml | 8 + kustomize/base/secrets/rest-credential.yaml | 9 + kustomize/base/secrets/sr-mds-client.yaml | 7 + kustomize/base/topics/foobar.yaml | 7 + kustomize/base/topics/topic2.yaml | 7 + .../environments/dev/control-centre.yaml | 11 + kustomize/environments/dev/kafka-connect.yaml | 11 + kustomize/environments/dev/kafka.yaml | 11 + kustomize/environments/dev/ksqldb.yaml | 11 + kustomize/environments/dev/kustomization.yaml | 10 + .../environments/dev}/namespace.yaml | 2 +- .../environments/dev/schema-registry.yaml | 11 + kustomize/environments/kustomization.yaml | 4 + .../production/control-centre.yaml | 11 + .../production/kafka-connect.yaml | 11 + kustomize/environments/production/kafka.yaml | 11 + kustomize/environments/production/ksqldb.yaml | 11 + .../production/kustomization.yaml | 10 + .../environments/production/namespace.yaml | 4 + .../production/schema-registry.yaml | 11 + .../environments/staging/control-centre.yaml | 11 + .../environments/staging/kafka-connect.yaml | 11 + kustomize/environments/staging/kafka.yaml | 11 + kustomize/environments/staging/ksqldb.yaml | 11 + .../environments/staging/kustomization.yaml | 12 + .../environments/staging}/namespace.yaml | 2 +- .../environments/staging/schema-registry.yaml | 11 + .../confluent-operator-credentials.yaml | 8 + .../confluent-operator-helm-release-dev.yaml | 5 +- ...uent-operator-helm-release-production.yaml | 17 + ...nfluent-operator-helm-release-staging.yaml | 17 + kustomize/infrastructure/kustomization.yaml | 10 + .../infrastructure}/ldap.yaml | 0 kustomize/infrastructure/namespaces.yaml | 19 + .../infrastructure}/proxy.yaml | 1 + resources/application-secrets/README.md | 2 + .../certs/mds-publickey.txt | 0 .../certs/mds-tokenkeypair.txt | 0 .../application-secrets/populate_secrets.sh | 43 + .../users/bearer.txt | 0 .../users/c3-mds-client.txt | 0 .../users/connect-mds-client.txt | 0 .../users/creds-client-kafka-sasl-user.txt | 0 .../users/creds-control-center-users.txt | 0 .../users/creds-kafka-sasl-users.json | 0 .../creds-kafka-zookeeper-credentials.txt | 0 .../creds-zookeeper-sasl-digest-users.json | 0 .../users/ksqldb-mds-client.txt | 0 .../{ => application-secrets}/users/ldap.txt | 0 .../users/sr-mds-client.txt | 0 resources/git/git_repo.sh | 6 + resources/populate_secrets.sh | 31 - tldr.sh | 2 +- 144 files changed, 4157 insertions(+), 252 deletions(-) create mode 100644 .gitignore delete mode 100644 GETTINGSTARTED.md create mode 100644 MANUAL_PROCESS.md delete mode 100644 clusters/production/apps.yaml delete mode 100644 clusters/production/infrastucture.yaml create mode 100644 flux-system/gotk-components.yaml create mode 100644 flux-system/gotk-sync.yaml rename {infrastructure/sources => flux-system}/kustomization.yaml (64%) delete mode 100644 infrastructure/sources/confluent.yaml delete mode 100644 infrastructure/tools/kustomization.yaml create mode 100644 kustom.yaml create mode 100644 kustomization.yaml rename {apps/base/kafka => kustomize/base/confluent-suite/broker}/kafka.yaml (99%) rename {apps/base/kafka => kustomize/base/confluent-suite/broker}/kustomization.yaml (91%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/connect/connect-base.yaml (93%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/connect/connect-groups.yaml (93%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/connect/connect-topics.yaml (96%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/connect/kustomization.yaml (100%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/controlcenter/controlcentre-base.yaml (88%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/controlcenter/controlcentre-clusters.yaml (91%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/controlcenter/kustomization.yaml (100%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/ksqldb/ksqldb-base.yaml (93%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/ksqldb/ksqldb-cluster.yaml (93%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/ksqldb/ksqldb-groups.yaml (92%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml (93%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/ksqldb/ksqldb-topics.yaml (95%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/ksqldb/ksqldb-transaction.yaml (92%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/ksqldb/kustomization.yaml (100%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/kustomization.yaml (100%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/ldap/groups/kustomization.yaml (100%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/ldap/groups/ldap-groups.yaml (92%) rename {infrastructure => kustomize/base/confluent-suite/rolebindings/ldap}/kustomization.yaml (68%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/ldap/users/kustomization.yaml (100%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/ldap/users/ldap-users.yaml (100%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/schemaregistry/kustomization.yaml (100%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/schemaregistry/schemaregistry-base.yaml (92%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/schemaregistry/schemaregistry-groups.yaml (100%) rename {apps/base => kustomize/base/confluent-suite}/rolebindings/schemaregistry/schemaregistry-topics.yaml (100%) create mode 100644 kustomize/base/confluent-suite/secrets/c3-mds-client.yaml create mode 100644 kustomize/base/confluent-suite/secrets/connect-mds-client.yaml create mode 100644 kustomize/base/confluent-suite/secrets/credential.yaml create mode 100644 kustomize/base/confluent-suite/secrets/ksqldb-mds-client.yaml create mode 100644 kustomize/base/confluent-suite/secrets/kustomization.yaml create mode 100644 kustomize/base/confluent-suite/secrets/mds-client.yaml create mode 100644 kustomize/base/confluent-suite/secrets/mds-token.yaml create mode 100644 kustomize/base/confluent-suite/secrets/rest-credential.yaml create mode 100644 kustomize/base/confluent-suite/secrets/sr-mds-client.yaml rename {apps/base/kafka => kustomize/base/confluent-suite/zookeeper}/certificates.yaml (99%) create mode 100644 kustomize/base/confluent-suite/zookeeper/kustomization.yaml rename {apps/base/kafka => kustomize/base/confluent-suite/zookeeper}/zookeeper.yaml (94%) create mode 100644 kustomize/base/confluent/certificates.yaml rename {apps/base/kafka => kustomize/base/confluent}/control-centre.yaml (97%) rename {apps/base/kafka => kustomize/base/confluent}/kafka-connect.yaml (98%) create mode 100644 kustomize/base/confluent/kafka.yaml rename {apps/base/kafka => kustomize/base/confluent}/ksqldb.yaml (97%) create mode 100644 kustomize/base/confluent/kustomization.yaml rename {apps/base/kafka => kustomize/base/confluent}/rest-proxy.yaml (91%) rename {apps/base/kafka => kustomize/base/confluent}/schema-registry.yaml (76%) create mode 100644 kustomize/base/confluent/zookeeper.yaml rename {apps => kustomize}/base/kustomization.yaml (77%) create mode 100644 kustomize/base/rolebindings/connect/connect-base.yaml create mode 100644 kustomize/base/rolebindings/connect/connect-groups.yaml create mode 100644 kustomize/base/rolebindings/connect/connect-topics.yaml create mode 100644 kustomize/base/rolebindings/connect/kustomization.yaml create mode 100644 kustomize/base/rolebindings/controlcenter/controlcentre-base.yaml create mode 100644 kustomize/base/rolebindings/controlcenter/controlcentre-clusters.yaml create mode 100644 kustomize/base/rolebindings/controlcenter/kustomization.yaml create mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-base.yaml create mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-cluster.yaml create mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-groups.yaml create mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml create mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-topics.yaml create mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-transaction.yaml create mode 100644 kustomize/base/rolebindings/ksqldb/kustomization.yaml create mode 100644 kustomize/base/rolebindings/kustomization.yaml rename {apps/base/rolebindings/ldap => kustomize/base/rolebindings/ldap/groups}/kustomization.yaml (82%) create mode 100644 kustomize/base/rolebindings/ldap/groups/ldap-groups.yaml create mode 100644 kustomize/base/rolebindings/ldap/kustomization.yaml rename {infrastructure/confluent => kustomize/base/rolebindings/ldap/users}/kustomization.yaml (67%) create mode 100644 kustomize/base/rolebindings/ldap/users/ldap-users.yaml create mode 100644 kustomize/base/rolebindings/schemaregistry/kustomization.yaml create mode 100644 kustomize/base/rolebindings/schemaregistry/schemaregistry-base.yaml create mode 100644 kustomize/base/rolebindings/schemaregistry/schemaregistry-groups.yaml create mode 100644 kustomize/base/rolebindings/schemaregistry/schemaregistry-topics.yaml create mode 100644 kustomize/base/secrets/c3-mds-client.yaml create mode 100644 kustomize/base/secrets/connect-mds-client.yaml create mode 100644 kustomize/base/secrets/credential.yaml create mode 100644 kustomize/base/secrets/ksqldb-mds-client.yaml create mode 100644 kustomize/base/secrets/kustomization.yaml create mode 100644 kustomize/base/secrets/mds-client.yaml create mode 100644 kustomize/base/secrets/mds-token.yaml create mode 100644 kustomize/base/secrets/rest-credential.yaml create mode 100644 kustomize/base/secrets/sr-mds-client.yaml create mode 100644 kustomize/base/topics/foobar.yaml create mode 100644 kustomize/base/topics/topic2.yaml create mode 100644 kustomize/environments/dev/control-centre.yaml create mode 100644 kustomize/environments/dev/kafka-connect.yaml create mode 100644 kustomize/environments/dev/kafka.yaml create mode 100644 kustomize/environments/dev/ksqldb.yaml create mode 100644 kustomize/environments/dev/kustomization.yaml rename {infrastructure/tools => kustomize/environments/dev}/namespace.yaml (75%) create mode 100644 kustomize/environments/dev/schema-registry.yaml create mode 100644 kustomize/environments/kustomization.yaml create mode 100644 kustomize/environments/production/control-centre.yaml create mode 100644 kustomize/environments/production/kafka-connect.yaml create mode 100644 kustomize/environments/production/kafka.yaml create mode 100644 kustomize/environments/production/ksqldb.yaml create mode 100644 kustomize/environments/production/kustomization.yaml create mode 100644 kustomize/environments/production/namespace.yaml create mode 100644 kustomize/environments/production/schema-registry.yaml create mode 100644 kustomize/environments/staging/control-centre.yaml create mode 100644 kustomize/environments/staging/kafka-connect.yaml create mode 100644 kustomize/environments/staging/kafka.yaml create mode 100644 kustomize/environments/staging/ksqldb.yaml create mode 100644 kustomize/environments/staging/kustomization.yaml rename {infrastructure/confluent => kustomize/environments/staging}/namespace.yaml (70%) create mode 100644 kustomize/environments/staging/schema-registry.yaml create mode 100644 kustomize/infrastructure/confluent-operator-credentials.yaml rename infrastructure/confluent/confluent-operator.yaml => kustomize/infrastructure/confluent-operator-helm-release-dev.yaml (74%) create mode 100644 kustomize/infrastructure/confluent-operator-helm-release-production.yaml create mode 100644 kustomize/infrastructure/confluent-operator-helm-release-staging.yaml create mode 100644 kustomize/infrastructure/kustomization.yaml rename {infrastructure/tools => kustomize/infrastructure}/ldap.yaml (100%) create mode 100644 kustomize/infrastructure/namespaces.yaml rename {infrastructure/tools => kustomize/infrastructure}/proxy.yaml (93%) create mode 100644 resources/application-secrets/README.md rename resources/{ => application-secrets}/certs/mds-publickey.txt (100%) rename resources/{ => application-secrets}/certs/mds-tokenkeypair.txt (100%) create mode 100755 resources/application-secrets/populate_secrets.sh rename resources/{ => application-secrets}/users/bearer.txt (100%) rename resources/{ => application-secrets}/users/c3-mds-client.txt (100%) rename resources/{ => application-secrets}/users/connect-mds-client.txt (100%) rename resources/{ => application-secrets}/users/creds-client-kafka-sasl-user.txt (100%) rename resources/{ => application-secrets}/users/creds-control-center-users.txt (100%) rename resources/{ => application-secrets}/users/creds-kafka-sasl-users.json (100%) rename resources/{ => application-secrets}/users/creds-kafka-zookeeper-credentials.txt (100%) rename resources/{ => application-secrets}/users/creds-zookeeper-sasl-digest-users.json (100%) rename resources/{ => application-secrets}/users/ksqldb-mds-client.txt (100%) rename resources/{ => application-secrets}/users/ldap.txt (100%) rename resources/{ => application-secrets}/users/sr-mds-client.txt (100%) create mode 100755 resources/git/git_repo.sh delete mode 100755 resources/populate_secrets.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..84a29c8 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +.idea +sensitive-* +identity +identity.pub +known_hosts \ No newline at end of file diff --git a/GETTINGSTARTED.md b/GETTINGSTARTED.md deleted file mode 100644 index 8a57fb7..0000000 --- a/GETTINGSTARTED.md +++ /dev/null @@ -1,68 +0,0 @@ -### Getting Started - -#### Install secrets -To install the secrets required by RBAC/Confluent, run the script: `$./populate_secrets.sh`. This will create secrets based on the sources found in `./resources/certs` & `./resources/users` - - - -In order to access the Confluent early-access operator you must register at https://events.confluent.io/confluentoperatorearlyaccess. Once these credentials have been obtained, export them as the following environment variables: - -``` -export USER= -export APIKEY= -export EMAIL= -export GITHUB_USER= -``` - - -#### Bootstrap Flux v2 -``` -flux bootstrap github \ ---context=minikube \ ---owner=${GITHUB_USER} \ ---repository=kakfa-gitops \ ---path=clusters/dev \ ---branch=andrew \ ---personal -``` - -### Deploy secrets for Confluent Operator Early-Access Docker Regsitry - -``` -kubectl create secret -n confluent docker-registry confluent-registry \ ---docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ ---docker-username=$USER \ ---docker-password=$APIKEY \ ---docker-email=$EMAIL && \ -kubectl create secret -n flux-system generic https-credentials \ ---from-literal=username=$USER \ ---from-literal=password=$APIKEY -``` - - -To deploy the operator, ensure 'kubectl' is pointing to the correct context, and run `$ source ./install_operator.sh`. - -To verify the operator has installed successfully, run kubectl `get pods -n confluent` where you should see: - -``` -NAMESPACE NAME READY STATUS RESTARTS AGE -confluent confluent-operator-5b99cdd9d9-pcx2p 1/1 Running 0 3m44s -``` - - -#### Useful commands - -* Force Flux Reconciliation -`flux reconcile source git flux-system` - -* Decode secrets -`kubectl get secrets -n flux-system https-credentials -o json | jq '.data | map_values(@base64d)'` - -* Access Control Centre -`kubectl port-forward -n confluent controlcenter-0 9021:9021` - -Log in with: c3/c3-secret - -* Test LDAP -`kubectl exec -it -n tools ldap -- bash` -ldapsearch -LLL -x -H ldap://ldap.tools.svc.cluster.local:389 -b 'dc=test,dc=com' -D "cn=mds,dc=test,dc=com" -w 'Developer!' \ No newline at end of file diff --git a/MANUAL_PROCESS.md b/MANUAL_PROCESS.md new file mode 100644 index 0000000..ba07cab --- /dev/null +++ b/MANUAL_PROCESS.md @@ -0,0 +1,22 @@ +## Deploy base Flux components +* Navigate to ./flux-system +* Run `kubectl apply -f gotk-components.yaml` + +## Add GitHub Deploy Key +* Navigate to ./resources/git +* Generate identity, identity.pub, knownhosts file +* Add identity.pub to 'deploy keys' in github +* run git_repo.sh + +[comment]: <> (## Deploy confluent-helm chart secrets) + +[comment]: <> (* Navigate to ./resources/confluent-helm) + +[comment]: <> (* Set ENV Vars) + +[comment]: <> (* run `senstive_secrets.sh`) + +## Deploy Flux Sync +* Navigate to ./flux-system +* run `kubectl apply -f gotk-sync.yaml` + diff --git a/README.md b/README.md index b69ea80..6d3bfde 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,7 @@ Following this example, you'll set up secure Confluent Platform clusters with SA ```sh export GITHUB_TOKEN= export GITHUB_USER= -export GITHUB_REPO= +export GITHUB_REPO= ``` 2. After forking and cloning the repository, navigate to the project root and verify that your production cluster folder satisfies the prerequisites with: @@ -123,6 +123,16 @@ flux bootstrap github \ --personal \ --path=clusters/production ``` + +```sh +flux bootstrap github \ + --owner=${GITHUB_USER} \ + --repository=${GITHUB_REPO} \ + --branch=develop-andrewmccully \ + --personal \ + --path=kustomize +``` + 4. Deploy the secrets required by the application. The secrets referenced in `./resources/populate_secrets.sh` will match up to the LDAP/LDIFs located at `./infrastructure/tools/ldap.yaml` ```sh ./resources/populate_secrets.sh @@ -134,7 +144,7 @@ export USER= export APIKEY= export EMAIL= -kubectl create secret docker-registry confluent-registry -n confluent \ +kubectl create secret docker-registry confluent-registry -n dev \ --docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ --docker-username=$USER \ --docker-password=$APIKEY \ @@ -159,6 +169,7 @@ $ watch flux get helmreleases --all-namespaces * Decode secrets `kubectl get secrets -n flux-system https-credentials -o json | jq '.data | map_values(@base64d)'` + `kubectl get secrets -n flux-system flux-system -o json | jq '.data | map_values(@base64d)'` * Access Control Centre `kubectl port-forward -n confluent controlcenter-0 9021:9021`. The web UI credentials will be c3/c3-secret (as defined by the populated secrets) diff --git a/clusters/production/apps.yaml b/clusters/production/apps.yaml deleted file mode 100644 index 638de80..0000000 --- a/clusters/production/apps.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -kind: Kustomization -metadata: - name: dev - namespace: flux-system -spec: - interval: 1m -# dependsOn: -# - name: infrastucture - sourceRef: - kind: GitRepository - name: flux-system - prune: true - path: ./apps/base - validation: client diff --git a/clusters/production/infrastucture.yaml b/clusters/production/infrastucture.yaml deleted file mode 100644 index ad290f3..0000000 --- a/clusters/production/infrastucture.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -kind: Kustomization -metadata: - name: infrastructure - namespace: flux-system -spec: - interval: 1m - sourceRef: - kind: GitRepository - name: flux-system - namespace: flux-system - healthChecks: - - kind: Pod - name: ldap - namespace: tools - path: ./infrastructure - prune: true diff --git a/flux-system/gotk-components.yaml b/flux-system/gotk-components.yaml new file mode 100644 index 0000000..376dba2 --- /dev/null +++ b/flux-system/gotk-components.yaml @@ -0,0 +1,2831 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: flux-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: alerts.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Alert + listKind: AlertList + plural: alerts + singular: alert + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Alert is the Schema for the alerts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AlertSpec defines an alerting rule for events involving a list of objects + properties: + eventSeverity: + default: info + description: Filter events based on severity, defaults to ('info'). If set to 'info' no events will be filtered. + enum: + - info + - error + type: string + eventSources: + description: Filter events based on the involved objects. + items: + description: CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + type: string + name: + description: Name of the referent + maxLength: 53 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 53 + minLength: 1 + type: string + required: + - name + type: object + type: array + exclusionList: + description: A list of Golang regular expressions to be used for excluding messages. + items: + type: string + type: array + providerRef: + description: Send events using this provider. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + summary: + description: Short description of the impact and affected cluster. + type: string + suspend: + description: This flag tells the controller to suspend subsequent events dispatching. Defaults to false. + type: boolean + required: + - eventSources + - providerRef + type: object + status: + description: AlertStatus defines the observed state of Alert + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: buckets.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: Bucket + listKind: BucketList + plural: buckets + singular: bucket + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Bucket is the Schema for the buckets API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BucketSpec defines the desired state of an S3 compatible bucket + properties: + bucketName: + description: The bucket name. + type: string + endpoint: + description: The bucket endpoint address. + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are. + type: string + insecure: + description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. + type: boolean + interval: + description: The interval at which to check for bucket updates. + type: string + provider: + default: generic + description: The S3 compatible storage provider name, default ('generic'). + enum: + - generic + - aws + type: string + region: + description: The bucket region. + type: string + secretRef: + description: The name of the secret containing authentication credentials for the Bucket. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation of this source. + type: boolean + timeout: + default: 20s + description: The timeout for download operations, defaults to 20s. + type: string + required: + - bucketName + - endpoint + - interval + type: object + status: + description: BucketStatus defines the observed state of a bucket + properties: + artifact: + description: Artifact represents the output of the last successful Bucket sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the Bucket. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the artifact output of the last Bucket sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: gitrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: GitRepository + listKind: GitRepositoryList + plural: gitrepositories + shortNames: + - gitrepo + singular: gitrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: GitRepository is the Schema for the gitrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GitRepositorySpec defines the desired state of a Git repository. + properties: + gitImplementation: + default: go-git + description: Determines which git client library to use. Defaults to go-git, valid values are ('go-git', 'libgit2'). + enum: + - go-git + - libgit2 + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are. + type: string + interval: + description: The interval at which to check for repository updates. + type: string + recurseSubmodules: + description: When enabled, after the clone is created, initializes all submodules within, using their default settings. This option is available only when using the 'go-git' GitImplementation. + type: boolean + ref: + description: The Git reference to checkout and monitor for changes, defaults to master branch. + properties: + branch: + default: master + description: The Git branch to checkout, defaults to master. + type: string + commit: + description: The Git commit SHA to checkout, if specified Tag filters will be ignored. + type: string + semver: + description: The Git tag semver expression, takes precedence over Tag. + type: string + tag: + description: The Git tag to checkout, takes precedence over Branch. + type: string + type: object + secretRef: + description: The secret name containing the Git credentials. For HTTPS repositories the secret must contain username and password fields. For SSH repositories the secret must contain identity, identity.pub and known_hosts fields. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation of this source. + type: boolean + timeout: + default: 20s + description: The timeout for remote Git operations like cloning, defaults to 20s. + type: string + url: + description: The repository URL, can be a HTTP/S or SSH address. + pattern: ^(http|https|ssh):// + type: string + verify: + description: Verify OpenPGP signature for the Git commit HEAD points to. + properties: + mode: + description: Mode describes what git object should be verified, currently ('head'). + enum: + - head + type: string + secretRef: + description: The secret name containing the public keys of all trusted Git authors. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + required: + - mode + type: object + required: + - interval + - url + type: object + status: + description: GitRepositoryStatus defines the observed state of a Git repository. + properties: + artifact: + description: Artifact represents the output of the last successful repository sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the GitRepository. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the artifact output of the last repository sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: helmcharts.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmChart + listKind: HelmChartList + plural: helmcharts + shortNames: + - hc + singular: helmchart + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.chart + name: Chart + type: string + - jsonPath: .spec.version + name: Version + type: string + - jsonPath: .spec.sourceRef.kind + name: Source Kind + type: string + - jsonPath: .spec.sourceRef.name + name: Source Name + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: HelmChart is the Schema for the helmcharts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmChartSpec defines the desired state of a Helm chart. + properties: + chart: + description: The name or path the Helm chart is available at in the SourceRef. + type: string + interval: + description: The interval at which to check the Source for updates. + type: string + sourceRef: + description: The reference to the Source the chart is available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket'). + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + type: string + required: + - kind + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation of this source. + type: boolean + valuesFile: + description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Deprecated in favor of ValuesFiles, for backwards compatibility the file defined here is merged before the ValuesFiles items. Ignored when omitted. + type: string + valuesFiles: + description: Alternative list of values files to use as the chart values (values.yaml is not included by default), expected to be a relative path in the SourceRef. Values files are merged in the order of this list with the last file overriding the first. Ignored when omitted. + items: + type: string + type: array + version: + default: '*' + description: The chart version semver expression, ignored for charts from GitRepository and Bucket sources. Defaults to latest when omitted. + type: string + required: + - chart + - interval + - sourceRef + type: object + status: + description: HelmChartStatus defines the observed state of the HelmChart. + properties: + artifact: + description: Artifact represents the output of the last successful chart sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmChart. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the last chart pulled. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: helmreleases.helm.toolkit.fluxcd.io +spec: + group: helm.toolkit.fluxcd.io + names: + kind: HelmRelease + listKind: HelmReleaseList + plural: helmreleases + shortNames: + - hr + singular: helmrelease + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2beta1 + schema: + openAPIV3Schema: + description: HelmRelease is the Schema for the helmreleases API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmReleaseSpec defines the desired state of a Helm release. + properties: + chart: + description: Chart defines the template of the v1beta1.HelmChart that should be created for this HelmRelease. + properties: + spec: + description: Spec holds the template for the v1beta1.HelmChartSpec for this HelmRelease. + properties: + chart: + description: The name or path the Helm chart is available at in the SourceRef. + type: string + interval: + description: Interval at which to check the v1beta1.Source for updates. Defaults to 'HelmReleaseSpec.Interval'. + type: string + sourceRef: + description: The name and namespace of the v1beta1.Source the chart is available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent. + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent. + maxLength: 63 + minLength: 1 + type: string + required: + - name + type: object + valuesFile: + description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Deprecated in favor of ValuesFiles, for backwards compatibility the file defined here is merged before the ValuesFiles items. Ignored when omitted. + type: string + valuesFiles: + description: Alternative list of values files to use as the chart values (values.yaml is not included by default), expected to be a relative path in the SourceRef. Values files are merged in the order of this list with the last file overriding the first. Ignored when omitted. + items: + type: string + type: array + version: + default: '*' + description: Version semver expression, ignored for charts from v1beta1.GitRepository and v1beta1.Bucket sources. Defaults to latest when omitted. + type: string + required: + - chart + - sourceRef + type: object + required: + - spec + type: object + dependsOn: + description: DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to HelmRelease resources that must be ready before this HelmRelease can be reconciled. + items: + description: CrossNamespaceDependencyReference holds the reference to a dependency. + properties: + name: + description: Name holds the name reference of a dependency. + type: string + namespace: + description: Namespace holds the namespace reference of a dependency. + type: string + required: + - name + type: object + type: array + install: + description: Install holds the configuration for Helm install actions for this HelmRelease. + properties: + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory according to the CRD upgrade policy provided here. Valid values are `Skip`, `Create` or `CreateReplace`. Default is `Create` and if omitted CRDs are installed but not updated. \n Skip: do neither install nor replace (update) any CRDs. \n Create: new CRDs are created, existing CRDs are neither updated nor deleted. \n CreateReplace: new CRDs are created, existing CRDs are updated (replaced) but not deleted. \n By default, CRDs are applied (installed) during Helm install action. With this option users can opt-in to CRD replace existing CRDs on Helm install actions, which is not (yet) natively supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." + enum: + - Skip + - Create + - CreateReplace + type: string + createNamespace: + description: CreateNamespace tells the Helm install action to create the HelmReleaseSpec.TargetNamespace if it does not exist yet. On uninstall, the namespace will not be garbage collected. + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the Helm install action. + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation prevents the Helm install action from validating rendered templates against the Kubernetes OpenAPI Schema. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to be ready after a Helm install has been performed. + type: boolean + remediation: + description: Remediation holds the remediation configuration for when the Helm install action for the HelmRelease fails. The default is to not perform any action. + properties: + ignoreTestFailures: + description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an install action but fail. Defaults to 'Test.IgnoreFailures'. + type: boolean + remediateLastFailure: + description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false'. + type: boolean + retries: + description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using an uninstall, is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries. + type: integer + type: object + replace: + description: Replace tells the Helm install action to re-use the 'ReleaseName', but only if that name is a deleted release which remains in the history. + type: boolean + skipCRDs: + description: "SkipCRDs tells the Helm install action to not install any CRDs. By default, CRDs are installed if not already present. \n Deprecated use CRD policy (`crds`) attribute with value `Skip` instead." + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + interval: + description: Interval at which to reconcile the Helm release. + type: string + kubeConfig: + description: KubeConfig for reconciling the HelmRelease on a remote cluster. When specified, KubeConfig takes precedence over ServiceAccountName. + properties: + secretRef: + description: SecretRef holds the name to a secret that contains a 'value' key with the kubeconfig file as the value. It must be in the same namespace as the HelmRelease. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling the HelmRelease. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + type: object + maxHistory: + description: MaxHistory is the number of revisions saved by Helm for this HelmRelease. Use '0' for an unlimited number of revisions; defaults to '10'. + type: integer + postRenderers: + description: PostRenderers holds an array of Helm PostRenderers, which will be applied in order of their definition. + items: + description: PostRenderer contains a Helm PostRenderer specification. + properties: + kustomize: + description: Kustomization to apply as PostRenderer. + properties: + images: + description: Images is a list of (image name, new name, new tag or digest) for changing image names, tags or digests. This can also be achieved with a patch, but this operator is simpler to specify. + items: + description: Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag. + properties: + digest: + description: Digest is the value used to replace the original image tag. If digest is present NewTag value is ignored. + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace the original name. + type: string + newTag: + description: NewTag is the value used to replace the original tag. + type: string + required: + - name + type: object + type: array + patchesJson6902: + description: JSON 6902 patches, defined as inline YAML objects. + items: + description: JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to. + properties: + patch: + description: Patch contains the JSON6902 patch document with an array of operation objects. + items: + description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4 + properties: + from: + type: string + op: + enum: + - test + - remove + - add + - replace + - move + - copy + type: string + path: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + target: + description: Target points to the resources that the patch document should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations. + type: string + group: + description: Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + - target + type: object + type: array + patchesStrategicMerge: + description: Strategic merge patches, defined as inline YAML objects. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + type: object + type: object + type: array + releaseName: + description: ReleaseName used for the Helm release. Defaults to a composition of '[TargetNamespace-]Name'. + maxLength: 53 + minLength: 1 + type: string + rollback: + description: Rollback holds the configuration for Helm rollback actions for this HelmRelease. + properties: + cleanupOnFail: + description: CleanupOnFail allows deletion of new resources created during the Helm rollback action when it fails. + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the Helm rollback action. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to be ready after a Helm rollback has been performed. + type: boolean + force: + description: Force forces resource updates through a replacement strategy. + type: boolean + recreate: + description: Recreate performs pod restarts for the resource if applicable. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + serviceAccountName: + description: The name of the Kubernetes service account to impersonate when reconciling this HelmRelease. + type: string + storageNamespace: + description: StorageNamespace used for the Helm storage. Defaults to the namespace of the HelmRelease. + maxLength: 63 + minLength: 1 + type: string + suspend: + description: Suspend tells the controller to suspend reconciliation for this HelmRelease, it does not apply to already started reconciliations. Defaults to false. + type: boolean + targetNamespace: + description: TargetNamespace to target when performing operations for the HelmRelease. Defaults to the namespace of the HelmRelease. + maxLength: 63 + minLength: 1 + type: string + test: + description: Test holds the configuration for Helm test actions for this HelmRelease. + properties: + enable: + description: Enable enables Helm test actions for this HelmRelease after an Helm install or upgrade action has been performed. + type: boolean + ignoreFailures: + description: IgnoreFailures tells the controller to skip remediation when the Helm tests are run but fail. Can be overwritten for tests run after install or upgrade actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation during the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm action. Defaults to '5m0s'. + type: string + uninstall: + description: Uninstall holds the configuration for Helm uninstall actions for this HelmRelease. + properties: + disableHooks: + description: DisableHooks prevents hooks from running during the Helm rollback action. + type: boolean + keepHistory: + description: KeepHistory tells Helm to remove all associated resources and mark the release as deleted, but retain the release history. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + upgrade: + description: Upgrade holds the configuration for Helm upgrade actions for this HelmRelease. + properties: + cleanupOnFail: + description: CleanupOnFail allows deletion of new resources created during the Helm upgrade action when it fails. + type: boolean + crds: + description: "CRDs upgrade CRDs from the Helm Chart's crds directory according to the CRD upgrade policy provided here. Valid values are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and if omitted CRDs are neither installed nor upgraded. \n Skip: do neither install nor replace (update) any CRDs. \n Create: new CRDs are created, existing CRDs are neither updated nor deleted. \n CreateReplace: new CRDs are created, existing CRDs are updated (replaced) but not deleted. \n By default, CRDs are not applied during Helm upgrade action. With this option users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." + enum: + - Skip + - Create + - CreateReplace + type: string + disableHooks: + description: DisableHooks prevents hooks from running during the Helm upgrade action. + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation prevents the Helm upgrade action from validating rendered templates against the Kubernetes OpenAPI Schema. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to be ready after a Helm upgrade has been performed. + type: boolean + force: + description: Force forces resource updates through a replacement strategy. + type: boolean + preserveValues: + description: PreserveValues will make Helm reuse the last release's values and merge in overrides from 'Values'. Setting this flag makes the HelmRelease non-declarative. + type: boolean + remediation: + description: Remediation holds the remediation configuration for when the Helm upgrade action for the HelmRelease fails. The default is to not perform any action. + properties: + ignoreTestFailures: + description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an upgrade action but fail. Defaults to 'Test.IgnoreFailures'. + type: boolean + remediateLastFailure: + description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false' unless 'Retries' is greater than 0. + type: boolean + retries: + description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using 'Strategy', is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries. + type: integer + strategy: + description: Strategy to use for failure remediation. Defaults to 'rollback'. + enum: + - rollback + - uninstall + type: string + type: object + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + values: + description: Values holds the values for this Helm release. + x-kubernetes-preserve-unknown-fields: true + valuesFrom: + description: ValuesFrom holds references to resources containing Helm values for this HelmRelease, and information about how they should be merged. + items: + description: ValuesReference contains a reference to a resource containing Helm values, and optionally the key they can be found at. + properties: + kind: + description: Kind of the values referent, valid values are ('Secret', 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values referent. Should reside in the same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + optional: + description: Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure. + type: boolean + targetPath: + description: TargetPath is the YAML dot notation path the value should be merged at. When set, the ValuesKey is expected to be a single flat value. Defaults to 'None', which results in the values getting merged at the root. + type: string + valuesKey: + description: ValuesKey is the data key where the values.yaml or a specific value can be found at. Defaults to 'values.yaml'. + type: string + required: + - kind + - name + type: object + type: array + required: + - chart + - interval + type: object + status: + description: HelmReleaseStatus defines the observed state of a HelmRelease. + properties: + conditions: + description: Conditions holds the conditions for the HelmRelease. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + failures: + description: Failures is the reconciliation failure count against the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + helmChart: + description: HelmChart is the namespaced name of the HelmChart resource created by the controller for the HelmRelease. + type: string + installFailures: + description: InstallFailures is the install failure count against the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + lastAppliedRevision: + description: LastAppliedRevision is the revision of the last successfully applied source. + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation attempt. + type: string + lastAttemptedValuesChecksum: + description: LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last reconciliation attempt. + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + lastReleaseRevision: + description: LastReleaseRevision is the revision of the last successful Helm release. + type: integer + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + upgradeFailures: + description: UpgradeFailures is the upgrade failure count against the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: helmrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmRepository + listKind: HelmRepositoryList + plural: helmrepositories + shortNames: + - helmrepo + singular: helmrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: HelmRepository is the Schema for the helmrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmRepositorySpec defines the reference to a Helm repository. + properties: + interval: + description: The interval at which to check the upstream for updates. + type: string + secretRef: + description: The name of the secret containing authentication credentials for the Helm repository. For HTTP/S basic auth the secret must contain username and password fields. For TLS the secret must contain a certFile and keyFile, and/or caCert fields. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend the reconciliation of this source. + type: boolean + timeout: + default: 60s + description: The timeout of index downloading, defaults to 60s. + type: string + url: + description: The Helm repository URL, a valid URL contains at least a protocol and host. + type: string + required: + - interval + - url + type: object + status: + description: HelmRepositoryStatus defines the observed state of the HelmRepository. + properties: + artifact: + description: Artifact represents the output of the last successful repository sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit SHA, Git tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmRepository. + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the last index fetched. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: kustomizations.kustomize.toolkit.fluxcd.io +spec: + group: kustomize.toolkit.fluxcd.io + names: + kind: Kustomization + listKind: KustomizationList + plural: kustomizations + shortNames: + - ks + singular: kustomization + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Kustomization is the Schema for the kustomizations API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KustomizationSpec defines the desired state of a kustomization. + properties: + decryption: + description: Decrypt Kubernetes secrets before applying them on the cluster. + properties: + provider: + description: Provider is the name of the decryption engine. + enum: + - sops + type: string + secretRef: + description: The secret name containing the private OpenPGP keys used for decryption. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + required: + - provider + type: object + dependsOn: + description: DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to Kustomization resources that must be ready before this Kustomization can be reconciled. + items: + description: CrossNamespaceDependencyReference holds the reference to a dependency. + properties: + name: + description: Name holds the name reference of a dependency. + type: string + namespace: + description: Namespace holds the namespace reference of a dependency. + type: string + required: + - name + type: object + type: array + force: + default: false + description: Force instructs the controller to recreate resources when patching fails due to an immutable field change. + type: boolean + healthChecks: + description: A list of resources to be included in the health assessment. + items: + description: NamespacedObjectKindReference contains enough information to let you locate the typed referenced object in any namespace + properties: + apiVersion: + description: API version of the referent, if not specified the Kubernetes preferred version will be used + type: string + kind: + description: Kind of the referent + type: string + name: + description: Name of the referent + type: string + namespace: + description: Namespace of the referent, when not specified it acts as LocalObjectReference + type: string + required: + - kind + - name + type: object + type: array + images: + description: Images is a list of (image name, new name, new tag or digest) for changing image names, tags or digests. This can also be achieved with a patch, but this operator is simpler to specify. + items: + description: Image contains an image name, a new name, a new tag or digest, which will replace the original name and tag. + properties: + digest: + description: Digest is the value used to replace the original image tag. If digest is present NewTag value is ignored. + type: string + name: + description: Name is a tag-less image name. + type: string + newName: + description: NewName is the value used to replace the original name. + type: string + newTag: + description: NewTag is the value used to replace the original tag. + type: string + required: + - name + type: object + type: array + interval: + description: The interval at which to reconcile the Kustomization. + type: string + kubeConfig: + description: The KubeConfig for reconciling the Kustomization on a remote cluster. When specified, KubeConfig takes precedence over ServiceAccountName. + properties: + secretRef: + description: SecretRef holds the name to a secret that contains a 'value' key with the kubeconfig file as the value. It must be in the same namespace as the Kustomization. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling the Kustomization. + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + type: object + patchesJson6902: + description: JSON 6902 patches, defined as inline YAML objects. + items: + description: JSON6902Patch contains a JSON6902 patch and the target the patch should be applied to. + properties: + patch: + description: Patch contains the JSON6902 patch document with an array of operation objects. + items: + description: JSON6902 is a JSON6902 operation object. https://tools.ietf.org/html/rfc6902#section-4 + properties: + from: + type: string + op: + enum: + - test + - remove + - add + - replace + - move + - copy + type: string + path: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + required: + - op + - path + type: object + type: array + target: + description: Target points to the resources that the patch document should be applied to. + properties: + annotationSelector: + description: AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations. + type: string + group: + description: Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + - target + type: object + type: array + patchesStrategicMerge: + description: Strategic merge patches, defined as inline YAML objects. + items: + x-kubernetes-preserve-unknown-fields: true + type: array + path: + description: Path to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to 'None', which translates to the root path of the SourceRef. + type: string + postBuild: + description: PostBuild describes which actions to perform on the YAML manifest generated by building the kustomize overlay. + properties: + substitute: + additionalProperties: + type: string + description: Substitute holds a map of key/value pairs. The variables defined in your YAML manifests that match any of the keys defined in the map will be substituted with the set value. Includes support for bash string replacement functions e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}. + type: object + substituteFrom: + description: SubstituteFrom holds references to ConfigMaps and Secrets containing the variables and their values to be substituted in the YAML manifests. The ConfigMap and the Secret data keys represent the var names and they must match the vars declared in the manifests for the substitution to happen. + items: + description: SubstituteReference contains a reference to a resource containing the variables name and value. + properties: + kind: + description: Kind of the values referent, valid values are ('Secret', 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values referent. Should reside in the same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + required: + - kind + - name + type: object + type: array + type: object + prune: + description: Prune enables garbage collection. + type: boolean + retryInterval: + description: The interval at which to retry a previously failed reconciliation. When not specified, the controller uses the KustomizationSpec.Interval value to retry failures. + type: string + serviceAccountName: + description: The name of the Kubernetes service account to impersonate when reconciling this Kustomization. + type: string + sourceRef: + description: Reference of the source where the kustomization file is. + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - GitRepository + - Bucket + type: string + name: + description: Name of the referent + type: string + namespace: + description: Namespace of the referent, defaults to the Kustomization namespace + type: string + required: + - kind + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent kustomize executions, it does not apply to already started executions. Defaults to false. + type: boolean + targetNamespace: + description: TargetNamespace sets or overrides the namespace in the kustomization.yaml file. + maxLength: 63 + minLength: 1 + type: string + timeout: + description: Timeout for validation, apply and health checking operations. Defaults to 'Interval' duration. + type: string + validation: + description: Validate the Kubernetes objects before applying them on the cluster. The validation strategy can be 'client' (local dry-run), 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true', validation will fallback to 'client' if set to 'server' because server-side validation is not supported in this scenario. + enum: + - none + - client + - server + type: string + required: + - interval + - prune + - sourceRef + type: object + status: + description: KustomizationStatus defines the observed state of a kustomization. + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + lastAppliedRevision: + description: The last successfully applied revision. The revision format for Git sources is /. + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation attempt. + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change can be detected. + type: string + observedGeneration: + description: ObservedGeneration is the last reconciled generation. + format: int64 + type: integer + snapshot: + description: The last successfully applied revision metadata. + properties: + checksum: + description: The manifests sha1 checksum. + type: string + entries: + description: A list of Kubernetes kinds grouped by namespace. + items: + description: Snapshot holds the metadata of namespaced Kubernetes objects + properties: + kinds: + additionalProperties: + type: string + description: The list of Kubernetes kinds. + type: object + namespace: + description: The namespace of this entry. + type: string + required: + - kinds + type: object + type: array + required: + - checksum + - entries + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: providers.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Provider + listKind: ProviderList + plural: providers + singular: provider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Provider is the Schema for the providers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProviderSpec defines the desired state of Provider + properties: + address: + description: HTTP/S webhook address of this provider + pattern: ^(http|https):// + type: string + certSecretRef: + description: CertSecretRef can be given the name of a secret containing a PEM-encoded CA certificate (`caFile`) + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + channel: + description: Alert channel for this provider + type: string + proxy: + description: HTTP/S address of the proxy + pattern: ^(http|https):// + type: string + secretRef: + description: Secret reference containing the provider webhook URL using "address" as data key + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + type: + description: Type of provider + enum: + - slack + - discord + - msteams + - rocket + - generic + - github + - gitlab + - bitbucket + - azuredevops + - googlechat + - webex + - sentry + type: string + username: + description: Bot username for this provider + type: string + required: + - type + type: object + status: + description: ProviderStatus defines the observed state of Provider + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: receivers.notification.toolkit.fluxcd.io +spec: + group: notification.toolkit.fluxcd.io + names: + kind: Receiver + listKind: ReceiverList + plural: receivers + singular: receiver + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Receiver is the Schema for the receivers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ReceiverSpec defines the desired state of Receiver + properties: + events: + description: A list of events to handle, e.g. 'push' for GitHub or 'Push Hook' for GitLab. + items: + type: string + type: array + resources: + description: A list of resources to be notified about changes. + items: + description: CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level + properties: + apiVersion: + description: API version of the referent + type: string + kind: + description: Kind of the referent + enum: + - Bucket + - GitRepository + - Kustomization + - HelmRelease + - HelmChart + - HelmRepository + - ImageRepository + - ImagePolicy + - ImageUpdateAutomation + type: string + name: + description: Name of the referent + maxLength: 53 + minLength: 1 + type: string + namespace: + description: Namespace of the referent + maxLength: 53 + minLength: 1 + type: string + required: + - name + type: object + type: array + secretRef: + description: Secret reference containing the token used to validate the payload authenticity + properties: + name: + description: Name of the referent + type: string + required: + - name + type: object + suspend: + description: This flag tells the controller to suspend subsequent events handling. Defaults to false. + type: boolean + type: + description: Type of webhook sender, used to determine the validation procedure and payload deserialization. + enum: + - generic + - generic-hmac + - github + - gitlab + - bitbucket + - harbor + - dockerhub + - quay + - gcr + - nexus + - acr + type: string + required: + - resources + - type + type: object + status: + description: ReceiverStatus defines the observed state of Receiver + properties: + conditions: + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: helm-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: kustomize-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: notification-controller + namespace: flux-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: source-controller + namespace: flux-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: crd-controller-flux-system +rules: +- apiGroups: + - source.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - kustomize.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - helm.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - notification.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - image.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - configmaps + - configmaps/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: cluster-reconciler-flux-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: kustomize-controller + namespace: flux-system +- kind: ServiceAccount + name: helm-controller + namespace: flux-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: crd-controller-flux-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: crd-controller-flux-system +subjects: +- kind: ServiceAccount + name: kustomize-controller + namespace: flux-system +- kind: ServiceAccount + name: helm-controller + namespace: flux-system +- kind: ServiceAccount + name: source-controller + namespace: flux-system +- kind: ServiceAccount + name: notification-controller + namespace: flux-system +- kind: ServiceAccount + name: image-reflector-controller + namespace: flux-system +- kind: ServiceAccount + name: image-automation-controller + namespace: flux-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: notification-controller + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app: notification-controller + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: source-controller + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app: source-controller + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: webhook-receiver + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http-webhook + selector: + app: notification-controller + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: helm-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: helm-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: helm-controller + spec: + containers: + - args: + - --events-addr=http://notification-controller/ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/helm-controller:v0.10.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8080 + name: http-prom + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: helm-controller + terminationGracePeriodSeconds: 600 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: kustomize-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: kustomize-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: kustomize-controller + spec: + containers: + - args: + - --events-addr=http://notification-controller/ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/kustomize-controller:v0.12.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8080 + name: http-prom + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 1337 + serviceAccountName: kustomize-controller + terminationGracePeriodSeconds: 60 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: notification-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: notification-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: notification-controller + spec: + containers: + - args: + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/notification-controller:v0.13.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 9090 + name: http + - containerPort: 9292 + name: http-webhook + - containerPort: 8080 + name: http-prom + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: notification-controller + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: temp +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + control-plane: controller + name: source-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: source-controller + strategy: + type: Recreate + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: source-controller + spec: + containers: + - args: + - --events-addr=http://notification-controller/ + - --watch-all-namespaces=true + - --log-level=info + - --log-encoding=json + - --enable-leader-election + - --storage-path=/data + - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/source-controller:v0.12.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9090 + name: http + - containerPort: 8080 + name: http-prom + - containerPort: 9440 + name: healthz + readinessProbe: + httpGet: + path: / + port: http + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 50m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /data + name: data + - mountPath: /tmp + name: tmp + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 1337 + serviceAccountName: source-controller + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: data + - emptyDir: {} + name: tmp +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: allow-egress + namespace: flux-system +spec: + egress: + - {} + ingress: + - from: + - podSelector: {} + podSelector: {} + policyTypes: + - Ingress + - Egress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: allow-scraping + namespace: flux-system +spec: + ingress: + - from: + - namespaceSelector: {} + ports: + - port: 8080 + protocol: TCP + podSelector: {} + policyTypes: + - Ingress +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/part-of: flux + app.kubernetes.io/version: v0.13.2 + name: allow-webhooks + namespace: flux-system +spec: + ingress: + - from: + - namespaceSelector: {} + podSelector: + matchLabels: + app: notification-controller + policyTypes: + - Ingress diff --git a/flux-system/gotk-sync.yaml b/flux-system/gotk-sync.yaml new file mode 100644 index 0000000..7bd52f1 --- /dev/null +++ b/flux-system/gotk-sync.yaml @@ -0,0 +1,47 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: GitRepository +metadata: + name: flux-system + namespace: flux-system +spec: + interval: 1m0s + ref: + branch: develop-andrewmccully + secretRef: + name: flux-system + url: ssh://git@github.com/mccullya/kafka-gitops +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: confluent-infra + namespace: flux-system +spec: + interval: 10m0s + path: ./kustomize/infrastructure + prune: true + sourceRef: + kind: GitRepository + name: flux-system + healthChecks: + - apiVersion: helm.toolkit.fluxcd.io/v1beta1 + kind: HelmRelease + name: confluent + namespace: dev + validation: client +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: environments + namespace: flux-system +spec: + dependsOn: + - name: confluent-infra + interval: 5m + path: ./kustomize/environments/dev + prune: true + sourceRef: + kind: GitRepository + name: flux-system diff --git a/infrastructure/sources/kustomization.yaml b/flux-system/kustomization.yaml similarity index 64% rename from infrastructure/sources/kustomization.yaml rename to flux-system/kustomization.yaml index e697fe7..3842229 100644 --- a/infrastructure/sources/kustomization.yaml +++ b/flux-system/kustomization.yaml @@ -1,5 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: flux-system resources: - - confluent.yaml \ No newline at end of file +- gotk-components.yaml +- gotk-sync.yaml diff --git a/infrastructure/sources/confluent.yaml b/infrastructure/sources/confluent.yaml deleted file mode 100644 index cdff5dd..0000000 --- a/infrastructure/sources/confluent.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta1 -kind: HelmRepository -metadata: - name: confluent-private - namespace: flux-system -spec: - url: https://confluent.jfrog.io/confluent/helm-early-access-operator-2 - secretRef: - name: https-credentials - interval: 1m ---- -#apiVersion: v1 -#kind: Secret -#metadata: -# name: https-credentials -# namespace: flux-system -#type: Opaque -#data: -# username: c2lvbkBvc29kZXZvcHMuaW8= -# password: ZXlKMlpYSWlPaUl5SWl3aWRIbHdJam9pU2xkVUlpd2lZV3huSWpvaVVsTXlOVFlpTENKcmFXUWlPaUl5VVVsdE1HOURkMHBRY0dOU2FHVjZWWGh5YTA1dWFXWnZaR2xZWVRCM1JtVm5NRXRrYjB0blVYVjNJbjAuZXlKemRXSWlPaUpxWm5KMFFEQXhZemR0WjJzeU5HdDJlR2M0TUhKd1lqbDZjSFl4Ym5aNlhDOTFjMlZ5YzF3dmMybHZia0J2YzI5a1pYWnZjSE11YVc4aUxDSnpZM0FpT2lKdFpXMWlaWEl0YjJZdFozSnZkWEJ6T205d1pYSmhkRzl5TFRJdFpXRnliSGt0WVdOalpYTnpMWEpsWVdRdGIyNXNlU0JoY0drNktpSXNJbUYxWkNJNkltcG1jblJBTURGak4yMW5hekkwYTNaNFp6Z3djbkJpT1hwd2RqRnVkbm9pTENKcGMzTWlPaUpxWm5KMFFEQXhZemR0WjJzeU5HdDJlR2M0TUhKd1lqbDZjSFl4Ym5aNlhDOTFjMlZ5YzF3dmNtRnFaWE5vUUdOdmJtWnNkV1Z1ZEM1cGJ5SXNJbVY0Y0NJNk1UWXlNVFk1T1RrMk55d2lhV0YwSWpveE5qRTVNVEEzT1RZM0xDSnFkR2tpT2lJek9XVmtZelF4WWkxaVkyRmpMVFEwTW1RdE9ETXpNQzAxTXpGa00yRTRPV0UzT1dNaWZRLmNPcG1VQmRpdG1PV2JCRjhNU1lxWW1TdktyY1U0eTNLWnZBQVhyOGJWVnR1QlhVcS1NQ1luMEQyRjR6VzJSbzlPUkFxTHFaVGZYZlRGQTBHYVN6QXpCNUVYWVRDdlhfNVUyb1c0UW9uMFdNOTNhOHdyamV2N2hzbjB0TDhNYnZSdlg3OU11NTRmZlljcjgyQ2s3c2Jtd0NCM0cyNC1ucTY1Y092Y2E0LU9wbWZyTTZYQzBjam5hQ0tPSVN3eEtpNThTMVRnZjY1SG5qWWtUdFBnM0d3V2tZdkJnN3FYM1NqeWxJNG5rR0toamtpbkI2a3Q2aEF4OWNQQlI1RXZQNTYzSFhMc25KWkU1dU90UTd1Rmc0ZGl4aXI5dmFyZ3VQOHVFZ3Q0WU1VbHhiaGplRkdDVXdrdnF5NnBBU0VTNnNkRDBKNGZKTzVUNXhCZk5Oa0dMd0ppdw== -# this is: -# "password": "eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiIyUUltMG9Dd0pQcGNSaGV6VXhya05uaWZvZGlYYTB3RmVnMEtkb0tnUXV3In0.eyJzdWIiOiJqZnJ0QDAxYzdtZ2syNGt2eGc4MHJwYjl6cHYxbnZ6XC91c2Vyc1wvc2lvbkBvc29kZXZvcHMuaW8iLCJzY3AiOiJtZW1iZXItb2YtZ3JvdXBzOm9wZXJhdG9yLTItZWFybHktYWNjZXNzLXJlYWQtb25seSBhcGk6KiIsImF1ZCI6ImpmcnRAMDFjN21nazI0a3Z4ZzgwcnBiOXpwdjFudnoiLCJpc3MiOiJqZnJ0QDAxYzdtZ2syNGt2eGc4MHJwYjl6cHYxbnZ6XC91c2Vyc1wvcmFqZXNoQGNvbmZsdWVudC5pbyIsImV4cCI6MTYyMTY5OTk2NywiaWF0IjoxNjE5MTA3OTY3LCJqdGkiOiIzOWVkYzQxYi1iY2FjLTQ0MmQtODMzMC01MzFkM2E4OWE3OWMifQ.cOpmUBditmOWbBF8MSYqYmSvKrcU4y3KZvAAXr8bVVtuBXUq-MCYn0D2F4zW2Ro9ORAqLqZTfXfTFA0GaSzAzB5EXYTCvX_5U2oW4Qon0WM93a8wrjev7hsn0tL8MbvRvX79Mu54ffYcr82Ck7sbmwCB3G24-nq65cOvca4-OpmfrM6XC0cjnaCKOISwxKi58S1Tgf65HnjYkTtPg3GwWkYvBg7qX3SjylI4nkGKhjkinB6kt6hAx9cPBR5EvP563HXLsnJZE5uOtQ7uFg4dixir9varguP8uEgt4YMUlxbhjeFGCUwkvqy6pASES6sdD0J4fJO5T5xBfNNkGLwJiw", -# "username": "sion@osodevops.io" \ No newline at end of file diff --git a/infrastructure/tools/kustomization.yaml b/infrastructure/tools/kustomization.yaml deleted file mode 100644 index bc93143..0000000 --- a/infrastructure/tools/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: tools -resources: - - namespace.yaml - - proxy.yaml - - ldap.yaml \ No newline at end of file diff --git a/kustom.yaml b/kustom.yaml new file mode 100644 index 0000000..283e1ef --- /dev/null +++ b/kustom.yaml @@ -0,0 +1,32 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: shared + namespace: flux-system +spec: + interval: 5m + path: "./shared" + prune: true + sourceRef: + kind: GitRepository + name: flux-system + healthChecks: + - apiVersion: apps/v1 + kind: Deployment + name: cert-manager + namespace: cert-manager +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 +kind: Kustomization +metadata: + name: certs + namespace: flux-system +spec: + dependsOn: + - name: shared + interval: 5m + path: "./environments" + prune: true + sourceRef: + kind: GitRepository + name: flux-system \ No newline at end of file diff --git a/kustomization.yaml b/kustomization.yaml new file mode 100644 index 0000000..609d5bb --- /dev/null +++ b/kustomization.yaml @@ -0,0 +1,4 @@ +resources: +- shared +#- environments + diff --git a/apps/base/kafka/kafka.yaml b/kustomize/base/confluent-suite/broker/kafka.yaml similarity index 99% rename from apps/base/kafka/kafka.yaml rename to kustomize/base/confluent-suite/broker/kafka.yaml index 0eb6c0e..013f0e5 100644 --- a/apps/base/kafka/kafka.yaml +++ b/kustomize/base/confluent-suite/broker/kafka.yaml @@ -3,7 +3,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: Kafka metadata: name: kafka - namespace: confluent spec: replicas: 3 image: @@ -115,7 +114,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: KafkaRestClass metadata: name: default - namespace: confluent spec: kafkaRest: authentication: diff --git a/apps/base/kafka/kustomization.yaml b/kustomize/base/confluent-suite/broker/kustomization.yaml similarity index 91% rename from apps/base/kafka/kustomization.yaml rename to kustomize/base/confluent-suite/broker/kustomization.yaml index d54af9c..58aea4c 100644 --- a/apps/base/kafka/kustomization.yaml +++ b/kustomize/base/confluent-suite/broker/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: confluent resources: - certificates.yaml - zookeeper.yaml diff --git a/apps/base/rolebindings/connect/connect-base.yaml b/kustomize/base/confluent-suite/rolebindings/connect/connect-base.yaml similarity index 93% rename from apps/base/rolebindings/connect/connect-base.yaml rename to kustomize/base/confluent-suite/rolebindings/connect/connect-base.yaml index 9416914..0dfc382 100644 --- a/apps/base/rolebindings/connect/connect-base.yaml +++ b/kustomize/base/confluent-suite/rolebindings/connect/connect-base.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: connect-cluster-base - namespace: confluent spec: clustersScopeByIds: connectClusterId: confluent.connect @@ -15,7 +14,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: connect-resources-base - namespace: confluent spec: principal: name: connect @@ -33,7 +31,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: connect-monitoring-base - namespace: confluent spec: principal: name: connect diff --git a/apps/base/rolebindings/connect/connect-groups.yaml b/kustomize/base/confluent-suite/rolebindings/connect/connect-groups.yaml similarity index 93% rename from apps/base/rolebindings/connect/connect-groups.yaml rename to kustomize/base/confluent-suite/rolebindings/connect/connect-groups.yaml index 5a3b584..c62b7b5 100644 --- a/apps/base/rolebindings/connect/connect-groups.yaml +++ b/kustomize/base/confluent-suite/rolebindings/connect/connect-groups.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: connect-groups - namespace: confluent spec: principal: name: connect diff --git a/apps/base/rolebindings/connect/connect-topics.yaml b/kustomize/base/confluent-suite/rolebindings/connect/connect-topics.yaml similarity index 96% rename from apps/base/rolebindings/connect/connect-topics.yaml rename to kustomize/base/confluent-suite/rolebindings/connect/connect-topics.yaml index 8f5c361..316544e 100644 --- a/apps/base/rolebindings/connect/connect-topics.yaml +++ b/kustomize/base/confluent-suite/rolebindings/connect/connect-topics.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: connect-topics - namespace: confluent spec: principal: name: connect diff --git a/apps/base/rolebindings/connect/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/connect/kustomization.yaml similarity index 100% rename from apps/base/rolebindings/connect/kustomization.yaml rename to kustomize/base/confluent-suite/rolebindings/connect/kustomization.yaml diff --git a/apps/base/rolebindings/controlcenter/controlcentre-base.yaml b/kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-base.yaml similarity index 88% rename from apps/base/rolebindings/controlcenter/controlcentre-base.yaml rename to kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-base.yaml index 9c25674..64a4063 100644 --- a/apps/base/rolebindings/controlcenter/controlcentre-base.yaml +++ b/kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-base.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: control-centre-base - namespace: confluent spec: principal: name: ccc diff --git a/apps/base/rolebindings/controlcenter/controlcentre-clusters.yaml b/kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-clusters.yaml similarity index 91% rename from apps/base/rolebindings/controlcenter/controlcentre-clusters.yaml rename to kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-clusters.yaml index e15f003..600571f 100644 --- a/apps/base/rolebindings/controlcenter/controlcentre-clusters.yaml +++ b/kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-clusters.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: control-centre-cluster-registry - namespace: confluent spec: clustersScopeByIds: schemaRegistryClusterId: schema-registry @@ -15,7 +14,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: control-centre-cluster-connect - namespace: confluent spec: clustersScopeByIds: connectClusterId: confluent.connect @@ -28,7 +26,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: control-centre-cluster-ksqldb - namespace: confluent spec: clustersScopeByIds: ksqlClusterId: ksqldb-cluster diff --git a/apps/base/rolebindings/controlcenter/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/controlcenter/kustomization.yaml similarity index 100% rename from apps/base/rolebindings/controlcenter/kustomization.yaml rename to kustomize/base/confluent-suite/rolebindings/controlcenter/kustomization.yaml diff --git a/apps/base/rolebindings/ksqldb/ksqldb-base.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-base.yaml similarity index 93% rename from apps/base/rolebindings/ksqldb/ksqldb-base.yaml rename to kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-base.yaml index b760ec5..bc777a6 100644 --- a/apps/base/rolebindings/ksqldb/ksqldb-base.yaml +++ b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-base.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: ksqldb-cluster-base - namespace: confluent spec: clustersScopeByIds: ksqlClusterId: confluent.ksqldb_ @@ -19,7 +18,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: ksqldb-cluster-resources-base - namespace: confluent spec: principal: name: ksql diff --git a/apps/base/rolebindings/ksqldb/ksqldb-cluster.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-cluster.yaml similarity index 93% rename from apps/base/rolebindings/ksqldb/ksqldb-cluster.yaml rename to kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-cluster.yaml index e33328a..ce34f3f 100644 --- a/apps/base/rolebindings/ksqldb/ksqldb-cluster.yaml +++ b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-cluster.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: ksqldb-cluster - namespace: confluent spec: clustersScopeByIds: kafkaClusterId: qrGPK1LPTaa1s9d5D4V1rw diff --git a/apps/base/rolebindings/ksqldb/ksqldb-groups.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-groups.yaml similarity index 92% rename from apps/base/rolebindings/ksqldb/ksqldb-groups.yaml rename to kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-groups.yaml index fc8313f..04083cd 100644 --- a/apps/base/rolebindings/ksqldb/ksqldb-groups.yaml +++ b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-groups.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: ksqldb-cluster-groups - namespace: confluent spec: principal: name: ksql diff --git a/apps/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml similarity index 93% rename from apps/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml rename to kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml index 06555b4..63e70dc 100644 --- a/apps/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml +++ b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: ksqldb-cluster-ksqlcluster - namespace: confluent spec: clustersScopeByIds: ksqlClusterId: confluent.ksqldb_ diff --git a/apps/base/rolebindings/ksqldb/ksqldb-topics.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-topics.yaml similarity index 95% rename from apps/base/rolebindings/ksqldb/ksqldb-topics.yaml rename to kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-topics.yaml index 7fa9b97..0ba6994 100644 --- a/apps/base/rolebindings/ksqldb/ksqldb-topics.yaml +++ b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-topics.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: ksqldb-cluster-topics - namespace: confluent spec: principal: name: ksql diff --git a/apps/base/rolebindings/ksqldb/ksqldb-transaction.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-transaction.yaml similarity index 92% rename from apps/base/rolebindings/ksqldb/ksqldb-transaction.yaml rename to kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-transaction.yaml index 7bea69a..0e7910b 100644 --- a/apps/base/rolebindings/ksqldb/ksqldb-transaction.yaml +++ b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-transaction.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: ksqldb-cluster-transaction - namespace: confluent spec: principal: name: ksql diff --git a/apps/base/rolebindings/ksqldb/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/kustomization.yaml similarity index 100% rename from apps/base/rolebindings/ksqldb/kustomization.yaml rename to kustomize/base/confluent-suite/rolebindings/ksqldb/kustomization.yaml diff --git a/apps/base/rolebindings/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/kustomization.yaml similarity index 100% rename from apps/base/rolebindings/kustomization.yaml rename to kustomize/base/confluent-suite/rolebindings/kustomization.yaml diff --git a/apps/base/rolebindings/ldap/groups/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/ldap/groups/kustomization.yaml similarity index 100% rename from apps/base/rolebindings/ldap/groups/kustomization.yaml rename to kustomize/base/confluent-suite/rolebindings/ldap/groups/kustomization.yaml diff --git a/apps/base/rolebindings/ldap/groups/ldap-groups.yaml b/kustomize/base/confluent-suite/rolebindings/ldap/groups/ldap-groups.yaml similarity index 92% rename from apps/base/rolebindings/ldap/groups/ldap-groups.yaml rename to kustomize/base/confluent-suite/rolebindings/ldap/groups/ldap-groups.yaml index cc56ae0..755ce6e 100644 --- a/apps/base/rolebindings/ldap/groups/ldap-groups.yaml +++ b/kustomize/base/confluent-suite/rolebindings/ldap/groups/ldap-groups.yaml @@ -2,7 +2,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: admin-groups-kafka-cluster-connect - namespace: confluent spec: clustersScopeByIds: connectClusterId: confluent.connect @@ -18,7 +17,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: admin-groups-kafka-cluster-sr - namespace: confluent spec: clustersScopeByIds: schemaRegistryClusterId: schema-registry @@ -31,7 +29,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: admin-groups-kafka-cluster-ksql - namespace: confluent spec: clustersScopeByIds: ksqlClusterId: ksqldb-cluster @@ -44,7 +41,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: admin-group-topics - namespace: confluent spec: principal: name: admins @@ -58,7 +54,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: admin-group-groups - namespace: confluent spec: principal: name: admins @@ -72,7 +67,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ConfluentRolebinding metadata: name: admin-group-transactionalid - namespace: confluent spec: principal: name: admins diff --git a/infrastructure/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/ldap/kustomization.yaml similarity index 68% rename from infrastructure/kustomization.yaml rename to kustomize/base/confluent-suite/rolebindings/ldap/kustomization.yaml index e02d4bd..c860fd8 100644 --- a/infrastructure/kustomization.yaml +++ b/kustomize/base/confluent-suite/rolebindings/ldap/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - sources - - confluent - - tools \ No newline at end of file + - groups + - users \ No newline at end of file diff --git a/apps/base/rolebindings/ldap/users/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/ldap/users/kustomization.yaml similarity index 100% rename from apps/base/rolebindings/ldap/users/kustomization.yaml rename to kustomize/base/confluent-suite/rolebindings/ldap/users/kustomization.yaml diff --git a/apps/base/rolebindings/ldap/users/ldap-users.yaml b/kustomize/base/confluent-suite/rolebindings/ldap/users/ldap-users.yaml similarity index 100% rename from apps/base/rolebindings/ldap/users/ldap-users.yaml rename to kustomize/base/confluent-suite/rolebindings/ldap/users/ldap-users.yaml diff --git a/apps/base/rolebindings/schemaregistry/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/schemaregistry/kustomization.yaml similarity index 100% rename from apps/base/rolebindings/schemaregistry/kustomization.yaml rename to kustomize/base/confluent-suite/rolebindings/schemaregistry/kustomization.yaml diff --git a/apps/base/rolebindings/schemaregistry/schemaregistry-base.yaml b/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-base.yaml similarity index 92% rename from apps/base/rolebindings/schemaregistry/schemaregistry-base.yaml rename to kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-base.yaml index 66db945..3a9eea6 100644 --- a/apps/base/rolebindings/schemaregistry/schemaregistry-base.yaml +++ b/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-base.yaml @@ -5,7 +5,7 @@ metadata: namespace: confluent spec: clustersScopeByIds: - schemaRegistryClusterId: id_schemaregistry_confluent + schemaRegistryClusterId: id_registry_confluent principal: name: registry type: user diff --git a/apps/base/rolebindings/schemaregistry/schemaregistry-groups.yaml b/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-groups.yaml similarity index 100% rename from apps/base/rolebindings/schemaregistry/schemaregistry-groups.yaml rename to kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-groups.yaml diff --git a/apps/base/rolebindings/schemaregistry/schemaregistry-topics.yaml b/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-topics.yaml similarity index 100% rename from apps/base/rolebindings/schemaregistry/schemaregistry-topics.yaml rename to kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-topics.yaml diff --git a/kustomize/base/confluent-suite/secrets/c3-mds-client.yaml b/kustomize/base/confluent-suite/secrets/c3-mds-client.yaml new file mode 100644 index 0000000..3d6d429 --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/c3-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9YzMKcGFzc3dvcmQ9YzMtc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: c3-mds-client diff --git a/kustomize/base/confluent-suite/secrets/connect-mds-client.yaml b/kustomize/base/confluent-suite/secrets/connect-mds-client.yaml new file mode 100644 index 0000000..3adbc0b --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/connect-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9Y29ubmVjdApwYXNzd29yZD1jb25uZWN0LXNlY3JldAo= +kind: Secret +metadata: + creationTimestamp: null + name: connect-mds-client diff --git a/kustomize/base/confluent-suite/secrets/credential.yaml b/kustomize/base/confluent-suite/secrets/credential.yaml new file mode 100644 index 0000000..053a4d6 --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/credential.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: + basic.txt: YzM6IGMzLXNlY3JldCxBZG1pbmlzdHJhdG9ycwphZG1pbjogRGV2ZWxvcGVyMSxBZG1pbmlzdHJhdG9ycwphZG1pbjE6IERldmVsb3BlcjEsQWRtaW5pc3RyYXRvcnMK + digest-users.json: ewogICJrYWZrYSI6ICJrYWZrYS1zZWNyZXQiCn0K + digest.txt: dXNlcm5hbWU9ImthZmthIgpwYXNzd29yZD0ia2Fma2Etc2VjcmV0Ig== + ldap.txt: dXNlcm5hbWU9Y249bWRzLGRjPXRlc3QsZGM9Y29tCnBhc3N3b3JkPURldmVsb3BlciEK + mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t + mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== + plain-users.json: ewogICJrYWZrYV9jbGllbnQiOiAia2Fma2FfY2xpZW50LXNlY3JldCIsCiAgImMzIjogImMzLXNlY3JldCIsCiAgImthZmthIjogImthZmthLXNlY3JldCIKfQ== + plain.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: credential diff --git a/kustomize/base/confluent-suite/secrets/ksqldb-mds-client.yaml b/kustomize/base/confluent-suite/secrets/ksqldb-mds-client.yaml new file mode 100644 index 0000000..6a053fc --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/ksqldb-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9a3NxbApwYXNzd29yZD1rc3FsLXNlY3JldAo= +kind: Secret +metadata: + creationTimestamp: null + name: ksqldb-mds-client diff --git a/kustomize/base/confluent-suite/secrets/kustomization.yaml b/kustomize/base/confluent-suite/secrets/kustomization.yaml new file mode 100644 index 0000000..5471250 --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - c3-mds-client.yaml + - connect-mds-client.yaml + - credential.yaml + - ksqldb-mds-client.yaml + - mds-client.yaml + - mds-token.yaml + - rest-credential.yaml + - sr-mds-client.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-suite/secrets/mds-client.yaml b/kustomize/base/confluent-suite/secrets/mds-client.yaml new file mode 100644 index 0000000..24de26d --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: mds-client diff --git a/kustomize/base/confluent-suite/secrets/mds-token.yaml b/kustomize/base/confluent-suite/secrets/mds-token.yaml new file mode 100644 index 0000000..ae87e43 --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/mds-token.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t + mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== +kind: Secret +metadata: + creationTimestamp: null + name: mds-token diff --git a/kustomize/base/confluent-suite/secrets/rest-credential.yaml b/kustomize/base/confluent-suite/secrets/rest-credential.yaml new file mode 100644 index 0000000..f7901ac --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/rest-credential.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + basic.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== + bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== + plain.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: rest-credential diff --git a/kustomize/base/confluent-suite/secrets/sr-mds-client.yaml b/kustomize/base/confluent-suite/secrets/sr-mds-client.yaml new file mode 100644 index 0000000..fb57182 --- /dev/null +++ b/kustomize/base/confluent-suite/secrets/sr-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9c3IKcGFzc3dvcmQ9c3Itc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: sr-mds-client diff --git a/apps/base/kafka/certificates.yaml b/kustomize/base/confluent-suite/zookeeper/certificates.yaml similarity index 99% rename from apps/base/kafka/certificates.yaml rename to kustomize/base/confluent-suite/zookeeper/certificates.yaml index e6d006b..5d34267 100644 --- a/apps/base/kafka/certificates.yaml +++ b/kustomize/base/confluent-suite/zookeeper/certificates.yaml @@ -3,7 +3,6 @@ apiVersion: v1 kind: Secret metadata: name: ca-pair-sslcerts - namespace: confluent type: kubernetes.io/tls data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= @@ -13,7 +12,6 @@ apiVersion: v1 kind: Secret metadata: name: connect-generated-jks - namespace: confluent type: kubernetes.io/tls data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= @@ -28,7 +26,6 @@ apiVersion: v1 kind: Secret metadata: name: controlcenter-generated-jks - namespace: confluent type: kubernetes.io/tls data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= @@ -43,7 +40,6 @@ apiVersion: v1 kind: Secret metadata: name: kafka-generated-jks - namespace: confluent type: kubernetes.io/tls data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= @@ -58,7 +54,6 @@ apiVersion: v1 kind: Secret metadata: name: ksqldb-generated-jks - namespace: confluent type: kubernetes.io/tls data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= @@ -73,7 +68,6 @@ apiVersion: v1 kind: Secret metadata: name: registry-generated-jks - namespace: confluent type: kubernetes.io/tls data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= @@ -88,7 +82,6 @@ apiVersion: v1 kind: Secret metadata: name: rest-sslcerts - namespace: confluent type: kubernetes.io/tls data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= @@ -103,7 +96,6 @@ apiVersion: v1 kind: Secret metadata: name: zookeeper-generated-jks - namespace: confluent type: kubernetes.io/tls data: ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= diff --git a/kustomize/base/confluent-suite/zookeeper/kustomization.yaml b/kustomize/base/confluent-suite/zookeeper/kustomization.yaml new file mode 100644 index 0000000..672d237 --- /dev/null +++ b/kustomize/base/confluent-suite/zookeeper/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - certificates.yaml + - zookeeper.yaml \ No newline at end of file diff --git a/apps/base/kafka/zookeeper.yaml b/kustomize/base/confluent-suite/zookeeper/zookeeper.yaml similarity index 94% rename from apps/base/kafka/zookeeper.yaml rename to kustomize/base/confluent-suite/zookeeper/zookeeper.yaml index 4fa5b6e..fbe052f 100644 --- a/apps/base/kafka/zookeeper.yaml +++ b/kustomize/base/confluent-suite/zookeeper/zookeeper.yaml @@ -3,7 +3,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: Zookeeper metadata: name: zookeeper - namespace: confluent spec: replicas: 3 image: diff --git a/kustomize/base/confluent/certificates.yaml b/kustomize/base/confluent/certificates.yaml new file mode 100644 index 0000000..5d34267 --- /dev/null +++ b/kustomize/base/confluent/certificates.yaml @@ -0,0 +1,108 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: ca-pair-sslcerts +type: kubernetes.io/tls +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzCnVFM0dWemp2dEFKbno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTQKakNYaEJpcU5RcXkrMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWQpKNGtNcEJGalhjNmVFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkCjJCTVhSY2pBR3dUek9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzIKYjhLV3hQTHVjUDFaY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2bwpuTTVIVW1YR212cjBPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1CkhOU2RsemhLVC9xZG5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGEKNnpCbHZhUHo3WHRST2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVgpFWi92Q2lCNHEzTEh2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxCnlvUmNpaFAyNVlUV1BjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUEKQVFLQ0FnQXZ3TktEeEw3Nnl0Rm42RGVpaUVWSVhzQWR2cHNwQm9TY3FBYTFMOG5DeVV2eTl3RDNFcE01cTJuRQorTFIzck42TkZTL084dUQzbTVEUk1Ma00vd3grclgzZVFrc2U0L2Q1OU52U0hLUVJQQmxYaEhpOGc5YWl6L0FyCmNxU2JUSGFvNTZVSExiUFlGUExMdHYvTjNUeVNFOFQvS2FZNjk5SUJrVnhzcmtwR0VUYmd0WmcvUzA5N0JxTUQKMFpZaVNUUEt5REtmaThMTngwUzdaczZYSXJLbjhES2ZsYnZUNStzaHkzYUQxd1hHRGYyQjlGV1c3MUtNMmNVYgpZMG1Yb2VNb1U5aFBXMEhWNjAydUdKRVBKMVh3T0pYTDMybGRsY1JjZVd5c0IwanNRQXphZmJQS1lOSlE2ZGJCCjlsT08wdVZ0a3FGRTgyNUp0a001Ry9iOHVkZldmdlFmcEswWU51aTBuRlVNRmowNHd4WUl1RWNvWDU0RFlzMFMKTnhxRWRqUE1VMUl4bzNXb2dvVU9CRUdLMmFVakIwSVA1SGk1QlN0Tld2bVcrTUMwN3cxUDQxWUJvaVpuT1ZleQp0ZDFoc0p1RW5LVVlCU2pDME9IRnNPMlcveEdhZEU3TVlLUzAzcWh6eVVxVmlKTmNvZkxDckNLNDkyZHJOckU1CjYvTjVvcUtpRzIySE9qejBLblV6T1I3S3QyVjVtYlVQTkQrWGxjRlBKNmo5ZU1CU0t0YlgvQnZXR0ZMSGJtL3UKOXZVQjFvSFErR0IzSlVJNTRSRGY5WXMyTlIrM0VVWmdvakcybzZXbE1PTDNMMm93OGQrYllZZEt3SHUxcVlMSQpLSWJvTnJYRTVYcmYvSUdwNmQ2WXExbURXd09PS1AxTzUvVFFqSHdQWXNNMlpObFlxUUtDQVFFQThzQmtndnB0Clo3MDlxMkZDQWRIZnBsK0RQMllPL0g5emFqc1Z5M2ZWTmtlTUQ4V2ZvQUppZnFPbEQ3d0s4SVNzTFVkRThHVnIKdzVmQjdBUTVONUZFekc1WVZFU1pTY0oydnF5RnVUVHEwcm93VFF4NDZaTWEyS25kZnRIdVJKZitjczV1eFV0YQpMZ3grNHBsK3Q1NEI3NUd2TkdOaE4wNHlPbHZUU2EzRDZYNDFGTDJ4TFRxcjA3YjVZTTZlTXNoQ1BKMWF4Ti9yCmpQb1RQUDJxYkRObE53RWlBcm9Vb3lacitrVzh6Nkx0eWxkSTBWNjhsYW53NkhabXptazNUSExVTXJzV2EvWmQKdUIybGY3UklKdHg5QVVkZm8rWHRmUk54WGgxZWtlQXkvbWh3dUN0M0JSWU13ek5weVRld3BMa0dzTUNJREZ3SwprODhjTEN4ZUtUTFpYd0tDQVFFQXhQcnlGbEhlZHBPR1JteHRaZGRRaGg3YlB5M0R1aThjZjYrdmVhT2JkN3QyCnZuQUpUaWtYT0VLOUoxU2k2S1QzbDdicm01b0dzangxZHNmV1dPQ2VCbG81NEFXQU1hUWxzR2g3RWk0Y2dNeTUKMkJFb010Q0ZrRy9PMThrSndnNnoyTEhPbSswYlh3b0Y2eTdKbTUrbCtOeCtERWxCMnFaNGEwQzZQU3NKZExvNwpsN1NtNEorc2I0TVBmaktJd1Q0eWtqS09ObE9HT0ZhckpPQnZGWENpaStaeEIwK3ZzRHpaV2lSZGVSVEM2WlRPCjJWOXkxemdpd0d2dWQ3UDFraGZJZG9XU3grYjlhVTJzZUdtTzkydkw0UDNXUHRFdGhaTXF3R0t0Tzh1U0M3Mm0KckNaZDF1MmpISWVWNXRUR0I3bUg3WlFEYU5xMnhLb2lOeFIxaGVsSFpRS0NBUUFvRVF0Rjl4R1J1dEZ2OVFpUgpCbFAwd1BVSHhNK2FhMnJnVU1wRElBOUgrejBwNlVOMGhKQS9PTUZvdkcvTnpRZ2lIUTVLNDJLTEVRUkg4VmFFClRtemRsU1R0RzdsMVRDeVBRaWg4TGpqSCtVVTVvbUplb3hJZVNzTXRTSGNjU1Q0Tk12ZGpoeEZtWWxlYkRSeTIKTDlVLzluckZtZFdVN0Vvc0NiWHhCa1k4eHNENklHa2Evd0VYVzY4RGhIYm1DTm10NllidTBjcXVKU1NCdjVpZQpiVWs2Yit4dUtNcDVOMEZCT0x0MlJmMGJsWmFHUUMyK1FpTnFLd2pDN3VqYXJHVkx6a2RnSUhUTmk4OGlLZDV5CjA1ZXFXMTUwemVHSjhHaVkwUjRuMDZwM0JVUDlrZWIrSnVxS1dYVVBhaXEwdFhsZU9SajdlVUdocmVDSGhmY3cKczV6ZkFvSUJBUUM1REVKbXcyeHBHcmYyNnA5dkgvSXV2VWdjdHlKN2d3eVR5M2plbmR0TWhOak5tTFMxTDViMwpySUxFTXhlRDFJNGdnYUFmSW5pTjhvd3JGUnNCamFvR3I3WlZCUFhrTEorWGROL0JPWDVmWlhSbFRlRGtzODMxCjNZT0VaZ0Y3dzVJaXpROGFub21ySStCaGl5ZXN3ak1LY2lFYjY2b28vV0I4NldiTVZlVGhPcDhIS3BmbXh6b1gKM0JpdTVreGd0Y3lPV1Y0T0hUTW5OQXc5YlhZTnZ5MkVuZXlyQUtvOHR6MDlHSktUVC9TM3VLc0Z2RXhIY1IzOApoS2lXM1lHaVNDTnpiSkp5cDBhREtZd1A1cUovUDA1ZHhEa0Q5RUIranIySDFHdUhrL3RVZWtyY3lJSTVpaTlFCmV2OVF4YXh2ejFTcDFQWExDRVRReGorMFhNejNDeXFkQW9JQkFDcmlMYzdocmczNHZ2Q1F6dzN0cnk3b0JYL0sKSVhzZzBPY1BtSU9BZjhiaytUd2lBOWxFMWhwOU1IYkU5bER0cmF2WmIxTE5ZOHBPbE1GcVRMNkVHV0o1a0tQSgpxdW56Y200bHBUSUNCVUtMelQxdVhYa21WUTRreWM3SDZ4QXpkRUd6bkZlYlQydnE1aXRqZzIwWEVoeTFTMzZlCnNOVjkxaHYzZWRMT096NnRYc1lEdVY0RkJWWnloTmkzTGY3UE0xMEg4dE9XRzI4UlRnSTFGSTBvVnhacE5Hd1AKSFF1dkhlMWZway9uWm9Xd3RSejBuODVJSlN0T29mejc4dzZXTmdhY084bDBzZFhlT2lWZmNrMC9ZaG9rTUNNNgo5WFY5eUJ3enJoQ1Z1a0g0WXgvS2hyL0pIMWZlTlhHMng2UFgxbXRONzQvTDArcUtvZ29ha1Q0bHpFbz0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K +--- +apiVersion: v1 +kind: Secret +metadata: + name: connect-generated-jks +type: kubernetes.io/tls +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRFlUQ0NBa2tDQVFBd1JqRUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhFREFPQmdOVkJBTVRCMk52Ym01bFkzUXdnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREVXbTNJOWREdnBGK3d1MnZEOFdaaGFOSnhjMm1vWEw2WHZhYkgKQitaUWhYR3JGSjI1UFFZNis1WE1EaW1oZUhXcytWYjB0KzYycEhydktmVnNabURsZEFkMVdnVlJIZmsyOVF1SgpRTWsyazhrVUpBL2ExQ1ZEaCtkYUQ3K0hvZGo4NmZKSDFXNlRrbUlQeU83QWFuRENGbG04cWlqVmp5YUpVNHMrCnJIN1I1MitrekVDVXJrSk1uRVNpRkxzRDFTZDMvK1dLQUpYelc2UFI0ekM1YmpiRFVvM3lRSVh6TkZrVjhhRjQKYVloVTVxY0RXSTBkK1Z5TkR6REdRWUF2REdjQzVkaGpkVDI3dWFMeFRiWmc4V1NqSTJzZGE1NHo4T3lvRzliMApxTjRBQjNBeTFWV1hISEtlSDYvRWJLMzFOVFJuOTh1WFVWbWlYNzBlaitFbWhsTEJBZ01CQUFHZ2dkVXdnZElHCkNTcUdTSWIzRFFFSkRqR0J4RENCd1RDQnZnWURWUjBSQklHMk1JR3pnZ2RqYjI1dVpXTjBnaEZqYjI1dVpXTjAKTG1OdmJtWnNkV1Z1ZElJVlkyOXVibVZqZEM1amIyNW1iSFZsYm5RdWMzWmpnaU5qYjI1dVpXTjBMbU52Ym1acwpkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJVEtpNWpiMjV1WldOMExtTnZibVpzZFdWdWRJSWxLaTVqCmIyNXVaV04wTG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJZEtpNWpiMjVtYkhWbGJuUXUKYzNaakxtTnNkWE4wWlhJdWJHOWpZV3d3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQU1CNm9uSHMwOEV0QWE0aQpCZndYNTcyNXdSdUZKWFlBS2ZtZkg1eGFlVWNobnRhNW1tV2Y4Z1NyZVd3SDJPS3BneS9tZWYzYXdyWWhZWlBlClRMM2ZTZUdGZDdlYkR4Ty9oYW9ibk81THdtc0ZyekJPeDNhNTkrdXRCUGgvSHZMNWIwWll4c1ovdzQyYUw1T1IKWWpSTmVZMmlHaFVJRHFNbm1kZFpiRkNwMXVmNUp6N3RtdGxnN2J0Szd5T1pGVFZzZHZkVFZkbGdOekx2SWNRSAo5dTRNajhkV1lQb01waER6cmRiUmtqMVlsZU1EeHQzZ0RtRlhxTXNDQlJyMXBMTXJNb0lWdmhNc1RlWmpzN1AvCmhuL0o2dDVwNDIrRVpGVmE4S2VzeGNOVzBHZmEvRmdnM0RpK0hBcWY2dU01bXZQZGRNSTFSMVNEZjEzU3JJbloKbkdod1hyMD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== + jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk + keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EtLmkQAABQEwggT9MA4GCisGAQQBKgIRAQEFAASCBOmHkf+k/dFm49XH1xNNe9kMfnhChmgsnsA/yxQZEJ70Bj3tTq1X5Q+hkKKP/HBvN2cqSMx6bMCQtLCarZuilLYBQ910wG7mMJXqJJFpFNRdN/3om4mKWKZeEgkjy+Evpo0rs7PFCVnA8lYgYYcgwwadm0cuhwxHsvyFnUwum+OTp47f/zjwG2+4YvMBWGR297Se0+KcCBRnunacRFAttiltr3SwgN7LA4WutRm8VYVLR2VmjmhfxmX91UVEmtJ5UM7X3Dl2i8ClroUTGZpAfqlEw0U7Edkhdl7Gcw5QjxHcUL7vXyrOP6zK8+h6Foi+1sdYsVmcGAftM2I4ugH9KIv8YG6eCVesqIE2I10Djer5d+qmYGO1H0525xU3y/PH06DFymA4fh0c74l9b96vPRCyydN2IjtnLi+c5IvgkwKMMjSd+1c4/MrO7JCwZBx2QkxSced0emiXDEW27DbC/KPCjPTzc6X81104om0/UqAoJ2QyGevPZL27T/AhD9N2HmNEm/IRKkDD45IWVOLmS1bB+gsmOwGsUtfykt3BPPSaiGPL9mfH3J/16QaS/NaHvvC0FEaQ43hz049W+B4W8OmPY2oRNW6J1AjVw+lh3XJtCbGN7DnVlwEV2V3eMMMqF4XZGSboFq23VvDdBM1ZqcwlH4p970AqHkTg9O+5X506dNLGpFHKJzN5JdSeY2AOzkZIxDwK17ofxR4brTWZvHKkUSXDYUJv2nMfp/IF3ZcfoFOMY72X0ojU16nf/RJejumAF4fQDKkeMGDfTmOYsL8ACNR/yl/YqAI+LBcBD2U36IYc/SBOKtjPZasH8P7d1Yk/o6b3gQNBO0EexVUIY6c4UJIL+MZYfyX0cv/xEV22dhkVU2QbTtmbKTVvs0tC8NuXhzklVQmf60mAhEoTUWmlOwpnn7/upX5OYiJjEtsupo3fB8aS6zl7bZhAxuPcU39R49oALk/+iuyffj2dW8bU0JmYCpUyhFc6F93GEKK2acK6kIPrhiZnQ+0giMNM4XWI8ioVmD2XFx2u58OBYCMF01TIOiWKWtBNWesqR84C0zZWH6NXNgSgbW1rOeUxSN9+MkTFHdrUxxr9klax1bji7WJzrzNNWhdV23qJyFUCnUBtPufwGa6KJQ1Y5MpS5gijnzH13GkOdRdoavEsiTgeXCxq64jX2FwhLmiogrge5rnNTGzFwqt3kc3OuHPxItkHzv0sXmcxWGkYPAn9ShUrXvlNPNLc/Br5+7XdcGgKVETLyvVno0eZKTTQ3fXeiuXFq/r4FXK1fVJdGpjpfKw6LgGnRe1fKSIeVL/8ydvZOFOknandg2hIHitYIPgeuVKT/SsLPzfA7rbhSCV2nrYgviv/GUumL1jj06rtrvLNTFEXBcXYL3nXRixK72XkeUZ+MOLUQmsr+0SYcBPj0O7NrOCjRBRNEhGLinoyYiEKHiJ9tTZpWI8oAwUZ8guRjz78Lu7QdZS6UxVc/H8ObExQq/cYUkCHsoOvQm80xf2pkmKYUW69e33YjXxSKfk5Bhq49/0eRPyh36mUAdPbUdap+l1KP3gu9fg56CpXGzM0KpPA0Crd9gnVr1INvMoAcrYhwA8wZtLhFqV3LS/s3giOvKpxgoF8FFUflpoWQ2nEYdhAstRnVkrc8VPaLXUKQ/URjHiyapvndxwAAAABAARYNTA5AAAFHjCCBRowggMCoAMCAQICEQDuaKmy9452uDaLdOLVW0iDMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQyNzEwMTQ0MloXDTIyMDQyMjEwMTQ0MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoTBUR1ZnJ5MRUwEwYDVQQLEwxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMTB2Nvbm5lY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEWm3I9dDvpF+wu2vD8WZhaNJxc2moXL6XvabHB+ZQhXGrFJ25PQY6+5XMDimheHWs+Vb0t+62pHrvKfVsZmDldAd1WgVRHfk29QuJQMk2k8kUJA/a1CVDh+daD7+Hodj86fJH1W6TkmIPyO7AanDCFlm8qijVjyaJU4s+rH7R52+kzECUrkJMnESiFLsD1Sd3/+WKAJXzW6PR4zC5bjbDUo3yQIXzNFkV8aF4aYhU5qcDWI0d+VyNDzDGQYAvDGcC5dhjdT27uaLxTbZg8WSjI2sda54z8OyoG9b0qN4AB3Ay1VWXHHKeH6/EbK31NTRn98uXUVmiX70ej+EmhlLBAgMBAAGjggEBMIH+MA4GA1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADCBvgYDVR0RBIG2MIGzggdjb25uZWN0ghFjb25uZWN0LmNvbmZsdWVudIIVY29ubmVjdC5jb25mbHVlbnQuc3ZjgiNjb25uZWN0LmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIITKi5jb25uZWN0LmNvbmZsdWVudIIlKi5jb25uZWN0LmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIIdKi5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWwwDQYJKoZIhvcNAQELBQADggIBAINqRb4iAE0vJ66Wvq+n3emjTv+PKNjmHn5mv4IGmubgWvoz4vLhmHxrfxHhYk81pZ5B48SWl9WyivmS523vSVrTDgjCI9Zawgblag8h+ZvxmkdkvD4M1r2gsyBaFhoERWGJb4mHvFovEtG9d9OL0ysGCpw67iOwYJf7xdPguw5oNLQVkXtzjUwAsSf8B89Rz+iisilBeGk+WzMDw91qhXb7CTFJ657400piFPI8Uj61Ua8tT5f41TojGY0Hf9DBSI9FsRtQWMmXAd1eo5jMJO2m8ui3CqEP0a/KQg/RB/v7iDtxaD5u9YYRpDf8l2UU+LmNKe7bfkhFH08uWkxSmrsMoG+8NqpJWZxw51pU5YuhZ2GZPmczQoYJsLyClUjd7+R4IpMJrjD0tfYYi4QtAjETNs3h4rIwNOXhFM1KQsJgJ0wVrYcGrLvYCiF6Q5IQUGU97Kj2jQUSk+kFEbk51jsg8HZuPREGB8IJ4X8bJOGptdc5e2i9NHih6k5U1VT7c1Ep7atWxjAY7mHNpfKyzxN7UlX223uE18jUptkGdUrcv4QN4oFmmak6+LWxFN0HQEAgKe3W/L5GUk4t+7KanMAcccr7bsPAs6D+gaJRAQlee6d+SuW2UWCIQEmjNsr0pIuNX5AMnwrpRnGiUoWt11i8EWuDo0cKfiM81l+I86HSAAAAAgACY2EAAAF5EtLmkQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGoi/Ja8QPuA/NAqzf3d5xdWvXJuUR + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZHakNDQXdLZ0F3SUJBZ0lSQU81b3FiTDNqbmE0Tm90MDR0VmJTSU13RFFZSktvWklodmNOQVFFTEJRQXcKUmpFTE1Ba0dBMVVFQmhNQ1EwZ3hEakFNQmdOVkJBb01CVVIxWm5KNU1SVXdFd1lEVlFRTERBeEpibk5wWjJoMApjeUJRVDBNeEVEQU9CZ05WQkFNTUIxSnZiM1FnUTBFd0hoY05NakV3TkRJM01UQXhORFF5V2hjTk1qSXdOREl5Ck1UQXhORFF5V2pCR01Rc3dDUVlEVlFRR0V3SkRTREVPTUF3R0ExVUVDaE1GUkhWbWNua3hGVEFUQmdOVkJBc1QKREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRUF4TUhZMjl1Ym1WamREQ0NBU0l3RFFZSktvWklodmNOQVFFQgpCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNUmFiY2oxME8ra1g3QzdhOFB4Wm1GbzBuRnphYWhjdnBlOXBzY0g1bENGCmNhc1VuYms5QmpyN2xjd09LYUY0ZGF6NVZ2UzM3cmFrZXU4cDlXeG1ZT1YwQjNWYUJWRWQrVGIxQzRsQXlUYVQKeVJRa0Q5clVKVU9INTFvUHY0ZWgyUHpwOGtmVmJwT1NZZy9JN3NCcWNNSVdXYnlxS05XUEpvbFRpejZzZnRIbgpiNlRNUUpTdVFreWNSS0lVdXdQVkozZi81WW9BbGZOYm85SGpNTGx1TnNOU2pmSkFoZk0wV1JYeG9YaHBpRlRtCnB3TllqUjM1WEkwUE1NWkJnQzhNWndMbDJHTjFQYnU1b3ZGTnRtRHhaS01qYXgxcm5qUHc3S2diMXZTbzNnQUgKY0RMVlZaY2NjcDRmcjhSc3JmVTFOR2YzeTVkUldhSmZ2UjZQNFNhR1VzRUNBd0VBQWFPQ0FRRXdnZjR3RGdZRApWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQU1CZ05WCkhSTUJBZjhFQWpBQU1JRytCZ05WSFJFRWdiWXdnYk9DQjJOdmJtNWxZM1NDRVdOdmJtNWxZM1F1WTI5dVpteDEKWlc1MGdoVmpiMjV1WldOMExtTnZibVpzZFdWdWRDNXpkbU9DSTJOdmJtNWxZM1F1WTI5dVpteDFaVzUwTG5OMgpZeTVqYkhWemRHVnlMbXh2WTJGc2doTXFMbU52Ym01bFkzUXVZMjl1Wm14MVpXNTBnaVVxTG1OdmJtNWxZM1F1ClkyOXVabXgxWlc1MExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDEKYzNSbGNpNXNiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWcycEZ2aUlBVFM4bnJwYStyNmZkNmFOTwovNDhvMk9ZZWZtYS9nZ2FhNXVCYStqUGk4dUdZZkd0L0VlRmlUeldsbmtIanhKYVgxYktLK1pMbmJlOUpXdE1PCkNNSWoxbHJDQnVWcUR5SDVtL0dhUjJTOFBneld2YUN6SUZvV0dnUkZZWWx2aVllOFdpOFMwYjEzMDR2VEt3WUsKbkRydUk3QmdsL3ZGMCtDN0RtZzB0QldSZTNPTlRBQ3hKL3dIejFIUDZLS3lLVUY0YVQ1Yk13UEQzV3FGZHZzSgpNVW5ybnZqVFNtSVU4anhTUHJWUnJ5MVBsL2pWT2lNWmpRZC8wTUZJajBXeEcxQll5WmNCM1Y2am1Nd2s3YWJ5CjZMY0tvUS9ScjhwQ0Q5RUgrL3VJTzNGb1BtNzFoaEdrTi95WFpSVDR1WTBwN3R0K1NFVWZUeTVhVEZLYXV3eWcKYjd3MnFrbFpuSERuV2xUbGk2Rm5ZWmsrWnpOQ2hnbXd2SUtWU04zdjVIZ2lrd211TVBTMTloaUxoQzBDTVJNMgp6ZUhpc2pBMDVlRVV6VXBDd21BblRCV3Rod2FzdTlnS0lYcERraEJRWlQzc3FQYU5CUktUNlFVUnVUbldPeUR3CmRtNDlFUVlId2duaGZ4c2s0YW0xMXpsN2FMMDBlS0hxVGxUVlZQdHpVU250cTFiR01CanVZYzJsOHJMUEUzdFMKVmZiYmU0VFh5TlNtMlFaMVN0eS9oQTNpZ1dhWnFUcjR0YkVVM1FkQVFDQXA3ZGI4dmtaU1RpMzdzcHFjd0J4eAp5dnR1dzhDem9QNkJvbEVCQ1Y1N3AzNUs1YlpSWUloQVNhTTJ5dlNraTQxZmtBeWZDdWxHY2FKU2hhM1hXTHdSCmE0T2pSd3ArSXp6V1g0anpvZEk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRREVXbTNJOWREdnBGK3cKdTJ2RDhXWmhhTkp4YzJtb1hMNlh2YWJIQitaUWhYR3JGSjI1UFFZNis1WE1EaW1oZUhXcytWYjB0KzYycEhydgpLZlZzWm1EbGRBZDFXZ1ZSSGZrMjlRdUpRTWsyazhrVUpBL2ExQ1ZEaCtkYUQ3K0hvZGo4NmZKSDFXNlRrbUlQCnlPN0FhbkRDRmxtOHFpalZqeWFKVTRzK3JIN1I1MitrekVDVXJrSk1uRVNpRkxzRDFTZDMvK1dLQUpYelc2UFIKNHpDNWJqYkRVbzN5UUlYek5Ga1Y4YUY0YVloVTVxY0RXSTBkK1Z5TkR6REdRWUF2REdjQzVkaGpkVDI3dWFMeApUYlpnOFdTakkyc2RhNTR6OE95b0c5YjBxTjRBQjNBeTFWV1hISEtlSDYvRWJLMzFOVFJuOTh1WFVWbWlYNzBlCmorRW1obExCQWdNQkFBRUNnZ0VBUUQwWmg5S3NQWXE0WjdpWmhDeDVBMHRvOWdiOVBVRENkaUJzN05hdnlnNHUKWnZ0Q3NyUzlVaFMzS0dCRnpIYjlnTTYrWFNmRDZHc2RjUnQ0R0xQUjVaKzFSUFpqb09zK2VuVm5CY3QxU083RwpyVmt5K3JQSFVUV29RZlcvQXArM3Z0N0hEaXRNbHVrZ1Bldk4rSk9hT2xWWG5IckxDenRmTHpSdTdOMUFUR2xwCmtIU0ZaWFJLN1daNTNrb3NrVEhVUERBbzBiclNuVjFReXYxcFFKcHRYSGVoeEphMWxyVXdEN2ZKS1BkOEptSDcKTFRza2RJbWFPZ1V1dk1YellvWlpETGhPZ3k3WUJSTDdrZk9aWlI4K09OaVhNOFNWTFFZdFpaNEY2NzBxR3I1UApLemxpVGZrT0RQMkFoRG5FK1NLdnFNUTRyL1hhUDh6SzdmZ2hEODhVVlFLQmdRRGZmM0NNSXgvL0ZyR05ka3JZCldsQ3VsQXptNE1GTjhJQ2NVRDJJUkhTcDJ1c20xU2t4TkJvYmlqQ2ZSdEtITTByVjltR0JWS2VnYXEyNzJ0a2QKNStoR1JkZ2pIaGRiL1lTQS9vbTAwUVlUSkcrak5ubmVlNUY4YXRFRlJFNTkzdm1PN09ZTnFmYlkxblk3V1lUegpPTDNIb2tWUFc1blNuTEhYTmVoaFZBYzd1d0tCZ1FEZzZHMi9ZWFBsSVEybDRwWG14dWlMeDJXRlM0TTIzUXNTCnJhcWZRRS83amY4TDhHczZ2NnFWTER6aWhVR0FwampJSGYvTk5zdEl4dXJacDlzK0NQeHIzOTJXa1dzckZ2M08KMzFOaTVmWVloNFFhMnV4dnQza2RwSXJKS3EvRk9WaStRbTREMTNqU0J3c2RwSThNOUZNZVc4c0tOKy8vK2RXbQpFZUdyV3ZROXN3S0JnQ0VDQWs1QUZjYW54RnMvSURpcHhnYXlpT0ZFU21oSFg4YzJOcEE4Zy9wZUFhSy9rcERZCndBNVhMMjBtbVlzc01SNCtnQklJdmFUOGZHSWxKVEc4Z1ZwM2tEOUhmMjJ2bUhVd29vZlk0d3ZLc3M0cENvQ28KUVVsZHdUY0U2bzYrY3A4QUw4M096MDBoQjE4bWpuTVphelhqcWxiWkVYUEFmcWRwSjhQUUZDMW5Bb0dCQUtlOAo4YzBnYzMxYUQ0Rys0aW5DQThIc0xzMGhLbldLbWkyT0ZJaTlRR25PMTM4aUNmZEE1NHBsK2VxL2s4RE5OK0FZCmI2V3Z6aUV6S2dpMjVnNzRTTHB6dGlJTHhxL1diK2tRS25MQ0s2N1RzelVNUGZaOEVmcUhzM0toUVlLSWFLVk4KaWh1WFltYlNGZm8vdHVqa2QvRldhTEh3VWpESk5neXJuWEZkWG5kOUFvR0FVMlMrYTQ1U3JGK2x1azZ1bE16ZQpDQXpYQTlpYTF4cm00ZERrRjFMRUZXdWN1WndvZEhhYWVLMDdDVzNzVHFRRG9aRjA0ZkY4c2dBc0M1SitJYU1mCngxV1ZsQnRiOHpyYlFXeG03dEV1NCtWbHFkZmhCNXZmV3JFT3crWktIOEYrOUpzZHVmNVlPU3pBbktzS3pZNjEKTXBReGtpOEdzSWdIc3F6VGpNT1k0bkE9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EtLmkQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGov70Iu1X2a5v2mcMWU/txGnyBbwK +--- +apiVersion: v1 +kind: Secret +metadata: + name: controlcenter-generated-jks +type: kubernetes.io/tls +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRGl6Q0NBbk1DQVFBd1RERUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhGakFVQmdOVkJBTVREV052Ym5SeWIyeGpaVzUwWlhJd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDdVFDUmV0Z2pyY0RYa3RuSU0vM3RWejVzM2xhTG4KTHAvWXlSMGZCVkZqd2FvMnFsRFNId29uUUJPQWl0VVUycmpjZEV5SEtUZ1Nrby9zaDdnR0ppTzZSOHdDVTJwVgp6T0NOamU1UFB2N0t3cmZsMXh2QmY1TUtzc3N4dFFPSStybjVQUFVxZU9YRDh1QXFSRXpLUTgzVWlOVFkxU3FPCnFWRnV1bjJQamIxQm1DWnpobXRMVTFseUFVRndvWXo4L2xnWVBGZzBlR2hnUzdwaERPb3Bkb3JWOG1zMDJDNzgKVWc2bUVEa0p1VVY1SXdzQyt5citNejVrdldMNmV1WnI1YVZQVVZGN0NiMHdDdDN3TkpOZWlaT1o5NHdYOFJDaQovam1IekIwU0hXUGp2UnhFbXBCUFhqMFgyRXhXdzhXOENrR2o1MzdQV25meUVGSUwvM1FIWDlGN0FnTUJBQUdnCmdma3dnZllHQ1NxR1NJYjNEUUVKRGpHQjZEQ0I1VENCNGdZRFZSMFJCSUhhTUlIWGdnMWpiMjUwY205c1kyVnUKZEdWeWdoZGpiMjUwY205c1kyVnVkR1Z5TG1OdmJtWnNkV1Z1ZElJYlkyOXVkSEp2YkdObGJuUmxjaTVqYjI1bQpiSFZsYm5RdWMzWmpnaWxqYjI1MGNtOXNZMlZ1ZEdWeUxtTnZibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzCmIyTmhiSUlaS2k1amIyNTBjbTlzWTJWdWRHVnlMbU52Ym1ac2RXVnVkSUlyS2k1amIyNTBjbTlzWTJWdWRHVnkKTG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJZEtpNWpiMjVtYkhWbGJuUXVjM1pqTG1OcwpkWE4wWlhJdWJHOWpZV3d3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUJYcUNUQ3owS2tYUzdya1dOK2dxZ1RqCmY3emp1Ujd3dTV1Zjczcko4ZnJ2c0h1OTRUajBQMVR6WkhYbWU2c0lOVXVNOEdhZFpSV1EvejlSSEJ0K3hoN1MKZkdqTmIyT01zOXRneUcrTFhjQno4eXdTaVdiK3c5bld5OW9xa3pSZzRrc2dpUGV3TnNTRGZvb1ZlazNHaVBnZgppT25rRGR0L2piVmdySzhjMkVWWE85UHdMVXdPNXNUcVpFaTNKdm9TTlpub1FuWlBxRS9qY0l2eGJWQjhmbFRzCkQwQjFUUU4vOXRjYjlpOVpTZXBQT0FBNmlZZjV3NE12YWpZRUJsODhjNnZldDdXVFIzRFhFWndzVWlMMnR2WXgKODJjTW4rWXU4RldWSWhsb0hONkxOZFFyRWNUc0ZTNDF5N3JuelBST2oxQlJZWkw5N1FxemFsVENUQ0lIM0pBPQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K + jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk + keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EtLheAAABQAwggT8MA4GCisGAQQBKgIRAQEFAASCBOiTZtkqHXnlkp0RFUJuhZVEdAuzrThfEE+7q+s+B79Pzvj2IXKtecntE44mxdcJgSwV95iKuQC7Js+Jku5hpWdS285ADZ2i8s/DdYaBy+aeZijQ4sXfx9dfzBD5cUXJUj2ZfzuPnMedm7teAWhdxt1Xqqe2MNHwqiANkjQ16OOuoNcnpJpxZFnzlHktMENLkLmErGjs3F/nwC1n7fxh0cb3AiI1LvZfbc99bfY80sBi641Fc8b10Gg+wp+TrlavC4WJEhFEAy+semupK1OakM9agOKiZY0MzEWfE5hZw7fYaGctyySa7BFu9kCl6KsGu9NENTEn/5kW6FLp42PbOOfMhJ3ptMIJ7do0gKKfrTu6xaZKHOwLC8oWjQjhNT+ylvs+74cdGCfl53cQF5ImyU9/Cx3XWtauzDQGn5ghwHn3Fk6FhIfhhgSQ3yitfOxpnkeZexkdd4pVRWHIFc/W7U0SDv7qNibih4I0IZFZod9iqDi+SW2krsNSyP1R8dmUKwpUGs5mJjqiq7s9mj8Y2LLs3PR0fm/I1M8IjyvA/Em74HxuWYLEiggqc7921CmLL+2G+gZk9Fji2YDR4llaUtTUHLpyeuIqGXH0UJM2C/5ZlQx2yfC6RJHb5SOT60mrIeeygxaLl/HQ8pcfCYiyb1qtG6mpkYY54PRaJtx1dKAW3qo1B8o3nmkuAQCH8dWBGs5n6IGqv4W7oejfQKI5rDlTJLiBgQ1HZ+JGkdWRazdMPn4CQ2gVKJ0cK25cZdCgTWG7+gWAwL+X1kPpEIG2AvK4cstU/6CbF57HjQhwFSGDxV2mQtVIY79BrLDtOw3pxqJuT5ZLArM8CMAUYZOwggHB5OnroCrNyZYTw6hJctYiG3+Qb1Ux87sm8HYgiq93qQorNZfj/rEyd0L5oTOHbTgET4FfwJ2IxBRHHm2ezOOazc57g7PFTFhDZ8EO2s0H/QFSEpvB0lAaobIMhtclAV4KjUZqJvMujlk+svYfRh4U3umJLpgpqaTWXv8TMq6PZVp/wh+nD6c5fttednxaM4MST4z27T/dwszK8k1MB04S+B3UUv2WphOe59Kf9m8VLM1E2jgnOgjGBPNhb3ym1ScGP83pcQc/5R+PPPg6fLzyAUTi1GwOjmPqLOpqKUuG1H7lLbeK0RC8eP6X1hZEt/INxiEs7S0zb6M+tPcZAQ7De5M2D5vg4x6LCWWIZLmsWDCwgTyKaYTJNr87mAhQwmD94M1QVd6e6I6+28oHxMX2z0XspGmfGs0ZH/u40GcD+GDvvEhiaB5p+YW6I/h2/AvQbsyWBzqWAIdDci7dqibeY+8hCUhquUnWpZn6bG7RkjgC9KATBM+wcE8ai29ux5/mNkLdR+P8ffl7wqmatV3qMSkvMdmXvaeFutKLVaWySYdOshooZTh/Maf11J2jjxtneksaWFAa3/eXUOiFdg0J2TpVdAMvC1kVcovrGwPwW0yNRqv50SB6QN2bhwowvowKrq7Z36ApxJZT5OzN91OfoTmOo5fcYSIIwEDmj9EOAAZTVk/lp6t8qy8MxxerXEUv+XEJMxIAra5PCkuusF/d/dUqRXWMVvDcSUFS1TKidwBGZ8a8r3eM0EKO8smYqeDAC91pExwsijc2Drk7JVrBlWBvn2nRAvqZlNsxlL+Noau9vl4hiPOT1wAAAAEABFg1MDkAAAVIMIIFRDCCAyygAwIBAgIQe6p780NWXWQRaDGqpdbG2zANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MjcxMDE0NDBaFw0yMjA0MjIxMDE0NDBaMEwxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKEwVEdWZyeTEVMBMGA1UECxMMSW5zaWdodHMgUE9DMRYwFAYDVQQDEw1jb250cm9sY2VudGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkAkXrYI63A15LZyDP97Vc+bN5Wi5y6f2MkdHwVRY8GqNqpQ0h8KJ0ATgIrVFNq43HRMhyk4EpKP7Ie4BiYjukfMAlNqVczgjY3uTz7+ysK35dcbwX+TCrLLMbUDiPq5+Tz1Knjlw/LgKkRMykPN1IjU2NUqjqlRbrp9j429QZgmc4ZrS1NZcgFBcKGM/P5YGDxYNHhoYEu6YQzqKXaK1fJrNNgu/FIOphA5CblFeSMLAvsq/jM+ZL1i+nrma+WlT1FRewm9MArd8DSTXomTmfeMF/EQov45h8wdEh1j470cRJqQT149F9hMVsPFvApBo+d+z1p38hBSC/90B1/RewIDAQABo4IBJjCCASIwDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMIHiBgNVHREEgdowgdeCDWNvbnRyb2xjZW50ZXKCF2NvbnRyb2xjZW50ZXIuY29uZmx1ZW50ghtjb250cm9sY2VudGVyLmNvbmZsdWVudC5zdmOCKWNvbnRyb2xjZW50ZXIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsghkqLmNvbnRyb2xjZW50ZXIuY29uZmx1ZW50gisqLmNvbnRyb2xjZW50ZXIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2Fsgh0qLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAt74y12o0HShVLd+8HrcR3RRdA5U4JvD7MaoYGEZ/dqGpPzmlMAzp5VsLgfvuHkZlQozi8Je+xzj8N+67N47G5liPFfH1ezh8/K9M+42sOR8YHjwuldOwIyLPQO5fBrpafyte7ojac2R10jWhv/4E3r86k3a+OijnJ+QpOHRKEu/JFanLuXigWnJ685G06otcRXmLxKNBQLg/7TJcUwImVic3kxC8x77hmWQDKuUIAeYBlofeM/iHVXadVaYNPUw10lBcljOl4vaiiFS0O4XI8A9XdTatm8FQOvNGLOPSlBtmg5mIOCm16n6o8LY4rh96WcuU5S01YsE4D2dDfqz+knD2RMKjO4Iksc/nwQS2eHHV5AhLXEKzLR8N8bbORftXFz72xcYWytyPEz8WC2nX6L5xT6mq8wtAJmHXM4w9Dbt6tSrSAWovozlQibAMdmFsw3ERZUypfPkso5g88VAtbQApT8merCyXy+eVIK2NUMgLT18qfZXw7h5nxqwDncdKxvDns4MUIMwV9OHGHa0GPzzxJ6k7DO7/gQxt+h/ldwqOEIr3msn+IQ2D1WteYzYLNTUttoHz418q9ynJ69w0czEVVdauUD35kpA8WZeqEfqqjpXyhSx5oBt3S0WfKLc7HuoMDsV+92oDNb2VTxpC8ZAw5ot9+ECJRRXGOfs5mXkAAAACAAJjYQAAAXkS0uF4AARYNTA5AAAFDDCCBQgwggLwAgkAwCk1qRAIiMUwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDE5MjExNTUyWhcNMjQwMjA3MjExNTUyWjBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALrJQmV40plWUHCZwtWRl0mRqY8RifLa6YrhemNh4GlpLT7D97hNxlc477QCZ8+9HKW+KTmRCt7t1vjbkC8Pl5Q4uVx8g7knCyMhr9SdWJnkkVQEOIwl4QYqjUKsvtWGgCaZdiJ7CtRcJVoguGaB8H8gbFeuTx/L4gNh3KzwWoS0rHAYGCeJDKQRY13OnhMmVhTunmDf9xm/Cpk91YYAXQ8X65V66ScA4wLlllmmdYMbDW3uHdgTF0XIwBsE8zm7QahAq6myjbcylSzZAqOVTtknSFpovcfaA/nqabjzrzKK5zXd9m/ClsTy7nD9WXIYa3MBjlkmBJITayw4aV/rSlBTOHehBnRL+MgOICMeCTeDLwWuqJzOR1Jlxpr69DpAZ27Iv2ZO+3P45g5C+d5/4xtVeQUd5C57dOIeMYcoiuiEzZjUeRzUnZc4Sk/6nZ3qiGKAFSELxwv8FANwfgd7rq4ba/WunC2L8mvVgQDSYEAy3Elw2uswZb2j8+17UTmjCpGOFOhQp9K+2tdq9eeAmFsI8ZGDeK+3m8cPcIFWtBpERbDBlRGf7wogeKtyx77QLuJkWAW9bKzGdeX1E59A0J+US+uRcE6bdQUX4lB4V7jVkQ83asqEXIoT9uWE1j3MluAGRhbLUwmR6Cv7EkuvvxO81Zb7d2Sq6cl4TTSN0Bt7AgMBAAEwDQYJKoZIhvcNAQELBQADggIBAHjqFcAFwJKPlw3UXj6LrzXR0RhTRKuux/9BfcggprOXe4jFtV+XWt+7pGHt0wljGBT+idhxgXWy/CGaZ66OLNiDx9hM9FYGmPeTeogZGRHQpT7IRinK5RJIHggOYAPiCtvKZfTlybX9lOAxi9CwBg7p/O/sDy7g0VZKeEnRM1WBkccuWNCIrqGIqc6Y9QCexPYN7pcBpFp7djaf+6WjcAJhA94PyByHcsN38lWxyYD47BbEZ7iyYIcCrPeVj/dn2oCWJ7qI+kU6OG6Os+s9cGL0M8s8U9ZqYE4ZtBcqkjnsrifn/rXLSW53OmnzLXpaAyiQXwDzQze3LkPGoGo+0XKpCip3TjzqsWfxuk8qkdTA0IOZgZW1le3o6AQEMIZ6Oq/HzUXo1VZpBGexfgSxklidsTxsBnBB7qA77QI0qFZaxC0kVYzilDBcIk/YO1gK5XZF1mGcO5834n76NyoS42JjlmSoc5OPvDZ8mrJSOYwk3r9MARASeV8I/JnvP8StzLv1UI8yBjuWx03E31zgmXHUE0COuXwPMg4nVu2T9g5+MjJOJqyIxsbt6o/XWsSob7wgDoW8ck2Xwm3ItW1hFOaHIU7u3LAV+DJWJYWKc4rbH8p3chWi/Vo1/LqeMvdD8Tjt0gpbdJZbX8vzVxwmWY+enJiqehXLXJT6IqbUyEaiPXVyKsVc0eiKICOAM4IvZH974W0= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZSRENDQXl5Z0F3SUJBZ0lRZTZwNzgwTldYV1FSYURHcXBkYkcyekFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjeE1ERTBOREJhRncweU1qQTBNakl4Ck1ERTBOREJhTUV3eEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1SWXdGQVlEVlFRREV3MWpiMjUwY205c1kyVnVkR1Z5TUlJQklqQU5CZ2txaGtpRwo5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBcmtBa1hyWUk2M0ExNUxaeURQOTdWYytiTjVXaTV5NmYyTWtkCkh3VlJZOEdxTnFwUTBoOEtKMEFUZ0lyVkZOcTQzSFJNaHlrNEVwS1A3SWU0QmlZanVrZk1BbE5xVmN6Z2pZM3UKVHo3K3lzSzM1ZGNid1grVENyTExNYlVEaVBxNStUejFLbmpsdy9MZ0trUk15a1BOMUlqVTJOVXFqcWxSYnJwOQpqNDI5UVpnbWM0WnJTMU5aY2dGQmNLR00vUDVZR0R4WU5IaG9ZRXU2WVF6cUtYYUsxZkpyTk5ndS9GSU9waEE1CkNibEZlU01MQXZzcS9qTStaTDFpK25ybWErV2xUMUZSZXdtOU1BcmQ4RFNUWG9tVG1mZU1GL0VRb3Y0NWg4d2QKRWgxajQ3MGNSSnFRVDE0OUY5aE1Wc1BGdkFwQm8rZCt6MXAzOGhCU0MvOTBCMS9SZXdJREFRQUJvNElCSmpDQwpBU0l3RGdZRFZSMFBBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNECkFqQU1CZ05WSFJNQkFmOEVBakFBTUlIaUJnTlZIUkVFZ2Rvd2dkZUNEV052Ym5SeWIyeGpaVzUwWlhLQ0YyTnYKYm5SeWIyeGpaVzUwWlhJdVkyOXVabXgxWlc1MGdodGpiMjUwY205c1kyVnVkR1Z5TG1OdmJtWnNkV1Z1ZEM1egpkbU9DS1dOdmJuUnliMnhqWlc1MFpYSXVZMjl1Wm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNnaGtxCkxtTnZiblJ5YjJ4alpXNTBaWEl1WTI5dVpteDFaVzUwZ2lzcUxtTnZiblJ5YjJ4alpXNTBaWEl1WTI5dVpteDEKWlc1MExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDFjM1JsY2k1cwpiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQXQ3NHkxMm8wSFNoVkxkKzhIcmNSM1JSZEE1VTRKdkQ3Ck1hb1lHRVovZHFHcFB6bWxNQXpwNVZzTGdmdnVIa1psUW96aThKZSt4emo4Tis2N040N0c1bGlQRmZIMWV6aDgKL0s5TSs0MnNPUjhZSGp3dWxkT3dJeUxQUU81ZkJycGFmeXRlN29qYWMyUjEwaldodi80RTNyODZrM2ErT2lqbgpKK1FwT0hSS0V1L0pGYW5MdVhpZ1duSjY4NUcwNm90Y1JYbUx4S05CUUxnLzdUSmNVd0ltVmljM2t4Qzh4NzdoCm1XUURLdVVJQWVZQmxvZmVNL2lIVlhhZFZhWU5QVXcxMGxCY2xqT2w0dmFpaUZTME80WEk4QTlYZFRhdG04RlEKT3ZOR0xPUFNsQnRtZzVtSU9DbTE2bjZvOExZNHJoOTZXY3VVNVMwMVlzRTREMmREZnF6K2tuRDJSTUtqTzRJawpzYy9ud1FTMmVISFY1QWhMWEVLekxSOE44YmJPUmZ0WEZ6NzJ4Y1lXeXR5UEV6OFdDMm5YNkw1eFQ2bXE4d3RBCkptSFhNNHc5RGJ0NnRTclNBV292b3psUWliQU1kbUZzdzNFUlpVeXBmUGtzbzVnODhWQXRiUUFwVDhtZXJDeVgKeStlVklLMk5VTWdMVDE4cWZaWHc3aDVueHF3RG5jZEt4dkRuczRNVUlNd1Y5T0hHSGEwR1B6enhKNms3RE83LwpnUXh0K2gvbGR3cU9FSXIzbXNuK0lRMkQxV3RlWXpZTE5UVXR0b0h6NDE4cTl5bko2OXcwY3pFVlZkYXVVRDM1CmtwQThXWmVxRWZxcWpwWHloU3g1b0J0M1MwV2ZLTGM3SHVvTURzVis5Mm9ETmIyVlR4cEM4WkF3NW90OStFQ0oKUlJYR09mczVtWGs9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ3VRQ1JldGdqcmNEWGsKdG5JTS8zdFZ6NXMzbGFMbkxwL1l5UjBmQlZGandhbzJxbERTSHdvblFCT0FpdFVVMnJqY2RFeUhLVGdTa28vcwpoN2dHSmlPNlI4d0NVMnBWek9DTmplNVBQdjdLd3JmbDF4dkJmNU1Lc3NzeHRRT0krcm41UFBVcWVPWEQ4dUFxClJFektRODNVaU5UWTFTcU9xVkZ1dW4yUGpiMUJtQ1p6aG10TFUxbHlBVUZ3b1l6OC9sZ1lQRmcwZUdoZ1M3cGgKRE9vcGRvclY4bXMwMkM3OFVnNm1FRGtKdVVWNUl3c0MreXIrTXo1a3ZXTDZldVpyNWFWUFVWRjdDYjB3Q3QzdwpOSk5laVpPWjk0d1g4UkNpL2ptSHpCMFNIV1BqdlJ4RW1wQlBYajBYMkV4V3c4VzhDa0dqNTM3UFduZnlFRklMCi8zUUhYOUY3QWdNQkFBRUNnZ0VBZldHd0NlcG9McWsyVGxVdGFjYm53MDQ0UE4zU014RXNlYnYwMVY1cE95T2UKUytsdmNGSmZadkRIVjZZT1B3eEhHbklnb3R6NCtQdzJ6WmEyeHMzb3hXQm1Ib0pSTUYzVWNtYmZSR3hxd0JFdQpiQmJGWlExY0M4V3RTaDRhNWhTcmZ2anEzRjNUenBSVDBuWUUzMEc4dUtLZ3JVbHRidXZNcWFWTk5kOWlmL0JBCk8ySWYrOFZORWw2TmZvQng1N3VHanFkVGVKak5lRGFuKzhZU0phRGdqZ1hOdGNtOCtEZHB4T042ZURFYldqZE4KWE5XS0FFSm0xaG9qNjZwVUNrYUlEcVFEY0ZLSTBJYXhUcVZPbXhkT1Bybk9Jb2VmVzU3U3NHUE91Vzl6NXBHVAo4MjZ6Tk9pQTZtN1E2S29ETHJxbENDUHNMSVZ5OEhTN0pEL3MybCtrR1FLQmdRRFJGb3NacVUrb3E4aE9ySTBrCmZPSFN4dHJCd1BSSkJscDZoN0M1bTVlZmZRbkM2Vk1TVTBMQnRIUzZ3UWJnczNMOFIvUlU3ejlWZ01HWmN3QjIKV0YzdlJYeU1PaU1nQ0hzVWxSbU5laWw5cG9jeGNQYmxpRFhsYnNveGVieVh2eCt1RTI3bVV6VXhuSkJEVGtkeQpJZ09BUUFhUUUxV3llNndTT1hxajRqTkpYd0tCZ1FEVldLQkFPVUxjQS9iOW0xRHVKMGVZZ2QyR0RwcytLaGFDCndWRHo1cmRobkl4VDlST21CeDdPRUN0anBFN2JIdm1hSWZ6TFJHMnZhMzBpMlNhOWR0VnhSYjg5Ym9OQWlvQisKc0NSMDZXaC9sUGdFZHYweXZHdWE1YldTSDdtUXR4Z2pLdkM2RW9HZXZCVytBRFo0b2M1K2Mwa1VlT0Q3cHVvMQpuemtQajdXQlpRS0JnQXh2cE5KZjZhY0VvS05kUy8vUmxiVHRzdkUzUXRCZEdtQ1RWWVdVcFk0TTU5bTUrd0RxCkJ0eHltVWJLV0ZoaEZBUEJXOXo1WmZEMStZM2c4elFXeVcrRDJJYVdwcVF2SFBMNmMweWc2WHJadnN6SUJVZGQKdEtieTBmL2pWNzVHMWVHS3NsdnNzd3RDWHFwQ0s2bTBNRFVlbWNWVUFSTGVuRHR4UThRZm5pRk5Bb0dBSUdxMAovczAwa1lXd3M5d3pzZHdhRHR3OHNxL3Blc3FlWFFQT3J5Q3hZSTJPN1ByaUgyb1pqaW42emNzYmlFUHVuVExvCjNHSHJZS291ZTJzUGJkNXVsQ1dLNTJTeFlNOHFzeFZFbE5jYVg3aGM3eUM5WEVZdyszcEgyb29qZ2crd0JUZnoKRi9MVDZ6Q2RCUiszSnlFKzVRdlRZTjcxSUllK01xT2M0Zlp1RjlrQ2dZQmVVckIwTWlCSHRYTWllTS9uZXVmYwpqYjl5OGRiSUhDTmtuVVRRalZFZDJvSmJvM0FzRklLY1pxc1crSENQN0xuem5aNGpDM2JWakZqQ0laOG1jTUx1Cm9PNnVDV3piUmdYK05XRXhaYW9pRTFUZUlTdU40QkdiczBORzQ4VjFHSVo0V21mN3ZGbUVNU3F6WTJ6YWgweHAKWnBwTGdweldmK0pwdDEwZW9BeUNjQT09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EtLheQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGogKOqbvH8v+lhm8jipCdQ4N7IngA +--- +apiVersion: v1 +kind: Secret +metadata: + name: kafka-generated-jks +type: kubernetes.io/tls +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRFV6Q0NBanNDQVFBd1JERUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhEakFNQmdOVkJBTVRCV3RoWm10aE1JSUJJakFOQmdrcWhraUc5dzBCCkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQWxnaUVnQUszSDY4MXBuaGtmaTV6YURGSC9jTVdOODd1TVowQ3dBQ1YKOEsxcnl2YTQ1cG9heWlyeDBrSTFxKyt5VWk0dkRvemQwY2NsdXJ6aVNyU2c0SHFTSUxsSW9UZ0p6aHBkdkVMOQpnMkpRVkxUeGZGSTNneTZyMG9uQlU4TTRTSlI5R3JONUhzUDNxYVYzRzdHOEJnS0FDbzNuK283QThtRnpLUzhICjJubExMbHNzalRuY0tCZHlWNzF3NFpwa2I4V0h6VnJyWUhMd1VMSzhwekVOWjYwdnhMalorQnp1R2I5MDNYVkoKdmVpQkw4M2JVRUp1VjZNSzc1S1hHTUkyKzJEajYrQTVUaEpGdSt6M3FDbGZLOFJpWUhsSjdQV1g3d0pwOVp4Twp5TmlPUThYTzM1RmZ3N09IQklETmNWWWNkNHVIN3pTcUxDdnczeHBtekVJU1RRSURBUUFCb0lISk1JSEdCZ2txCmhraUc5dzBCQ1E0eGdiZ3dnYlV3Z2JJR0ExVWRFUVNCcWpDQnA0SUZhMkZtYTJHQ0QydGhabXRoTG1OdmJtWnMKZFdWdWRJSVRhMkZtYTJFdVkyOXVabXgxWlc1MExuTjJZNEloYTJGbWEyRXVZMjl1Wm14MVpXNTBMbk4yWXk1agpiSFZ6ZEdWeUxteHZZMkZzZ2hFcUxtdGhabXRoTG1OdmJtWnNkV1Z1ZElJaktpNXJZV1pyWVM1amIyNW1iSFZsCmJuUXVjM1pqTG1Oc2RYTjBaWEl1Ykc5allXeUNIU291WTI5dVpteDFaVzUwTG5OMll5NWpiSFZ6ZEdWeUxteHYKWTJGc01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQjJ2UEhDY3RrRFVORlpiUi8wcTRGM055QXc5WEVOaThBMApwQWNjamtmc2k1bnRWY3VBVGwvWmoyMlhIc3RxdjB5Nm1MMC9TdjZmK0dRdFUzOEdCVnhXS25tOVhlb0FVSjJQCllhRFdHc3Z5aDQ5a3NYZkhVbnhxTDJOZEdKRWpqdlJTNG5xMHVwQTNtUU4remdpd0VHQ3FEanhZK1BxUUZ5YkwKWHJGbVJBUUR2SzNLcFlmZENOOFZ3bzhwbUo0a3JiOUJXRTFNNmNiQUZUUFRMT2E0VTBaOUdvcVRMdlBiT2dqcwpBUHhwejZSeHJXR3VnKzQwb1VLL2IrK3N6Rjk5Vm9ZM0s1SDcwTEhVOTVSaFBVbTRFakR0eTVDVkxEVnAydTZJClk1SERReDZzVmhlQ0xpcUdydUtka1lGQkU2NUJKOTRFdERnTHhHNi82bk52SVpBa1NidGcKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== + jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk + keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5ErDMNQAABQIwggT+MA4GCisGAQQBKgIRAQEFAASCBOoBANW4I6IZvIFa4JaoHzuQDlcZg91sQNAv9fhhDGtSf/AddlKCI0dgPljcjVPQFGXpe4vTMoec3twlAisp4gDZVpJAKaV3UMmANK/f8f6Nit2CHVebzNk+G4t3m0QA+4p0hvv36DeMknzyjp+iWvuJAAWPNQWRYCY+Ph7jjXXyjwIynY4e2GgM0Jb831kJds47USnHWAoyVNs+eEmu7HpbU4RlfgxNA/07J52r0x8hzPucAnjOujaAveJaDiKmnqdJT0j5iKGIisKdtc2RQOrTJRLr6tHqu0kHuP8c77M3LkFaNMTex9MoGh/SmCccHOmR20DAUCm7Xn6KQVXqBeGQTZZfBUbMA4VXJFXQF3YmncwERupjT50nUpFlL+hMAWww4Tl9UolaVp+GrR+j6l+yfaCDkbBFRUDXZOO/+IedN7agBn+YvpK5VV6Ak6Vuw/wXxBQQdrhxX+h8c5Ka4h/ELblCYf0A4rsZaAzpOVSbet0nBWD2uE6ERsdHjpzWyOtr2nyfI6dRrmGRYlcdENy+XSaaRpvhaiRUf5DUwSG8w7On/FDJrbvRuiyJRCJh5U25+wUUD3veDcEMqbIZ0cC1ISvg4bS0BMoYvVga2m4xlktEu5cuMut1rdRmHwDyofcg7geULxrZfvtKDx/OXcuSr/ag9oXhN4z+jzbE0+tKWiVmghgm7uDTaIjl5LnuxauIBuPl0kk2+tGqBrKcIyMbboZHfH0Zz4w6cZ93ediXfJJ9+mKGIFV0S5CCzzbaSr+t9PKtdnaLdkWLY3dyr50o0zyeizX8XoswTZ+fKd8ZZOnxDXm6NVkxIJUJZOyJtV8siJm2eqih3k0ujkzutlZYUAGkGG6BIQHjjyENXUiNhlRUsMYDniDSqrRT8vDrhgRqQk1U14cYb53WbGMwCJd6zicD1TiTzmiwriH5egYdEg7/uNbMdFZ3u1WvpPO3av1fDkL7CUWosIDY3RXFyK2tafAI4uGSnHZ+NV9kZ9RA5KcL3HXs1ZQNRFRq83WxCsAS54AbEJHyt1TZvmooD53J9mVQZDChW37pB/M64zXMSVeujB+vSvupVUQVQ1i3AsPbrujp397H3ShUdBUg5mcTSV8i9noxoYq3TRO2d+5GnmqhOM0h9lRWIA7pn7TBOyQQfx+NPmi1BwMqKCCT4UXS11FLmAZiak7nJVKgYrDjD2y+KU2o7cTbyDXfj8c687rk8haPy6Pfly+bwzs06lWYxxVEFDWjQkjwAtSMU3P8yc+TCi+cO487z5UaSBWoadFFQuSliKx5jaqTRNL9+0Riun9TYY7+CLXlAvLSct/QOE4ivONmAObOlMq9Oq3bqWmtlJ0VoX1X7eJV6dVRyugGiLaC5qrtBq3XWScGlKqTRRtQ1VJx71uz3YKi4JUqVbJmUpabtWTStxaolWJqiqYxqu8FEFbPOn5ft8koOWDP9oVJgXQ8oJiW5hXJ7OF3pxPlg1LXTJGanU1Bcy7gYt7pzQhYAMb2EEDGBl5i8v5Q52nIGhZowPybCp2+GIGj64MQfnUrg8NAAHejmgrm+TCcWtZhNsqA4/UZejLsq+LTWUsjrVVRCHSZTPUDtGOdTJdtDQW2ewfNQW3tDZEYBgTZy5rYrBM/ONzFQ+FtEWIw0AfSeBwyvuAHSjLK+qa81s2LMy72ZNnbbWcHAAAAAQAEWDUwOQAABQ8wggULMIIC86ADAgECAhEAw0UgqDhhKhtWERN8lkh/mTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MjcwOTM3MjdaFw0yMjA0MjIwOTM3MjdaMEQxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKEwVEdWZyeTEVMBMGA1UECxMMSW5zaWdodHMgUE9DMQ4wDAYDVQQDEwVrYWZrYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYIhIACtx+vNaZ4ZH4uc2gxR/3DFjfO7jGdAsAAlfCta8r2uOaaGsoq8dJCNavvslIuLw6M3dHHJbq84kq0oOB6kiC5SKE4Cc4aXbxC/YNiUFS08XxSN4Muq9KJwVPDOEiUfRqzeR7D96mldxuxvAYCgAqN5/qOwPJhcykvB9p5Sy5bLI053CgXcle9cOGaZG/Fh81a62By8FCyvKcxDWetL8S42fgc7hm/dN11Sb3ogS/N21BCblejCu+SlxjCNvtg4+vgOU4SRbvs96gpXyvEYmB5Sez1l+8CafWcTsjYjkPFzt+RX8OzhwSAzXFWHHeLh+80qiwr8N8aZsxCEk0CAwEAAaOB9TCB8jAOBgNVHQ8BAf8EBAMCAqQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwgbIGA1UdEQSBqjCBp4IFa2Fma2GCD2thZmthLmNvbmZsdWVudIITa2Fma2EuY29uZmx1ZW50LnN2Y4Iha2Fma2EuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsghEqLmthZmthLmNvbmZsdWVudIIjKi5rYWZrYS5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCHSouY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsMA0GCSqGSIb3DQEBCwUAA4ICAQBi/cIE48RiWD1DkdnskBFIrurORqWn6WsURj1GEduOWnJaTNmmdhZTNK9Rdw3N8p+bRw9O8P+qhZZuJiUMnt2mC7RvKKReQEfWIQA95/G9jxiz+Njo/z3Pxo0xmmC8Q2393jpq4cn26myETtrrlvureqaaBLNeOwP/xfI0/TccXa4yQHkLma9FDhgzK5fFDXo6BGhOjh7m+Yp4drul53zJQD+7Su2WxdxGpdhDH15T7k34RCJqJEHp4flukSkmJfoXwIL6Wq1PWNDJcVROnZ3ScoLS/VaoV2HyjdYkqrv8dnY6VgvycsAGhb3iiVcKBrIomMYwzB4SmGGqL7i1z1vJxVUfsVzbzfA4IGuL8HY6QMa96Qexj2IxwPwmXfjpCAw4y63k7TlfEZtf4PXc+FfLUSpR+XvfpZFd5ON8VtucH/4AWD2D+XxGrESudfLfzb8uTUE6KlVBgV23rsBJaOXX/SF345UxCRT6/tiZp3WZ7YyJsix3v8qJIyqRj72eAb1Ju5Ii8A6MV1HX4UsnALCAbr+v24l2InZSzZu47K5RD8EjyGcBVrXXDf9WhrMGflX+ht505EVFCDazYEKovUTItssh7Ta+x8Myf7O3sthJJYY6rPUgoJRgKWkEOibCFz5XiK3K62Bg1N95Tnxkp1yTrIIwUCh55sGbob5Z8ispIgAAAAIAAmNhAAABeRKwzDUABFg1MDkAAAUMMIIFCDCCAvACCQDAKTWpEAiIxTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yNDAyMDcyMTE1NTJaMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuslCZXjSmVZQcJnC1ZGXSZGpjxGJ8trpiuF6Y2HgaWktPsP3uE3GVzjvtAJnz70cpb4pOZEK3u3W+NuQLw+XlDi5XHyDuScLIyGv1J1YmeSRVAQ4jCXhBiqNQqy+1YaAJpl2InsK1FwlWiC4ZoHwfyBsV65PH8viA2HcrPBahLSscBgYJ4kMpBFjXc6eEyZWFO6eYN/3Gb8KmT3VhgBdDxfrlXrpJwDjAuWWWaZ1gxsNbe4d2BMXRcjAGwTzObtBqECrqbKNtzKVLNkCo5VO2SdIWmi9x9oD+eppuPOvMornNd32b8KWxPLucP1ZchhrcwGOWSYEkhNrLDhpX+tKUFM4d6EGdEv4yA4gIx4JN4MvBa6onM5HUmXGmvr0OkBnbsi/Zk77c/jmDkL53n/jG1V5BR3kLnt04h4xhyiK6ITNmNR5HNSdlzhKT/qdneqIYoAVIQvHC/wUA3B+B3uurhtr9a6cLYvya9WBANJgQDLcSXDa6zBlvaPz7XtROaMKkY4U6FCn0r7a12r154CYWwjxkYN4r7ebxw9wgVa0GkRFsMGVEZ/vCiB4q3LHvtAu4mRYBb1srMZ15fUTn0DQn5RL65FwTpt1BRfiUHhXuNWRDzdqyoRcihP25YTWPcyW4AZGFstTCZHoK/sSS6+/E7zVlvt3ZKrpyXhNNI3QG3sCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAeOoVwAXAko+XDdRePouvNdHRGFNEq67H/0F9yCCms5d7iMW1X5da37ukYe3TCWMYFP6J2HGBdbL8IZpnro4s2IPH2Ez0VgaY95N6iBkZEdClPshGKcrlEkgeCA5gA+IK28pl9OXJtf2U4DGL0LAGDun87+wPLuDRVkp4SdEzVYGRxy5Y0IiuoYipzpj1AJ7E9g3ulwGkWnt2Np/7paNwAmED3g/IHIdyw3fyVbHJgPjsFsRnuLJghwKs95WP92fagJYnuoj6RTo4bo6z6z1wYvQzyzxT1mpgThm0FyqSOeyuJ+f+tctJbnc6afMteloDKJBfAPNDN7cuQ8agaj7RcqkKKndOPOqxZ/G6TyqR1MDQg5mBlbWV7ejoBAQwhno6r8fNRejVVmkEZ7F+BLGSWJ2xPGwGcEHuoDvtAjSoVlrELSRVjOKUMFwiT9g7WArldkXWYZw7nzfifvo3KhLjYmOWZKhzk4+8NnyaslI5jCTev0wBEBJ5Xwj8me8/xK3Mu/VQjzIGO5bHTcTfXOCZcdQTQI65fA8yDidW7ZP2Dn4yMk4mrIjGxu3qj9daxKhvvCAOhbxyTZfCbci1bWEU5ochTu7csBX4MlYlhYpzitsfyndyFaL9WjX8up4y90PxOO3SClt0lltfy/NXHCZZj56cmKp6FctclPoiptTIRqJVPK9nxNuoZ39mkA+Xi/FSlKVL/Q== + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDekNDQXZPZ0F3SUJBZ0lSQU1ORklLZzRZU29iVmhFVGZKWklmNWt3RFFZSktvWklodmNOQVFFTEJRQXcKUmpFTE1Ba0dBMVVFQmhNQ1EwZ3hEakFNQmdOVkJBb01CVVIxWm5KNU1SVXdFd1lEVlFRTERBeEpibk5wWjJoMApjeUJRVDBNeEVEQU9CZ05WQkFNTUIxSnZiM1FnUTBFd0hoY05NakV3TkRJM01Ea3pOekkzV2hjTk1qSXdOREl5Ck1Ea3pOekkzV2pCRU1Rc3dDUVlEVlFRR0V3SkRTREVPTUF3R0ExVUVDaE1GUkhWbWNua3hGVEFUQmdOVkJBc1QKREVsdWMybG5hSFJ6SUZCUFF6RU9NQXdHQTFVRUF4TUZhMkZtYTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQpBNElCRHdBd2dnRUtBb0lCQVFDV0NJU0FBcmNmcnpXbWVHUitMbk5vTVVmOXd4WTN6dTR4blFMQUFKWHdyV3ZLCjlyam1taHJLS3ZIU1FqV3I3N0pTTGk4T2pOM1J4eVc2dk9KS3RLRGdlcElndVVpaE9Bbk9HbDI4UXYyRFlsQlUKdFBGOFVqZURMcXZTaWNGVHd6aElsSDBhczNrZXcvZXBwWGNic2J3R0FvQUtqZWY2anNEeVlYTXBMd2ZhZVVzdQpXeXlOT2R3b0YzSlh2WERobW1SdnhZZk5XdXRnY3ZCUXNyeW5NUTFuclMvRXVObjRITzRadjNUZGRVbTk2SUV2CnpkdFFRbTVYb3dydmtwY1l3amI3WU9QcjREbE9Fa1c3N1Blb0tWOHJ4R0pnZVVuczlaZnZBbW4xbkU3STJJNUQKeGM3ZmtWL0RzNGNFZ00xeFZoeDNpNGZ2Tktvc0svRGZHbWJNUWhKTkFnTUJBQUdqZ2ZVd2dmSXdEZ1lEVlIwUApBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CCkFmOEVBakFBTUlHeUJnTlZIUkVFZ2Fvd2dhZUNCV3RoWm10aGdnOXJZV1pyWVM1amIyNW1iSFZsYm5TQ0UydGgKWm10aExtTnZibVpzZFdWdWRDNXpkbU9DSVd0aFptdGhMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDFjM1JsY2k1cwpiMk5oYklJUktpNXJZV1pyWVM1amIyNW1iSFZsYm5TQ0l5b3VhMkZtYTJFdVkyOXVabXgxWlc1MExuTjJZeTVqCmJIVnpkR1Z5TG14dlkyRnNnaDBxTG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYkRBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FnRUFZdjNDQk9QRVlsZzlRNUhaN0pBUlNLN3F6a2FscCtsckZFWTlSaEhiamxweQpXa3pacG5ZV1V6U3ZVWGNOemZLZm0wY1BUdkQvcW9XV2JpWWxESjdkcGd1MGJ5aWtYa0JIMWlFQVBlZnh2WThZCnMvalk2UDg5ejhhTk1acGd2RU50L2Q0NmF1SEo5dXBzaEU3YTY1YjdxM3FtbWdTelhqc0QvOFh5TlAwM0hGMnUKTWtCNUM1bXZSUTRZTXl1WHhRMTZPZ1JvVG80ZTV2bUtlSGE3cGVkOHlVQS91MHJ0bHNYY1JxWFlReDllVSs1TgorRVFpYWlSQjZlSDVicEVwSmlYNkY4Q0MrbHF0VDFqUXlYRlVUcDJkMG5LQzB2MVdxRmRoOG8zV0pLcTcvSFoyCk9sWUw4bkxBQm9XOTRvbFhDZ2F5S0pqR01Nd2VFcGhocWkrNHRjOWJ5Y1ZWSDdGYzI4M3dPQ0JyaS9CMk9rREcKdmVrSHNZOWlNY0Q4SmwzNDZRZ01PTXV0NU8wNVh4R2JYK0QxM1BoWHkxRXFVZmw3MzZXUlhlVGpmRmJibkIvKwpBRmc5Zy9sOFJxeEVyblh5MzgyL0xrMUJPaXBWUVlGZHQ2N0FTV2psMS8waGQrT1ZNUWtVK3Y3WW1hZDFtZTJNCmliSXNkNy9LaVNNcWtZKzluZ0c5U2J1U0l2QU9qRmRSMStGTEp3Q3dnRzYvcjl1SmRpSjJVczJidU95dVVRL0IKSThobkFWYTExdzMvVm9hekJuNVYvb2JlZE9SRlJRZzJzMkJDcUwxRXlMYkxJZTAydnNmRE1uK3p0N0xZU1NXRwpPcXoxSUtDVVlDbHBCRG9td2hjK1Y0aXR5dXRnWU5UZmVVNThaS2RjazZ5Q01GQW9lZWJCbTZHK1dmSXJLU0k9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ1dDSVNBQXJjZnJ6V20KZUdSK0xuTm9NVWY5d3hZM3p1NHhuUUxBQUpYd3JXdks5cmptbWhyS0t2SFNRaldyNzdKU0xpOE9qTjNSeHlXNgp2T0pLdEtEZ2VwSWd1VWloT0FuT0dsMjhRdjJEWWxCVXRQRjhVamVETHF2U2ljRlR3emhJbEgwYXMza2V3L2VwCnBYY2JzYndHQW9BS2plZjZqc0R5WVhNcEx3ZmFlVXN1V3l5Tk9kd29GM0pYdlhEaG1tUnZ4WWZOV3V0Z2N2QlEKc3J5bk1RMW5yUy9FdU5uNEhPNFp2M1RkZFVtOTZJRXZ6ZHRRUW01WG93cnZrcGNZd2piN1lPUHI0RGxPRWtXNwo3UGVvS1Y4cnhHSmdlVW5zOVpmdkFtbjFuRTdJMkk1RHhjN2ZrVi9EczRjRWdNMXhWaHgzaTRmdk5Lb3NLL0RmCkdtYk1RaEpOQWdNQkFBRUNnZ0VBQ3BsemN1KytMRGplbTNJcDkxZ2t3eG1vTWw5VDlJRmtCcEZISG5Wc0ltSysKR01xeGFXazl0MGF0YXVOT2syVU52Z3lST24vdE0rTFQ0WXR5bVVDRmxSWlR1SWdlZjNWTURBbUUwY1lSenZSbApKSGJjRUtKbVZaZzRmMWxJRlRqWGd4a3FkWFowZWgzeUkwUVRWQnVNWXdoT0wzQ3pFTnFBK3g2eldoZCtnSXF4CmVUTHJYV3ZHME51RXV4UGpUZWRMbmZ1M01Ock9CV0p1bVFiaWtNUGROUGRweHZyQzFHNzdHdWFCMlJjMDJ1M3oKSFF5bUJ0RnhGdkhOUVJVU0ZGRWd4aGY5WmorVXhCMVUwbjZKcy9iNlZMSmQrSjI1ZDIwYUNLOGlETG1SMmRQYQpvRndHT1RMRUFkcThUd0hjZ0hDMkNIQkNDT2pYT1ozYXRXZUxwWHdxZ1FLQmdRREJBTGdOdDE5TWk1a1lqYndKCjZJNTNPd0lkLy96S1RlckRTenZhSFltU2FkTEdrTWY3b2JWSFRnbkY0dTE2b1B0cFN1ellxbDJpMTdjY0taU04Kd2FINUpXS1pOZUt4NklDMDZqNDZScmZhZTV4RkY5TFM4YWpEV3ZOaWlyZ3hPMVU1TGZjSmc5ZUIrWTNwcmNyRgpkOElyS0RhOUxxaHVnczlZUmxGMWM5eGlmUUtCZ1FESEFVV0pNcEhsRHBqTmlXUUZjelV6V3cvZk5jSW9sT0pwCnBweldaSlhKNXUyY2ZlUXBkOCs4WGJOdU12cnQyUHZNYTgyMW1kNmJmRGtiMTZyc24yRnM0SFRkY1FyMnhWUUgKbUZOR3pzWEVMa3NoMzdsQ1pCbjk4c09TR0wrenBiOCtTeEtqQW9xVXFPNVFZeFpFQVVCdEdYWU5KZWQwNnhsWAo4bGZlWU93b0VRS0JnR3JteHd0eDRpczN0MWpPU0xVRVJzVHJ2a1Izb2NFOFh5aEU1NlhzYm1MV2twVEJaTU9QCjBpVG9xS2tmQklMRDMvMTJMckhqeTNHRElqMUxHcWxaOHlsWTk3LzlCTStlQkl3d29yOE1wSkV6bmw3Mnp5TmcKRHlZRm5vR2FiR040aGIvaUljNzNZOHJ1T3hpUDFweUJ0TjdLcTJjbURNMEpUMmVKcTF6dkM4YlJBb0dCQUtMRQpYSDZKMlNDVFh0R0YxVVJMNWJDYWc1SGFvM0tUeTlnRUNYV2xrWW94RWhtVU1tRGtlUW1sVGhRTktJWVBtbXVwCnBQZ3E0Uk1sZUlSWVVwbjFCamVLSXF2WVFOSnp0WFg4MWVndFNUNWJhdUpLM1hqNjdQTnpjeGgwbTU4eEt3bWwKVjVueWd5eHlPM0dPaWZDWFlYMmFmSjdtYUxpTmJnNHJ6a2k1MTQ0eEFvR0JBSXprRDB6blpjbVdMdTkwenpLLwpZdVRLdmExQnNyQWZhaTM5Q0d5MXpwaTlVbDN0M2dDdE92ZFVBYk16ejkxdzdLc1pINkdvZWFROWJWWU9DNlBUCkFJbDMwZmhkWENGSDUvQmg4K1RialJBcjhTeE9INmtST0pSSUVRamt2ZXdWZ29OUndBYXFPK0V3M2pmZVZ0NUkKV2l5d3ArMDFzTkJJWlQrT0h2eVVRbklMCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5ErDMNQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGorfYhYy08EA34Sz0atRhctmkVr8A +--- +apiVersion: v1 +kind: Secret +metadata: + name: ksqldb-generated-jks +type: kubernetes.io/tls +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRFdqQ0NBa0lDQVFBd1JURUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhEekFOQmdOVkJBTVRCbXR6Y1d4a1lqQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOVXVDZ0NiNmQ1U1BHTUNGWXZ6cytaUFJma1FZY2xIRFRPOTYrejgKaTUvOEJ0TGVHMlVMQzczaXJZdWtSdi9CZ0R6dmdkZURzdmJsRGMvZStQcUcvTllMejg0M1ZiNlJsc2xESTRRQwo0U0h4TEsrUUlUZ2VMZkg1Q0tDVFQyVDlNWVpzTlMzelpLQW94Wk1ORnlJWTdwNDhsTDdUV2RUK0NOYSs4K09jCmFSZnRHc3NIUU9KZW5pbFhzdC9CTWR4MC92ajhsYk0zNmJJekVXMzRFNHIxdTJwYS81bUpveVVIeTFwVjk0REIKZmc1aVVvSitSYWxCclFrUVp4MkdEekdsbkFHYzZ6R1JrdFA4Ujk5c1hFU2pGL2xrWlRFOEI0aXdtL3o0RmRpdAp3Vlo1WFRlYWY0TFNHZVV4TXU1ZlhyUm9yRUUrR2F5ZVdqaHdnNVlRTTZSdnhLc0NBd0VBQWFDQnp6Q0J6QVlKCktvWklodmNOQVFrT01ZRytNSUc3TUlHNEJnTlZIUkVFZ2JBd2dhMkNCbXR6Y1d4a1lvSVFhM054YkdSaUxtTnYKYm1ac2RXVnVkSUlVYTNOeGJHUmlMbU52Ym1ac2RXVnVkQzV6ZG1PQ0ltdHpjV3hrWWk1amIyNW1iSFZsYm5RdQpjM1pqTG1Oc2RYTjBaWEl1Ykc5allXeUNFaW91YTNOeGJHUmlMbU52Ym1ac2RXVnVkSUlrS2k1cmMzRnNaR0l1ClkyOXVabXgxWlc1MExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDEKYzNSbGNpNXNiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQVR3MVhQR3B3ejVDR2pXZmYraXMyUXMrbwp3eFl5Z2FMN1k2Q3BnTTc2eCtidjZySVFxNE9odWVtK1VRMTJueGdsTW04a2xFczY5dnk2alNja3pNekhweFkvCkljREdDNVZQQTQrNWVoVmpybzgrU2F3dzY4aWdXL3lEellMU2h0N2RmYVRZbHpWUFEwVVlMNGFOSEJ4U0wyVi8KV2dpa0daL2R3RzVqR3B5NmM4UEtTVGpQcWxwOVErQnRwcnVpbnlySWlwYmhYRGtVbnZkaitMM0QyVElDVGZlYgpldm5xQllWRURvWnJTbTlWU1l0RTQrMEM0WndZMFdWT0YwV09Sb2RoeldGdWtOeTJEYTMySFJwSGo3T2U2bmVjCnBVK01UbytpcERmbjF5ZnQ4S1p4SDh3cTI2aGZYZWFNWDZ3VE9RVEVDT3R1SERhd1YxNXd3SEoyeWpjV0VRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== + jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk + keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EtLiRAAABQEwggT9MA4GCisGAQQBKgIRAQEFAASCBOl9GF22s8Ef9INR47xmKtIlr4BrJ/dZZ3IYnYCI1nKOJRLLt513S1TwKQpT4PSqhzN/1Mx4qevsM0fm6bGWJw9hAqjyUKehRN9mcEoyYC7AMZUcwUp7Xw/B5mLgcuX0jeuPzMimdkLXw1m8mUx1XqcH58a+HI+I5upeQn8HWqsS4BsM/fSiOjAmyDMZ/aSQd9tB/E+0+ToghX8sFzQgH48UyniEYXcxR9rd/ja8KxHapKc24X7twPL9q7EjQI/83xu7ahpbwFSPv1Xk0fpp9YhZP/DUwCh5OCjI24xc8Bk/HgbSPec6hi69QuHAfgKNfOYhVnyCd6PKBQo3OMrPER6y7QL6pQvhaFoxC2faSfxJXLVpIgfOWgaBvRK2IU0df/4ptTJjJjqrJr/iq56W4Cn9NX9FhL5JKOcc6b250J6d6kRR93MKNwZxQoN0AczJKX1DpChfyDzl6znl6MWoFwHBW1kKoCLW0wthv/SNkBcJoctpy3hbxUE+CgythJ9wSofEx2MJt4pvwskgxgRmUUpAVIDPZjio2sdniRrdnGvcvYVVuCB0ed+rsYOFd9odKll1ykMf0NTjXLpTucTd8Oz+X++Up7RuFk/dPEtTnAX9BuRPhm+00twaH2E4egcDpwOATiwgjP1AadKZZv0texjG6opxU94rgVJwaoNB5zw423SCWNcyPyl7YGybI8kJhYJIuupCMPP0Ab6aK/gFTsVRlQrKaKLwigca9AeyhPyM3MPzTT2cIDdF9YLI6EuMw5wbZoJ2hSqTFEY1nP8m0+lbJJBzlxMtUmKOiEpSyb1yXSRB+JR+9dnfhKMRTyTfQ7DpbJW04Fa8oPTUK2FWEuuzw6jln0+1HEUpU/jpdUvobYiqv6xKsoJjzXQTWqzukn4FckX/bYEHoWKuSLDWDZOYdFM7A4VzHZ8Z1+No3aaS4ezqahSRULSz0Xg/Nti6znuFfbVp+9i9Wl9lOPYfnqTAf6kRx38usP+DAFZsK7kqRB30pFusSRkF2HOCZQ4OGgxUJXewyz2PJaBv/q1EnY4/ZOojmSxyRJnyzPz5rtW46bX/ZICqdpJ87IkoLWiEtvz43MY4iQh6QeUgbwwGptc1lN4/xDosoT9ty2WkeRiB3Jaria4xQNNDZh/D82hT62AyStiA6wdO4Bcj2c8dz/2TAfg3pxiGnPJEanAWXmSS87BtZDlAnyADJXH1PF9dL5xa0tFFfIQua46xDfe16GF4kU/ZNRya1kpRpYdbIk9mVncmb+ZO7jH+jAFdhnRKCX8cdwC4/kmSp+w/sOSeT9hg4qmr3pZHUXZRYoOVpM4U4HOsvY1Y3TKu8n01FRZMUNX9DhzmxClB9GGex9d2DeR949jfo7bQXf1eeaWTAQ/Vc/1j3woOaDaXhDd6rdoi/6em9JATed/qSrU58juucruVmMDFu8C9q0kFxfJO3JnfBQrqY4bJcNtdx2WiDhtaDLr0LZe8Gsm1HlDuYf2ev2XEA3iyUb/EqroezIEPAse5gG89Y4c4YVgLOoSXjI1P+ej2uG8FRjA+jAOF0/9wgG90JYeB1aZ4eAKG7cNWU/o0BdZRtIQH2qKogIoEig3/Ukx/xX9zOUUm04+7VdyVtdTKzc6rdDrAxQJVHz3BeZqrdwJK4mdxm2y/SM2YKruNs4pw5DmzKLsu+BYAAAABAARYNTA5AAAFFTCCBREwggL5oAMCAQICEGSSOmeurnqTa3lIjrqZWMMwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDI3MTAxNDQwWhcNMjIwNDIyMTAxNDQwWjBFMQswCQYDVQQGEwJDSDEOMAwGA1UEChMFRHVmcnkxFTATBgNVBAsTDEluc2lnaHRzIFBPQzEPMA0GA1UEAxMGa3NxbGRiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1S4KAJvp3lI8YwIVi/Oz5k9F+RBhyUcNM73r7PyLn/wG0t4bZQsLveKti6RG/8GAPO+B14Oy9uUNz974+ob81gvPzjdVvpGWyUMjhALhIfEsr5AhOB4t8fkIoJNPZP0xhmw1LfNkoCjFkw0XIhjunjyUvtNZ1P4I1r7z45xpF+0aywdA4l6eKVey38Ex3HT++PyVszfpsjMRbfgTivW7alr/mYmjJQfLWlX3gMF+DmJSgn5FqUGtCRBnHYYPMaWcAZzrMZGS0/xH32xcRKMX+WRlMTwHiLCb/PgV2K3BVnldN5p/gtIZ5TEy7l9etGisQT4ZrJ5aOHCDlhAzpG/EqwIDAQABo4H7MIH4MA4GA1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADCBuAYDVR0RBIGwMIGtggZrc3FsZGKCEGtzcWxkYi5jb25mbHVlbnSCFGtzcWxkYi5jb25mbHVlbnQuc3ZjgiJrc3FsZGIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsghIqLmtzcWxkYi5jb25mbHVlbnSCJCoua3NxbGRiLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIIdKi5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWwwDQYJKoZIhvcNAQELBQADggIBACq2FIEHRRMafIdY3Y4bynUKyfjBI+09yyxNubu1Rx0DLG7jEsUcGqpbFE/zDOGQ0SZzwbVGEFhAbyYeGpqZZy4gJ0N36b1lpe8HDL5RBNuEG8CsSiWuQi2dmi7pgLbJu16CPFcuGJEQKMnGH7hPOCuVqcx0/jkTqFpEbJaGsl4HVLRMSIBY4/eV3PkHZh5v3vtZC5m/IkMjaTFiF+YO5ZH/C9dFIZnxwRD+u/UG1oF71lqvuhkmEkcmSWWHwBMS71O4CEMiOGwQ9kaBAMvg61gAS4mGBJjw5UpGValPFr+Zw/RfcV2OI8GWF75O77nsp2kOUcTqBH8PreYzvYfBGVazBCvc+RFnRnrZ41rQTn/Q/bXuNrOmkiu2G1w0pQIL2F4a3CFaRJrB9JB59dzHwQGaGgOMiBkCtkyuVoKh138WMKPbjI12PMAcpX9QQlG5y8k6pTI4vJQC8+vQpKmHgtTaO48A5hC5+Ioifye0oQJow6MwpiZWve7vEKc+JgiqV5V5HD+HBOLiUwmDc2Jgg5KbxJWpmYfxjtaRO1x2lkT9zQDnVFD3JyTr6ZtIltgPLMwfTTFVR3sQFEyMKaWf36goVRV7wI3YGyGGzUPXE2k5FWqL8TiOH/w6p079nh0KeQRDeaPfuv+3OE+0p/Qlvxk69SsNknAEJN1LvIn9RMbyAAAAAgACY2EAAAF5EtLiRAAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGohGNcwaQ8wkWlh4HRH6NNI1nRPM7 + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZFVENDQXZtZ0F3SUJBZ0lRWkpJNlo2NnVlcE5yZVVpT3VwbFl3ekFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjeE1ERTBOREJhRncweU1qQTBNakl4Ck1ERTBOREJhTUVVeEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1ROHdEUVlEVlFRREV3WnJjM0ZzWkdJd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQpBNElCRHdBd2dnRUtBb0lCQVFEVkxnb0FtK25lVWp4akFoV0w4N1BtVDBYNUVHSEpSdzB6dmV2cy9JdWYvQWJTCjNodGxDd3U5NHEyTHBFYi93WUE4NzRIWGc3TDI1UTNQM3ZqNmh2eldDOC9PTjFXK2taYkpReU9FQXVFaDhTeXYKa0NFNEhpM3grUWlnazA5ay9UR0diRFV0ODJTZ0tNV1REUmNpR082ZVBKUyswMW5VL2dqV3Z2UGpuR2tYN1JyTApCMERpWHA0cFY3TGZ3VEhjZFA3NC9KV3pOK215TXhGdCtCT0s5YnRxV3YrWmlhTWxCOHRhVmZlQXdYNE9ZbEtDCmZrV3BRYTBKRUdjZGhnOHhwWndCbk9zeGtaTFQvRWZmYkZ4RW94ZjVaR1V4UEFlSXNKdjgrQlhZcmNGV2VWMDMKbW4rQzBobmxNVEx1WDE2MGFLeEJQaG1zbmxvNGNJT1dFRE9rYjhTckFnTUJBQUdqZ2Zzd2dmZ3dEZ1lEVlIwUApBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CCkFmOEVBakFBTUlHNEJnTlZIUkVFZ2JBd2dhMkNCbXR6Y1d4a1lvSVFhM054YkdSaUxtTnZibVpzZFdWdWRJSVUKYTNOeGJHUmlMbU52Ym1ac2RXVnVkQzV6ZG1PQ0ltdHpjV3hrWWk1amIyNW1iSFZsYm5RdWMzWmpMbU5zZFhOMApaWEl1Ykc5allXeUNFaW91YTNOeGJHUmlMbU52Ym1ac2RXVnVkSUlrS2k1cmMzRnNaR0l1WTI5dVpteDFaVzUwCkxuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDFjM1JsY2k1c2IyTmgKYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUtyWVVnUWRGRXhwOGgxamRqaHZLZFFySitNRWo3VDNMTEUyNQp1N1ZISFFNc2J1TVN4UndhcWxzVVQvTU00WkRSSm5QQnRVWVFXRUJ2Smg0YW1wbG5MaUFuUTNmcHZXV2w3d2NNCnZsRUUyNFFid0t4S0phNUNMWjJhTHVtQXRzbTdYb0k4Vnk0WWtSQW95Y1lmdUU4NEs1V3B6SFQrT1JPb1drUnMKbG9heVhnZFV0RXhJZ0Zqajk1WGMrUWRtSG0vZSsxa0xtYjhpUXlOcE1XSVg1Zzdsa2Y4TDEwVWhtZkhCRVA2Nwo5UWJXZ1h2V1dxKzZHU1lTUnlaSlpZZkFFeEx2VTdnSVF5STRiQkQyUm9FQXkrRHJXQUJMaVlZRW1QRGxTa1pWCnFVOFd2NW5EOUY5eFhZNGp3WllYdms3dnVleW5hUTVSeE9vRWZ3K3Q1ak85aDhFWlZyTUVLOXo1RVdkR2V0bmoKV3RCT2Y5RDl0ZTQyczZhU0s3WWJYRFNsQWd2WVhocmNJVnBFbXNIMGtIbjEzTWZCQVpvYUE0eUlHUUsyVEs1VwpncUhYZnhZd285dU1qWFk4d0J5bGYxQkNVYm5MeVRxbE1qaThsQUx6NjlDa3FZZUMxTm83andEbUVMbjRpaUovCko3U2hBbWpEb3pDbUpsYTk3dThRcHo0bUNLcFhsWGtjUDRjRTR1SlRDWU56WW1DRGtwdkVsYW1aaC9HTzFwRTcKWEhhV1JQM05BT2RVVVBjbkpPdnBtMGlXMkE4c3pCOU5NVlZIZXhBVVRJd3BwWi9mcUNoVkZYdkFqZGdiSVliTgpROWNUYVRrVmFvdnhPSTRmL0RxblR2MmVIUXA1QkVONW85KzYvN2M0VDdTbjlDVy9HVHIxS3cyU2NBUWszVXU4CmlmMUV4dkk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRFZMZ29BbStuZVVqeGoKQWhXTDg3UG1UMFg1RUdISlJ3MHp2ZXZzL0l1Zi9BYlMzaHRsQ3d1OTRxMkxwRWIvd1lBODc0SFhnN0wyNVEzUAozdmo2aHZ6V0M4L09OMVcra1piSlF5T0VBdUVoOFN5dmtDRTRIaTN4K1FpZ2swOWsvVEdHYkRVdDgyU2dLTVdUCkRSY2lHTzZlUEpTKzAxblUvZ2pXdnZQam5Ha1g3UnJMQjBEaVhwNHBWN0xmd1RIY2RQNzQvSld6TitteU14RnQKK0JPSzlidHFXditaaWFNbEI4dGFWZmVBd1g0T1lsS0Nma1dwUWEwSkVHY2RoZzh4cFp3Qm5Pc3hrWkxUL0VmZgpiRnhFb3hmNVpHVXhQQWVJc0p2OCtCWFlyY0ZXZVYwM21uK0MwaG5sTVRMdVgxNjBhS3hCUGhtc25sbzRjSU9XCkVET2tiOFNyQWdNQkFBRUNnZ0VBTFRYOVl4R3Q4THVLR1FsWkhueEoyLzlWL0xOdnVhczY3bzFKMnRIWW5zNXAKZUJFb3lDNG1pRmZwckdManQ5d0c0V1YrS1FIQ1U4QlNSSktxUlIrWndaOXhxKzlxWE9jdGpuT1J0YTZTcG9zcQppZlZNUmtXSVF2Z296ejFPcWtGVVhvaldZbTlyR05oc3hub1JQT2NDdkVabTJXMmpjSnVMcmxlREMvT2hDalNZCmtJMGdSWWl6M3YycGJESTYxTEk0T0VnMjlVQ0ZzV216cU01V1RwTDRQZTVvTExiRDhObGNSdWxvK1N1bGxEVHMKVG5RNVhkaStzc3JJMkV2Rk51ajYweEJSWXVuL0l1MEdEZ3cxb3dzcHdnNnRSUnJpeWJTUEdXeDBLSSs4a0phNwpWclJuQmNPLzBHcVF2MWs1Q3FWb0RCWHN0L1pUZ1dFUWhzdzQ0T0dXK1FLQmdRRFpaUThWSkY4dzdYcDlKNlRJCjVvdTdvYWNYT1NVTkt6dW41VE1GMUJYUDJqa2xsRHlpcCtZKzJ3K1UzL1poMUVXSFA5V1pSVGxnSEJxSEU0YWMKUWNNanJ5RmdkSEFZaCt1U2w1MkNmbkxkc0swUHkvc2QxVWcwcVpmWFV0Qk0vU2VaSzMweWlKZXlNN0d1VlZTZgpVSmVITzBraDk3QkdCQUlpQVFIb2lncVNSd0tCZ1FEN0NWM08wNThsTDVzZHh4TENGdXFYT29Udm1HRy8wRmErCjI3VnV1Z21malNMdnR6QkxMdXVQeFVvdWZpZXZ6S2p6TkEvRCs5Rm5MajdXZnlwa1NCL2g2a2syelE1STNQRmwKbWJFejJ0YmRSQjgxV2VlajFBVlFzSWJwbk9pZEk5ejVrRTg0V0hZOGhHSk5sVVJIdFZSVDFaSmdZYmJIRjNLLwpoUVNUQnByb2ZRS0JnUURKZDBWZUE0SVFOdFNnTGVBaHFyNXVXV1lmT0g4azBCOE4vbk9sZ0NIaXFVcnlqNGtOCitHbUJjTVBrNVJWUkhrWjlDK1Jva1dXVnN4WEdmb3J1UG1lWXAxRllNVEE5RzZGdURnSVRrQm5sWnpsSy9XK3YKK3h0YWFwemtHTVFmeFRBd1c4US8wNlE1cW55TW9sbTA5eHdtWUFQcmJiNjNkRG1CeDhzNzlNbk5Pd0tCZ0RrbQpnTHk5WU5YT2FMbjJ3RVovZ1JpOHNkYjZFZ2JoSDE2RUZtSUc2SG55WDZuRFFyTmJFelcvN0l0NUhQL2d6L1hPClBHaVp3NnFCMUx4d1p1NDluVVNKV2ZHbjdVQ1pURHVkS2NKc1o4NG4zQk1CVE1MM1dkNXMwY29OZHNlUGlwY20KUzJMQWdPcDJHUXNnbUZMYTdUL0l0M0pKekpxMnMrRDJIM3g1WEhyaEFvR0FOS3hrSm8xT0VMWGdlZmRKbVltdwpZNVlEK0x5ZmNMKzdGUlNHbTVqdjdMQ1FYbTZqTjRqTHFDNUc3WTEwZjg0UGE3a3NrSkJsNCt6NHh3Q0NHZlk4CkNFdDNYNFhNMVhGMDRNSDB0U1ZYN21IY3ZLbVgwRW1vVVFTMXVsaXJUYjNTSXVQMjQrdlArYkJKSC9aZzYzN0QKdWRYTTFFN3NFSHAxc2NpUG1ZMTJaY0k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EtLiRAAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGoqypfVz1zt0phuvrz37eH0Xveps6 +--- +apiVersion: v1 +kind: Secret +metadata: + name: registry-generated-jks +type: kubernetes.io/tls +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRGFEQ0NBbEFDQVFBd1J6RUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhFVEFQQmdOVkJBTVRDSEpsWjJsemRISjVNSUlCSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5YytJcXFLaXZrWk96a1BIeXBtdTd3ajZndHB1QUE1K2J4UlUKSkJ6WjFlNHFtcUFEbVpIOE1PTzJrSDlUV2FvZTFDWXFBN0xnT01tSTlWR1N0UC9EK0RranlhZFlUUDJuSmk2QwpXUFNtRFlzck1KNHlPbWRZcDdMdHB1NWdhQ1BPN0toV255eTdGbnA1SDY4RzVySnRqQm5HS2lJZ3dTbHNmOUxnCkZIS0psYTlIWGlyeEJBM3g3Wk4vYjl5Z0NLdndMWDU3M2lpNW5QVHdIcldxNDFLT1dGYkFKZG9qWGRiYlBYMUcKZFUzNmdINDdJR3pvaFlRdHBldTh5VXVsV21QNFZRVnR4eVBOaW5TVFYvY0g1NzFONlNZbDRzb3JaUDdXTko3YwpzUi95UWJWZDZUVDhHZ0NzNDk1UTk1SzN0UUxpNlBWZ2xnQ0hFbEVJVWdwU1h4MCtKUUlEQVFBQm9JSGJNSUhZCkJna3Foa2lHOXcwQkNRNHhnY293Z2Njd2djUUdBMVVkRVFTQnZEQ0J1WUlJY21WbmFYTjBjbm1DRW5KbFoybHoKZEhKNUxtTnZibVpzZFdWdWRJSVdjbVZuYVhOMGNua3VZMjl1Wm14MVpXNTBMbk4yWTRJa2NtVm5hWE4wY25rdQpZMjl1Wm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNnaFFxTG5KbFoybHpkSEo1TG1OdmJtWnNkV1Z1CmRJSW1LaTV5WldkcGMzUnllUzVqYjI1bWJIVmxiblF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDSFNvdVkyOXUKWm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJQSE9xZwpZNUhUSDVIamx5SFhxa2I5UEVWUEllVHFOSWdLYkZOdWVQcVpKKzcvUEFkNmUyUS9ERlRHQ3Zmb3BUcWNoYVBtCmo2YzY0V0pqQlAySVM2U1B3MVRnQ0hqVmVmU2UrUzdFUUhaS3ZwS1NucWVFaEhkcGRQdVJ2RDc5aEVqbDFQNFEKQTJyVk1pTzkzdmVWS2JYWVpOUENlNDFsRmVWaHdveFNuQWNHYmdJeXVPOW1KZEZLVjV3czR3eEdKOHhrTE1waAp2bUNkcG9BNllVbjE4aVMrd2o2aTA1enBVbXh5aFhXS3IzMjhOdjBGQUozQUlqaVo2TlJucEpUU2piVkFuNHVDCkRJeGxDa2F4V3NwSXhwUk9HWWFiV0JZblJOTzNFTDdKcGg4R3U5alE1SHF3ZStFYUV6K2gvYWtqZ0w5UHJzNGMKa1AraGV0R1c1VjVXSnVxdgotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K + jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk + keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5ErpCCgAABQIwggT+MA4GCisGAQQBKgIRAQEFAASCBOrWJqMF9Cux5JN17Z5f866XfWbVPU7Ii1Px81GcL1CBiF/tW/AO7mWHLBSrXNy1+c0husWdd058SGkcFY153mUluN1X+rJ6djc659fyN+gjLG0nf1nrjyf8abG/mvLg4s4cd5Z6i+RHTNlGAa7YiBJghaGdENrjvOdSwc5IoJt4kX5S24msdq/C9Po+ROvyP+lMETpd58yVLBl681FAn+0KvbjDTO1xLcVgn3tYWryt6bCFO1U4AwrzxGyXkQDldAmTQj4EvuBk7sJoErhr7nvwxFDfjA1aynw8hsvLVDYVscrVjRpLFU+Db90A+eVKdU5a/Bb97wb7u3kEdL4wi69LVYOzr+bNJJ7Yb7zb5mjJy12cHg+ZghImIGdCABbpbKrIjpfKKJYoNJFMkGGNLaFeUy+VB7t/gqSrFIu+4BlgBALnFN037ijw7RKEt3SKneqTEPg/41hriV9UjQsdpLMXv3uLPP8uzHXr71U0JuN6neGClaUUViEzpEw1Zwwfbw0+lrObyEKB4INPQgmi7UlL+wNdGrW/wHGpqmgO2AUt9Rxly1r9A736edEM8857VRU3Md9WAANimptiuNfHsjhoLh9i2fqu51AHcQev2MYAYI5G8nFA0EHOJB1uSErn8SoTcRmv819gTNRrkzNTQuBNY5iLmb+z7s+5lqInQjRQNqZ3bwC9Lqa9PYEOrS6H82LVQZoWSBnEkHnXyjWWuQEdEIUCTSv3XbcQ7VkNFMYl88jFiZApI1rZNzO5GlmX0BM8eDJHhF6SdG2EoxntwpIvFi7SR66nWGxpt1MtxH2t+A1v0rX0LRhLbvt3OzFTCZY/EW0HMHD7wzesmzNXgLDHi5fzX+dHLrGNg5C1q1zQy7phdI1omW5HSxAxuqWyypqAql2y/DBLwFozEm/ftzr+ERKd9qF92Z8YggKRUsRu8qqMHBkp80Yzzx2jakg+0Cy+f+We7c23jxyVR4CvinBHepatm3Y1mjLzx2UM+FgLxzavqV0BvZiOrlyKru3TO7O3a7dOlHyci1+R86y16yeukn88V4ayAhwqrbLqa2oOhgHGvobUt8wngU7VCNQg0kNn7QuTfyyFOTOxuCswRLyNjp0uPTmbgEYKnckXZ2bo7G0A6U1HwE/h9wnOiOKcVeMA2tevUFayqlyC15caMv666z4+4EkfnzN/ANWDGYAheOXqfDynUgLACTgvDlUPIAl2g7bSA9dGoCvJAqyxAJ8FSd27QhqCxiWuV/LEPDiOI1R9Qos6AMtzCFK7XIOqeUCEpXdvxHgB1VjsPxgk0nd8FemizX0LXFLyBatEh53CyMRJGovdHztwKr12/6T3ClYh7DbjGLw8WnqqGN6m4LBmWJ92haDUnVpDb9WeeGHopZxk8iVXofdVcXEiVRaJWOYV/h/oTjDrXX39/UZZ6MlrirGe3lkxbgtqMa3atlTL2wg+r3C9rDLsS5sq247xU3y6Sv+XtTbJ91WVBPJVbcMioImJ68zBDC6AJehY40ytl3fOiuqzE0lbbsmnuX6yD+Yjwvlp1Vpf/0pv4b3zSEohU2kBlA8LW3HwFscNdbs5BKaOABxRbJ7NX3PNl416XG/rtBHevMuRm2+wWaNY5RrU+vP2SO/OYKS2cKUOEfhfgfgPmkoNDSHG9HnAUnD4mg/ze5MzWkw3DJTNAAAAAQAEWDUwOQAABSUwggUhMIIDCaADAgECAhBwLrRcWC1rU7wsX52RZHicMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQyNzA5NDc0N1oXDTIyMDQyMjA5NDc0N1owRzELMAkGA1UEBhMCQ0gxDjAMBgNVBAoTBUR1ZnJ5MRUwEwYDVQQLEwxJbnNpZ2h0cyBQT0MxETAPBgNVBAMTCHJlZ2lzdHJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyc+IqqKivkZOzkPHypmu7wj6gtpuAA5+bxRUJBzZ1e4qmqADmZH8MOO2kH9TWaoe1CYqA7LgOMmI9VGStP/D+DkjyadYTP2nJi6CWPSmDYsrMJ4yOmdYp7Ltpu5gaCPO7KhWnyy7Fnp5H68G5rJtjBnGKiIgwSlsf9LgFHKJla9HXirxBA3x7ZN/b9ygCKvwLX573ii5nPTwHrWq41KOWFbAJdojXdbbPX1GdU36gH47IGzohYQtpeu8yUulWmP4VQVtxyPNinSTV/cH571N6SYl4sorZP7WNJ7csR/yQbVd6TT8GgCs495Q95K3tQLi6PVglgCHElEIUgpSXx0+JQIDAQABo4IBCDCCAQQwDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMIHEBgNVHREEgbwwgbmCCHJlZ2lzdHJ5ghJyZWdpc3RyeS5jb25mbHVlbnSCFnJlZ2lzdHJ5LmNvbmZsdWVudC5zdmOCJHJlZ2lzdHJ5LmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIIUKi5yZWdpc3RyeS5jb25mbHVlbnSCJioucmVnaXN0cnkuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2Fsgh0qLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAJADP27b6KzRx4mHtqp14fJMMe66xZZGrUc3uOEGnG9f7uxsr+mN/8kPUqwIUkXYCSBoql2l4kcqSJPDyOAn9g5N87i/6JyYXogCypQhMkGjUZh3Oej6nJ9/lsKwnke3t8qimRBm6wQrMwLQIH8AZQGnTzIhbNj4xRVNEeFVTEIDYum/DZY6NA/sRFzyDbs8rHvOdbJxoVHGvuK/nu/7AGjnGneqN1iRYv8rxvBcly8jxMtYD0wu41VijyD0cA8fnFOeiyTIOjQ0QuCPq7tE2hKi53U/GE1/mSgk2FX6QlqIuVFnAwFlNxxOamm2Sqd+S0vpFj8KJ2YMDHBLHepq3P0va8l+STeKVbghBZD0w7xv2ypq4oViRZUYV8nXm5uUf+3xZe5nVbhmUdOrFDTi8dE0ywZNoNyY7fiwcA/8b8sJZ8NyHuocIWsY1OD6PkDKjWPQsmZ061abiCVzyzZfscRdP29jRO4EZy9XBeSLC3cUP9tIpMmVy9St94tQTuYzQtPVpGStJ5QO9mUKUHzAM8ZZ/F8gDE1yHxql004YGSGqe1TuX/5oX0U+9k9ReCLhT0R13uvdOmCqOeYfqcr7RPtYocPRfauogKkj3U3kKlGS9zMBIkr7gh4SuraerNUzpAaYQ4LgQx188ZvTkpK07ufxcWE4hZignCUKJjW765hMAAAACAAJjYQAAAXkSukIKAARYNTA5AAAFDDCCBQgwggLwAgkAwCk1qRAIiMUwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDE5MjExNTUyWhcNMjQwMjA3MjExNTUyWjBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALrJQmV40plWUHCZwtWRl0mRqY8RifLa6YrhemNh4GlpLT7D97hNxlc477QCZ8+9HKW+KTmRCt7t1vjbkC8Pl5Q4uVx8g7knCyMhr9SdWJnkkVQEOIwl4QYqjUKsvtWGgCaZdiJ7CtRcJVoguGaB8H8gbFeuTx/L4gNh3KzwWoS0rHAYGCeJDKQRY13OnhMmVhTunmDf9xm/Cpk91YYAXQ8X65V66ScA4wLlllmmdYMbDW3uHdgTF0XIwBsE8zm7QahAq6myjbcylSzZAqOVTtknSFpovcfaA/nqabjzrzKK5zXd9m/ClsTy7nD9WXIYa3MBjlkmBJITayw4aV/rSlBTOHehBnRL+MgOICMeCTeDLwWuqJzOR1Jlxpr69DpAZ27Iv2ZO+3P45g5C+d5/4xtVeQUd5C57dOIeMYcoiuiEzZjUeRzUnZc4Sk/6nZ3qiGKAFSELxwv8FANwfgd7rq4ba/WunC2L8mvVgQDSYEAy3Elw2uswZb2j8+17UTmjCpGOFOhQp9K+2tdq9eeAmFsI8ZGDeK+3m8cPcIFWtBpERbDBlRGf7wogeKtyx77QLuJkWAW9bKzGdeX1E59A0J+US+uRcE6bdQUX4lB4V7jVkQ83asqEXIoT9uWE1j3MluAGRhbLUwmR6Cv7EkuvvxO81Zb7d2Sq6cl4TTSN0Bt7AgMBAAEwDQYJKoZIhvcNAQELBQADggIBAHjqFcAFwJKPlw3UXj6LrzXR0RhTRKuux/9BfcggprOXe4jFtV+XWt+7pGHt0wljGBT+idhxgXWy/CGaZ66OLNiDx9hM9FYGmPeTeogZGRHQpT7IRinK5RJIHggOYAPiCtvKZfTlybX9lOAxi9CwBg7p/O/sDy7g0VZKeEnRM1WBkccuWNCIrqGIqc6Y9QCexPYN7pcBpFp7djaf+6WjcAJhA94PyByHcsN38lWxyYD47BbEZ7iyYIcCrPeVj/dn2oCWJ7qI+kU6OG6Os+s9cGL0M8s8U9ZqYE4ZtBcqkjnsrifn/rXLSW53OmnzLXpaAyiQXwDzQze3LkPGoGo+0XKpCip3TjzqsWfxuk8qkdTA0IOZgZW1le3o6AQEMIZ6Oq/HzUXo1VZpBGexfgSxklidsTxsBnBB7qA77QI0qFZaxC0kVYzilDBcIk/YO1gK5XZF1mGcO5834n76NyoS42JjlmSoc5OPvDZ8mrJSOYwk3r9MARASeV8I/JnvP8StzLv1UI8yBjuWx03E31zgmXHUE0COuXwPMg4nVu2T9g5+MjJOJqyIxsbt6o/XWsSob7wgDoW8ck2Xwm3ItW1hFOaHIU7u3LAV+DJWJYWKc4rbH8p3chWi/Vo1/LqeMvdD8Tjt0gpbdJZbX8vzVxwmWY+enJiqehXLXJT6IqbUyEainAPfsldpFZUDJvjAsK9p1TsHj8g= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZJVENDQXdtZ0F3SUJBZ0lRY0M2MFhGZ3RhMU84TEYrZGtXUjRuREFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjd09UUTNORGRhRncweU1qQTBNakl3Ck9UUTNORGRhTUVjeEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1SRXdEd1lEVlFRREV3aHlaV2RwYzNSeWVUQ0NBU0l3RFFZSktvWklodmNOQVFFQgpCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNblBpS3Fpb3I1R1RzNUR4OHFacnU4SStvTGFiZ0FPZm04VVZDUWMyZFh1CktwcWdBNW1SL0REanRwQi9VMW1xSHRRbUtnT3k0RGpKaVBWUmtyVC93L2c1SThtbldFejlweVl1Z2xqMHBnMkwKS3pDZU1qcG5XS2V5N2FidVlHZ2p6dXlvVnA4c3V4WjZlUit2QnVheWJZd1p4aW9pSU1FcGJIL1M0QlJ5aVpXdgpSMTRxOFFRTjhlMlRmMi9jb0FpcjhDMStlOTRvdVp6MDhCNjFxdU5TamxoV3dDWGFJMTNXMnoxOVJuVk4rb0IrCk95QnM2SVdFTGFYcnZNbExwVnBqK0ZVRmJjY2p6WXAwazFmM0IrZTlUZWttSmVMS0syVCsxalNlM0xFZjhrRzEKWGVrMC9Cb0FyT1BlVVBlU3Q3VUM0dWoxWUpZQWh4SlJDRklLVWw4ZFBpVUNBd0VBQWFPQ0FRZ3dnZ0VFTUE0RwpBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEClZSMFRBUUgvQkFJd0FEQ0J4QVlEVlIwUkJJRzhNSUc1Z2doeVpXZHBjM1J5ZVlJU2NtVm5hWE4wY25rdVkyOXUKWm14MVpXNTBnaFp5WldkcGMzUnllUzVqYjI1bWJIVmxiblF1YzNaamdpUnlaV2RwYzNSeWVTNWpiMjVtYkhWbApiblF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDRkNvdWNtVm5hWE4wY25rdVkyOXVabXgxWlc1MGdpWXFMbkpsCloybHpkSEo1TG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJZEtpNWpiMjVtYkhWbGJuUXUKYzNaakxtTnNkWE4wWlhJdWJHOWpZV3d3RFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUNRQXo5dTIraXMwY2VKaAo3YXFkZUh5VERIdXVzV1dScTFITjdqaEJweHZYKzdzYksvcGpmL0pEMUtzQ0ZKRjJBa2dhS3BkcGVKSEtraVR3CjhqZ0ovWU9UZk80ditpY21GNklBc3FVSVRKQm8xR1lkem5vK3B5ZmY1YkNzSjVIdDdmS29wa1FadXNFS3pNQzAKQ0IvQUdVQnAwOHlJV3pZK01VVlRSSGhWVXhDQTJMcHZ3MldPalFQN0VSYzhnMjdQS3g3em5XeWNhRlJ4cjdpdgo1N3Yrd0JvNXhwM3FqZFlrV0wvSzhid1hKY3ZJOFRMV0E5TUx1TlZZbzhnOUhBUEg1eFRub3NreURvME5FTGdqCjZ1N1JOb1NvdWQxUHhoTmY1a29KTmhWK2tKYWlMbFJad01CWlRjY1RtcHB0a3FuZmt0TDZSWS9DaWRtREF4d1MKeDNxYXR6OUwydkpma2szaWxXNElRV1E5TU84YjlzcWF1S0ZZa1dWR0ZmSjE1dWJsSC90OFdYdVoxVzRabEhUcQp4UTA0dkhSTk1zR1RhRGNtTzM0c0hBUC9HL0xDV2ZEY2g3cUhDRnJHTlRnK2o1QXlvMWowTEptZE90V200Z2xjCjhzMlg3SEVYVDl2WTBUdUJHY3ZWd1hraXd0M0ZEL2JTS1RKbGN2VXJmZUxVRTdtTTBMVDFhUmtyU2VVRHZabEMKbEI4d0RQR1dmeGZJQXhOY2g4YXBkTk9HQmtocW50VTdsLythRjlGUHZaUFVYZ2k0VTlFZGQ3cjNUcGdxam5tSAo2bksrMFQ3V0tIRDBYMnJxSUNwSTkxTjVDcFJrdmN6QVNKSys0SWVFcnEybnF6Vk02UUdtRU9DNEVNZGZQR2IwCjVLU3RPN244WEZoT0lXWW9Kd2xDaVkxdSt1WVQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRREp6NGlxb3FLK1JrN08KUThmS21hN3ZDUHFDMm00QURuNXZGRlFrSE5uVjdpcWFvQU9aa2Z3dzQ3YVFmMU5acWg3VUppb0RzdUE0eVlqMQpVWkswLzhQNE9TUEpwMWhNL2FjbUxvSlk5S1lOaXlzd25qSTZaMWluc3UybTdtQm9JODdzcUZhZkxMc1dlbmtmCnJ3Ym1zbTJNR2NZcUlpREJLV3gvMHVBVWNvbVZyMGRlS3ZFRURmSHRrMzl2M0tBSXEvQXRmbnZlS0xtYzlQQWUKdGFyalVvNVlWc0FsMmlOZDF0czlmVVoxVGZxQWZqc2diT2lGaEMybDY3ekpTNlZhWS9oVkJXM0hJODJLZEpOWAo5d2ZudlUzcEppWGl5aXRrL3RZMG50eXhIL0pCdFYzcE5Qd2FBS3pqM2xEM2tyZTFBdUxvOVdDV0FJY1NVUWhTCkNsSmZIVDRsQWdNQkFBRUNnZ0VCQUx5aVdmSjFObjE0Sm0weWVldHNIMUdiS04xcTRtcjNJVU1lMDA4MkVIK2cKc1AzN0Y2SlNERkorWnNWRjNsanZaUVdUN3EycVkxOXhNYTFzWkI3Kyt1Um9OSVZuQUdobXAvaE9mTlE5U1lGYgpWakdKalJWK1NDWG9YNjhySGIzNXlvNzNBcENpTlBYYjRKKzI4Rkp1OFdxRkpPOTVHdml5aVpJcFAvNmMyUEdwClRMVUx2OWdTOFNwd0I2aUtkQ0lZUnNBdHI1TUhRNjFDcGM4MUxsMGYrUzRlVmw0QXlMbUI3eC9oMVBoWTNScTgKU2E0N0w0VEpEclJCbmdZMzh5YjE0VHFvdWZERkpaK3lDMjJlOWx1VXArMWxMVjE2MXR2YWNxdElZV0dlTzNZNgpFNm9uZmZUcTFRdXZvbzhzdklEcFdmSzQ4TjNtYm5xN09lMk1BNzdoajRFQ2dZRUExQ29icFptSTdwczV5cVl5Ck1LL2JtSXhBUU5yQnVjVWtzSXExcE5PV2JCa28yVFZ6dG1PTWcrSTMxUlJEZXZ3WlZBa1ZoZmpXV1ZWR3NDbnMKWjI4eG1Pd2I3TXNYSi9ycFJyOHZyQWdpQURvbHNjK2dwbnRYVGpaZy9OWk5rOEVRbGFEMTJHb0lqZEdXc05pcAptWEJOU05TcTU4d2c1d1o1N2l3eDVqNGN6UEVDZ1lFQTg0SEp3R1dOTlFOY2grVGhGZkFwRTU0L3d0Wnd6eEFoCkFoUnprM3FtYzV6SW1abW5yc0V4aWtaWTBsMlpJWmxWYmgwdUZyTXcwY3N5dFoyUkdidVZzeEJPNUxMZXFLcVoKeFU1RjZLbkxBM1NHSVNzT254WmRZRVNydzR2QmZWbXVJSTBTR09Edm5Pem1TVDVNVnFkUGRsK0krOVRpVXNFTgpvc3lsNkxYODFIVUNnWUJDVzlFOTRHRzF6NU1wMFFXTnVOTkVTVW1uZjBSc2FEN3JnTmNEY0xKeHFRVGZ1eG93CkI3N2hXUllCYlU4VjNsZkZzdm1xWjRRVGVOcWRLdCtvRWwwKzZVcHFxN0xZYkdBZUlwbzBnbTZ3QjMvV3Q0d1YKeGlvdWFrKzNoUWZLbU80by9xa21RVFBmdDVnY1JBZjMxK28wUjJBVkZBR09nTFlPU29CbzlUQm80UUtCZ0NlZQplMXZ4YWVzeE05SHNmRzdjVjJLWXdka0ttT29udnFjZStyc0pIcUg2NVd5UVlvYjlhZmtNZnhFakozSWZCNVpWCjZ4VEliTzRGZUtleURsUzRmNS9WekhCTFpnemRUUTJjTWFXc1VwcXFUOVIvcys1UWJqcm1rV2ZNaWx2QnhxSUgKTWVXWVc0UVZ5MVlwYTdSQm5wMHM2QlhKU2xXYWtZUm1kYXdLU0N1dEFvR0JBTXM0SkFUTlNOTFJhU3JmaENwRgpIRVZxNGNUL2dBUWNiNTRHaG10STBxa1Rzek1NL1UwTElRaWZBWk9ZM3djM2VYUUc4YkRGUmR4VXpPL2RyM3A3CnhqNVlQZWpGSUxlRG9wekx2Y0o5RldBQlVBMXVXUFk0eVE2elZVNVNZVkd1eVh5OWJNcGNIeUdHNysyRHhlaWcKVEh3L2prblRGZkRybUNydjNJc0hrZmoxCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5ErpCCgAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGop0nmg8QgU4VXD1zTfkq5kZ392GD +--- +apiVersion: v1 +kind: Secret +metadata: + name: rest-sslcerts +type: kubernetes.io/tls +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2lEQ0NBWEFDQVFBd1F6RUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9NQlVSMVpuSjVNUlV3RXdZRApWUVFMREF4SmJuTnBaMmgwY3lCUVQwTXhEVEFMQmdOVkJBTU1CSEpsYzNRd2dnRWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDdWpiK1drYjlNTGxtQnpRbTVTZ1hBeTVrNmRPNjM5bHlZSUl3K1c1TUgKTEZUQ2diN3lSQUhOY2N3a0RsaG9oVFJpY0tYc0Q3cHBzNEJtK2hsNlVta0FuZDR4NzJ6OC82dXNkMENnT1hlTwowZG04SmFxdWQrVW11cnk3Y0U1VEtTaElGL2tacmEzMFlEemRVSjhFNTFPR29NYk9lZlZRMlMwQlVTeHRRTmFLCm1aYnRoNWRQbUJEckcwamFycDhDZDRZY1BpdHRjSTNiNFdXRXZ1WHpCa2hmN21TRUpSdnBRUkI3YTgvdldMTVoKL0FoblpFRnh0UDEvSHZpckJYa0ZUNXd6MEhuY3NXcGtwd2JWbDJhYVRST0JzMTJUUGJJOXRpMnU2MnJGRHJlYgppRkZERlVVWFVjRitrYXAwRUtSYVNHRHZpai9CZkdkVHZUMFd0N1lGekE5cEFnTUJBQUdnQURBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFrOHRIQXpXY3ZTaFFJRGN3b3pzSHNpYThkNlZnNlJrbG5hbEt0SFgzY0FqRitvOWkKMnU5aWczbVFDRGVGUEpmdDlmSnlLM1gwUDUzSU9TM3VWWDRnRmpkTnU2aVNRY3ZKOXVnbWZ6cUZybWNheEg1ZgozVlZQZm9WdUpEaVpxc0FlZTJJNWhhMzEwMUNsTWdiU3A2YmZBSVNMQ0xoUiswaHVaNnYzQ0FFN2dsUHNZMnhFCjFOSE9ka1dDYm5NcU5Ib3ZWOCt6WlhEYUt3RXQxanVUeW0zMEp2VjluL1hTWGVMQVF4ZkpyMTBkWEkvc00rbzQKTWJNOW5WZzh4cVkwdit0b3NwbEwvbjdNWkNENTRIaXpsbW1KbHpRZDVSUElGaGc4UWZVd0ZHejZydzJKSWE4dQpYeGcwVURDaS8ybHlMUkR0S0QzMUVqWWhud0EzQVMyM0JMbkJ4dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo= + jksPassword.txt: amtzUGFzc3dvcmQ9Y2hhbmdlaXQKCg== + keystore.jks: /u3+7QAAAAIAAAABAAAAAQAEcmVzdAAAAXj0oI9WAAAFATCCBP0wDgYKKwYBBAEqAhEBAQUABIIE6XptDRk9DByyOU1E+J4F19K6tGx3lmtyQYXswcmvhuig4zbLvi7baWqFV9pZrCP1O2vcfsfkByXTezKCLPoJUsT6dmpGzjscwZ90kSkjWytZkvz9xLlEGAwE7DurmXgOXu+ucXtXRvdYMSb9kJsk7zsH37fFoyHxPSAMG2DdHw3yV4ysaGCTHzx56VoaQWz3Ett+Q28hltmfamyzyyGFS4osSQi9Ll/ZW/LJJXOjR5kGG8JTZevBKdEACusMG2RELbg4STBMef2LEwF0TDvCiAK+k6J5pixVP0x0+/JmA4cA/P8Vxc2nu8DapAKuWbQdzpZ3We+O5TRPhdyuFFTtJFicWQnvX3J4/82POM6rDlDI0MtgOL7mmj9mij/2OG7Fqan9eFpFuS4RUfBcTnsOhKku3wDsaAqrwlMm9n8cHk6GBkmYKj1FILYJ9HjS+m60wFdWHA1QTCSWYCCZet8m+K8eyZgI1ZxTFeogL4rgiev8aMw2ZxFphxWCjI2KZ7FsGqPnrVmWAyzjY8gOSfABpDewYTwTmieEvipPojkAEyVNyZXaNEr+bBBzHxduLY9nAL8v+LtZBKUCXpr7eZ9zY2yEBjIb2iBAOHt/+bG/kGZkpgPmJCrgPyRi1ESP+x4+nNr0fQdfgfYDL0qDYlT6971Tln3pvQwUrl3t5QQjBSKlDMa/KNl/uJEM123UodEsT27Rpl6+mLEFGbhcKGkuLfkdxMlytB+jGSdtN/CMF4o6IawvJfIuUavb4YHq/lVDdiEP7Bxi0fuTC/vE7+FR5wlnvF2ZQCk/WowGwTzw/LvBgTk3lO52mhp+lZiz3r1+dZAVwnbUNkcQjBBQqbHF3pk91SL7FXaUZTauNJZxZn+eeNMjR+VtwOpNSnKHeTabGbJczgCVOKU16hO0WqYfshg2GaxqKohOiz9XYkEkGpNQPrG9eqSlwjVOdT8CB7TE3HO5cj7Hd7XeWrY+IxiJ7J6Y1ZKmg78Ru8H0IiOAkuxKWRQamORgckWmj7T5ZJkum4pbcfhsPYrXS2qv9DcfaWmlGB6jbyo8ezLCp+wz2cbwQyXwmS3zmbcS/MftsNej72tdNLtwJHhyCEIyXgAG73AvTxu7qDPf7vKBik94ETVG9mzecJM382GcavV8JvYHGIjZEqunJxQv/MUApL3//ObYzVfYlb206YcjQnTTOFYYEvk05jaCOydOtQdCaWMOBq6jZER3VirFS22digpCpcq80eT25el7yj0b7Leigk/t7oM3hcSQP2K9FYXik6Jr80tkA3K9Zrqd5XqY417OeADFfP9itgq47tvu509/lJi8irloo6IZSkkCrrlOiKU2GJdfFXYQvh/kVkd3vFKpnYllKAjX3CQ9R0Afr200Vc/fnBAhdwe6RXePBGK2rvE5faiiVowm2aUj5cMsdLtM9RiGm05EcM5eIC6kdOJdhq1KCzRZLERCtH5zIM0ttRlE5f5SHNmk74GCui7HjyNhe+r2pa4dkev4/SuOU8gJ+8w6NJsNY01h5uvKjp8IhVU+9UMHZftsXy2aRBPtKBDb1cz1A8ouwpyuJeyy47GOmn7EIQ4OGnpBkrcp+ewLMIkCT+GF1RxUbTmiRMUTkOiY21VXGS/Azh4aRbMdAbXH7AAh3pwnO26cbfAzDYmihBWCxRuZoOibtt4WUAAAAAMABVguNTA5AAAD9DCCA/AwggLYoAMCAQICCQDoW62bU8ygFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEPMA0GA1UEAwwGU1NMIENBMB4XDTIxMDQyMTEzMzEwNVoXDTIyMDQyMTEzMzEwNVowQzELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxDTALBgNVBAMMBHJlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCujb+Wkb9MLlmBzQm5SgXAy5k6dO639lyYIIw+W5MHLFTCgb7yRAHNccwkDlhohTRicKXsD7pps4Bm+hl6UmkAnd4x72z8/6usd0CgOXeO0dm8Jaqud+Umury7cE5TKShIF/kZra30YDzdUJ8E51OGoMbOefVQ2S0BUSxtQNaKmZbth5dPmBDrG0jarp8Cd4YcPittcI3b4WWEvuXzBkhf7mSEJRvpQRB7a8/vWLMZ/AhnZEFxtP1/HvirBXkFT5wz0HncsWpkpwbVl2aaTROBs12TPbI9ti2u62rFDrebiFFDFUUXUcF+kap0EKRaSGDvij/BfGdTvT0Wt7YFzA9pAgMBAAGjgeQwgeEwgacGA1UdEQSBnzCBnIIEcmVzdIIOcmVzdC5jb25mbHVlbnSCEnJlc3QuY29uZmx1ZW50LnN2Y4IgcmVzdC5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCECoucmVzdC5jb25mbHVlbnSCIioucmVzdC5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCGCoucmVzdC5zdmMuY2x1c3Rlci5sb2NhbDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAHGKR7zEIgFLos6RAIXfwO+EYne3Q8pHB890YSchc+yW0rgDONPPGcl/k6XmsL9+Zs6AIIcO5VVBkFqusrS/h1Zt5yvY+r3elrXa5/xNa3SFLVDRqVDzowpibS7RkCc3bkdYtrOZ7kKYMmV2degBd4sih3lTLd7Qb4y5jKwFkOyvcKiWJ0dVUhRNeCL4DZcR/POA6JtrG7a6TYcz/TNUyudLfO+RFKXuC5GsmeQxVW6qLCcD7QLUBuRQshJW6nLDswnYUgNFM/84Iy8wcAC4/W4guRqj0vnIl8WC3VrFdGSbHLwfvlJqe73l77Q6e4nzxoD73UwZPMycno4KAF2MZBUABVguNTA5AAAELzCCBCswggIToAMCAQICCQCU4on800qmnDANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yMjA0MTkyMTE1NTJaMEUxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMQ8wDQYDVQQDDAZTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWuUSwQ2cXcKxH165cnuaVq07De/UGa2vFbjdkhR5A6TOU074uOqfZTiLPHhKSZ4YYH1+L4K9Q+lbat3gqhvpnUtP+n307YR1eoTyKdd6EYb8vEue4TG6DSPzgatMxsiliqpee5Q0IJQU2ng6Bb7UUR8ooudtYc7nJVi1GvxmuFejF44g/0db7hUSUvmNyDuxaipGtVj9yZqJf5Kc7JCHqih80/7WcWxIalzYMdqvVti5BVvs2bbLIqS/DSRoFy+jO/m6y0YaXi/0bWbjd6pm6noE7t0tTY2jXxmGDMyuOa9acTFWu/hS5TOTnA27p3xAWga+/w30TKvHM7l6jyaSxAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgKEMA0GCSqGSIb3DQEBCwUAA4ICAQAcfOCVH7IEzAauOklzSeDYqIYkvNKFbWtBhUqm3P5jsZoa6+RMkCe6imbNR7wYlzzF+lXuLWkCIQI10WC/dc7RjKDB3Ra6p0fsARa26C+5OaD/prPraOBnZpIP27iXeCOORETZCuePTIodzximX/mxfDp8jE3utuW1qXmxjc6gLChX/IUbHfgWiJz4fU9crSaynqzBBZCaMMpZPEgJXy00kX6tsWKIlVbVULW9KYw1AD+8lNxUzWuceIngm/XYyOM+vmZMDZ0pv+Th9YbtwRlVCAzRyBM5muC2uxg9//VsFs19mqhPr6AISj4IKoxBOCaVUn6L8STM6XhNeO9boW6NPXuaWyCeRaLKOyeMfpBdPfo+CujVacPSQ2YNKMU/a4QE3j/BSuG/P1dlFprbb8ZzGBOvfxqv01zgETfvqS9RgNkqa1D4KRKkOZLYGsuU6jdpq/UB9PXWZETAKu2QA1ckWtNLz9FMPrviGYj1HsazaCYcx7FhEzFejoIsmlarmtpZQH9taLf2cn/ZJrDDncdJBOvyZsmtefS/+k/hKLrgUKEm6QdwVR0BbFc/5GatihCwi3hgoEj0r4F0PYnbp96MLlhKO3kdO02lrXnPzgEG+j6S7dNhTreBBybtMpLl0BAdCnzeOXqQMoeGKQZXoLwn7xReGmzJYcECVzGNqezAcgAFWC41MDkAAAUMMIIFCDCCAvACCQDAKTWpEAiIxTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yNDAyMDcyMTE1NTJaMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuslCZXjSmVZQcJnC1ZGXSZGpjxGJ8trpiuF6Y2HgaWktPsP3uE3GVzjvtAJnz70cpb4pOZEK3u3W+NuQLw+XlDi5XHyDuScLIyGv1J1YmeSRVAQ4jCXhBiqNQqy+1YaAJpl2InsK1FwlWiC4ZoHwfyBsV65PH8viA2HcrPBahLSscBgYJ4kMpBFjXc6eEyZWFO6eYN/3Gb8KmT3VhgBdDxfrlXrpJwDjAuWWWaZ1gxsNbe4d2BMXRcjAGwTzObtBqECrqbKNtzKVLNkCo5VO2SdIWmi9x9oD+eppuPOvMornNd32b8KWxPLucP1ZchhrcwGOWSYEkhNrLDhpX+tKUFM4d6EGdEv4yA4gIx4JN4MvBa6onM5HUmXGmvr0OkBnbsi/Zk77c/jmDkL53n/jG1V5BR3kLnt04h4xhyiK6ITNmNR5HNSdlzhKT/qdneqIYoAVIQvHC/wUA3B+B3uurhtr9a6cLYvya9WBANJgQDLcSXDa6zBlvaPz7XtROaMKkY4U6FCn0r7a12r154CYWwjxkYN4r7ebxw9wgVa0GkRFsMGVEZ/vCiB4q3LHvtAu4mRYBb1srMZ15fUTn0DQn5RL65FwTpt1BRfiUHhXuNWRDzdqyoRcihP25YTWPcyW4AZGFstTCZHoK/sSS6+/E7zVlvt3ZKrpyXhNNI3QG3sCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAeOoVwAXAko+XDdRePouvNdHRGFNEq67H/0F9yCCms5d7iMW1X5da37ukYe3TCWMYFP6J2HGBdbL8IZpnro4s2IPH2Ez0VgaY95N6iBkZEdClPshGKcrlEkgeCA5gA+IK28pl9OXJtf2U4DGL0LAGDun87+wPLuDRVkp4SdEzVYGRxy5Y0IiuoYipzpj1AJ7E9g3ulwGkWnt2Np/7paNwAmED3g/IHIdyw3fyVbHJgPjsFsRnuLJghwKs95WP92fagJYnuoj6RTo4bo6z6z1wYvQzyzxT1mpgThm0FyqSOeyuJ+f+tctJbnc6afMteloDKJBfAPNDN7cuQ8agaj7RcqkKKndOPOqxZ/G6TyqR1MDQg5mBlbWV7ejoBAQwhno6r8fNRejVVmkEZ7F+BLGSWJ2xPGwGcEHuoDvtAjSoVlrELSRVjOKUMFwiT9g7WArldkXWYZw7nzfifvo3KhLjYmOWZKhzk4+8NnyaslI5jCTev0wBEBJ5Xwj8me8/xK3Mu/VQjzIGO5bHTcTfXOCZcdQTQI65fA8yDidW7ZP2Dn4yMk4mrIjGxu3qj9daxKhvvCAOhbxyTZfCbci1bWEU5ochTu7csBX4MlYlhYpzitsfyndyFaL9WjX8up4y90PxOO3SClt0lltfy/NXHCZZj56cmKp6FctclPoiptTIRqJD+Ym0Ks9Ms0nrQbI6SbeWkhpv4w== + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ4RENDQXRpZ0F3SUJBZ0lKQU9oYnJadFR6S0FYTUEwR0NTcUdTSWIzRFFFQkN3VUFNRVV4Q3pBSkJnTlYKQkFZVEFrTklNUTR3REFZRFZRUUtEQVZFZFdaeWVURVZNQk1HQTFVRUN3d01TVzV6YVdkb2RITWdVRTlETVE4dwpEUVlEVlFRRERBWlRVMHdnUTBFd0hoY05NakV3TkRJeE1UTXpNVEExV2hjTk1qSXdOREl4TVRNek1UQTFXakJECk1Rc3dDUVlEVlFRR0V3SkRTREVPTUF3R0ExVUVDZ3dGUkhWbWNua3hGVEFUQmdOVkJBc01ERWx1YzJsbmFIUnoKSUZCUFF6RU5NQXNHQTFVRUF3d0VjbVZ6ZERDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQwpnZ0VCQUs2TnY1YVJ2MHd1V1lITkNibEtCY0RMbVRwMDdyZjJYSmdnakQ1Ymt3Y3NWTUtCdnZKRUFjMXh6Q1FPCldHaUZOR0p3cGV3UHVtbXpnR2I2R1hwU2FRQ2Qzakh2YlB6L3E2eDNRS0E1ZDQ3UjJid2xxcTUzNVNhNnZMdHcKVGxNcEtFZ1grUm10cmZSZ1BOMVFud1RuVTRhZ3hzNTU5VkRaTFFGUkxHMUExb3FabHUySGwwK1lFT3NiU05xdQpud0ozaGh3K0syMXdqZHZoWllTKzVmTUdTRi91WklRbEcrbEJFSHRyeis5WXN4bjhDR2RrUVhHMC9YOGUrS3NGCmVRVlBuRFBRZWR5eGFtU25CdFdYWnBwTkU0R3pYWk05c2oyMkxhN3Jhc1VPdDV1SVVVTVZSUmRSd1g2UnFuUVEKcEZwSVlPK0tQOEY4WjFPOVBSYTN0Z1hNRDJrQ0F3RUFBYU9CNURDQjRUQ0Jwd1lEVlIwUkJJR2ZNSUdjZ2dSeQpaWE4wZ2c1eVpYTjBMbU52Ym1ac2RXVnVkSUlTY21WemRDNWpiMjVtYkhWbGJuUXVjM1pqZ2lCeVpYTjBMbU52CmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJUUtpNXlaWE4wTG1OdmJtWnNkV1Z1ZElJaUtpNXkKWlhOMExtTnZibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSVlLaTV5WlhOMExuTjJZeTVqYkhWegpkR1Z5TG14dlkyRnNNQWtHQTFVZEV3UUNNQUF3Q3dZRFZSMFBCQVFEQWdXZ01CMEdBMVVkSlFRV01CUUdDQ3NHCkFRVUZCd01CQmdnckJnRUZCUWNEQWpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWNZcEh2TVFpQVV1aXpwRUEKaGQvQTc0UmlkN2REeWtjSHozUmhKeUZ6N0piU3VBTTQwODhaeVgrVHBlYXd2MzVtem9BZ2h3N2xWVUdRV3E2eQp0TCtIVm0zbks5ajZ2ZDZXdGRybi9FMXJkSVV0VU5HcFVQT2pDbUp0THRHUUp6ZHVSMWkyczVudVFwZ3laWFoxCjZBRjNpeUtIZVZNdDN0QnZqTG1NckFXUTdLOXdxSlluUjFWU0ZFMTRJdmdObHhIODg0RG9tMnNidHJwTmh6UDkKTTFUSzUwdDg3NUVVcGU0TGtheVo1REZWYnFvc0p3UHRBdFFHNUZDeUVsYnFjc096Q2RoU0EwVXovemdqTHpCdwpBTGo5YmlDNUdxUFMrY2lYeFlMZFdzVjBaSnNjdkIrK1VtcDd2ZVh2dERwN2lmUEdnUHZkVEJrOHpKeWVqZ29BClhZeGtGUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcm8yL2xwRy9UQzVaZ2MwSnVVb0Z3TXVaT25UdXQvWmNtQ0NNUGx1VEJ5eFV3b0crCjhrUUJ6WEhNSkE1WWFJVTBZbkNsN0ErNmFiT0Fadm9aZWxKcEFKM2VNZTlzL1ArcnJIZEFvRGwzanRIWnZDV3EKcm5mbEpycTh1M0JPVXlrb1NCZjVHYTJ0OUdBODNWQ2ZCT2RUaHFER3pubjFVTmt0QVZFc2JVRFdpcG1XN1llWApUNWdRNnh0STJxNmZBbmVHSEQ0cmJYQ04yK0ZsaEw3bDh3WklYKzVraENVYjZVRVFlMnZQNzFpekdmd0laMlJCCmNiVDlmeDc0cXdWNUJVK2NNOUI1M0xGcVpLY0cxWmRtbWswVGdiTmRrejJ5UGJZdHJ1dHF4UTYzbTRoUlF4VkYKRjFIQmZwR3FkQkNrV2toZzc0by93WHhuVTcwOUZyZTJCY3dQYVFJREFRQUJBb0lCQVFDTmFaejdlTnhIOVl6aQpFYUI5RWpFUy9sOEc4dENyRE5YN0VQTk5XWmNGeXE1b1hnQzUrTXFWREVwY001c0FJbHBNSGdMdCtkZ0Y1anh5Ck1OQVBQMUIrQldlTGdQTUZESVNpVm9KdXk5L0dQdEJ0RXY3eUZZUDZHbkxvVDVYRTNhVWFzd0ZHQW1UWmhGWUsKM2xQVi95cTErTzdYUEFxNEV4blk1VkJldXBhVTlYNlFpUG0xYlNNSnloT0RGMVdxL2c2U3FJWW5MOVVYYUw2MgpUalRpdDFRN043VTUveFBtTW9zWDYxUDdzUm5rdE9PQTZPSVIxYWJIUnJLY083UWlPTkJaTXpIU1VKRlc1STJvCjNJbVdTYnl1dEFuVGZYdFo0dm9aRDlsMmc3V2VpZTQ1VENsSmJyN01UVVF1Zzc4MjhUckdXRVd5ZmVRR3dCbkkKSThFb2dsTjVBb0dCQU5xckdFcEhuaFhSaVB2UVF6VS9kYVorZVVnRzlxa1FqMDhtcVFYZjJTWllSdVpVeVBuUwpMOWlNUlFYNWQ1Zmt6dWEzdis2aWFaWEtsM2hYT2gyNWdqa2x5OGxaY2tKcUJjZU5EZjhoSDNmWnYxUk9ScVFuCmVRQncwYVJkL0p6MFY1aUZ2ZkZTeGdTaVo2cG9kZXVoTnFKT1VFZERXRTdoWTF0dVMwRTlIZVFuQW9HQkFNeGEKbjFCSGJOYnowb1RVd0N5QmowdFJqWklQaUU4ZjV4RFR4SDF0N1prMVg1SThHMW1qakdCTWQ2cmlpaEZ1TElYbQpaUUJDaGZ3ckoxdSs4dXZVY1dNcEtCMHM2eEdJTm9ORmNMY2FnUFcyWlRuMTV6ZDZsZFpKKzBCalpvOHI3Q24zCkMyd1VsYm9nUEZIdjQ5UWJRNzhUVDV3bm1xK2NqeUVLdjZ2ZjZkbnZBb0dBY1pZc3NQRVF5aTZrNUlGalYvYVYKNjUySTdJUkpmcnJPWm9RamlweWoxUXBJRWY5NndtS1BYZ0pISEhwZ3lETWYwck1pYlJoS2xuZTlSTkt5cXB3aApiQVFaSG9kckZkcXpFOXhPcC9lUnZCVU5FUUwwS1BNa0pMbDEvTmFoa1BwUHdqZSsyZXR3VnhueGxaQmJxTUYrCmVzTUphbXN1SlJOcEpDWmZ5d3l2U1VNQ2dZQkVMTmVKaU1xZXk2a245M0pGWnRQUFpOMitKTUJzNVUvSkpWMGcKRzFSeEVJVlozQU9qM0JRdzdGSGdDTVBYSE5KdHVYZG9wc2pjWCtrNWluS3dpcWRwVlltMGNnL2FRWDh1UERSbQpZY2swTUMyRk1LeDZyY0xmUXI4M3MvRzdRZ1AvM0JOTGMzS2dMYkR5QlA0VS9TT1UwM1J6dkNLM0E1d2NnZUdBCkRhdU9zUUtCZ0g1WEtuYzU0bWRaMzBnN0hhUlF4T1BvZWRKK21zVjlCQnpYR2hpVUFtcWhva2dpc2dVRmQ5Y24KczNCcVYxektSY1V1UEVhc3RsRTdtaVpUSFhESklOeGp5cDdLd0xtK2M0YVJzemhXTUF1NzRsbDZ5QWMwak91WAo0cnVBdVBrY0pIbzhhRSsvY3I5NXo1MlZRRDVVdTgwWDU5R21HMnFsZ015ZFRLKys5RGlkCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF47AJ+MgAFWC41MDkAAAUMMIIFCDCCAvACCQDAKTWpEAiIxTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yNDAyMDcyMTE1NTJaMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuslCZXjSmVZQcJnC1ZGXSZGpjxGJ8trpiuF6Y2HgaWktPsP3uE3GVzjvtAJnz70cpb4pOZEK3u3W+NuQLw+XlDi5XHyDuScLIyGv1J1YmeSRVAQ4jCXhBiqNQqy+1YaAJpl2InsK1FwlWiC4ZoHwfyBsV65PH8viA2HcrPBahLSscBgYJ4kMpBFjXc6eEyZWFO6eYN/3Gb8KmT3VhgBdDxfrlXrpJwDjAuWWWaZ1gxsNbe4d2BMXRcjAGwTzObtBqECrqbKNtzKVLNkCo5VO2SdIWmi9x9oD+eppuPOvMornNd32b8KWxPLucP1ZchhrcwGOWSYEkhNrLDhpX+tKUFM4d6EGdEv4yA4gIx4JN4MvBa6onM5HUmXGmvr0OkBnbsi/Zk77c/jmDkL53n/jG1V5BR3kLnt04h4xhyiK6ITNmNR5HNSdlzhKT/qdneqIYoAVIQvHC/wUA3B+B3uurhtr9a6cLYvya9WBANJgQDLcSXDa6zBlvaPz7XtROaMKkY4U6FCn0r7a12r154CYWwjxkYN4r7ebxw9wgVa0GkRFsMGVEZ/vCiB4q3LHvtAu4mRYBb1srMZ15fUTn0DQn5RL65FwTpt1BRfiUHhXuNWRDzdqyoRcihP25YTWPcyW4AZGFstTCZHoK/sSS6+/E7zVlvt3ZKrpyXhNNI3QG3sCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAeOoVwAXAko+XDdRePouvNdHRGFNEq67H/0F9yCCms5d7iMW1X5da37ukYe3TCWMYFP6J2HGBdbL8IZpnro4s2IPH2Ez0VgaY95N6iBkZEdClPshGKcrlEkgeCA5gA+IK28pl9OXJtf2U4DGL0LAGDun87+wPLuDRVkp4SdEzVYGRxy5Y0IiuoYipzpj1AJ7E9g3ulwGkWnt2Np/7paNwAmED3g/IHIdyw3fyVbHJgPjsFsRnuLJghwKs95WP92fagJYnuoj6RTo4bo6z6z1wYvQzyzxT1mpgThm0FyqSOeyuJ+f+tctJbnc6afMteloDKJBfAPNDN7cuQ8agaj7RcqkKKndOPOqxZ/G6TyqR1MDQg5mBlbWV7ejoBAQwhno6r8fNRejVVmkEZ7F+BLGSWJ2xPGwGcEHuoDvtAjSoVlrELSRVjOKUMFwiT9g7WArldkXWYZw7nzfifvo3KhLjYmOWZKhzk4+8NnyaslI5jCTev0wBEBJ5Xwj8me8/xK3Mu/VQjzIGO5bHTcTfXOCZcdQTQI65fA8yDidW7ZP2Dn4yMk4mrIjGxu3qj9daxKhvvCAOhbxyTZfCbci1bWEU5ochTu7csBX4MlYlhYpzitsfyndyFaL9WjX8up4y90PxOO3SClt0lltfy/NXHCZZj56cmKp6FctclPoiptTIRqJdoke9keGfFxrWEUmg0Pk60kFs3A== +--- +apiVersion: v1 +kind: Secret +metadata: + name: zookeeper-generated-jks +type: kubernetes.io/tls +data: + ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRGJ6Q0NBbGNDQVFBd1NERUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhFakFRQmdOVkJBTVRDWHB2YjJ0bFpYQmxjakNDQVNJd0RRWUpLb1pJCmh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTWp2RlhTSDQ1YmRRb1NsUjNxekhkSjliWjJZZU5PZXhYYjcKSmdiOXpIKzlJT1BIaTFFOEJrbFZHRVFJOS82RUlNckVDaSsrWmRqS01Kc01jS25KazBBc2VjU3BlRVdhS0dhMQo0TEwyVTg2YzNqRHB3bG45SUxFWmd3OTNEWXBpYmNOcEFsbW5BUmVOZDdoaFczdStpKzVsS0JGT2dXbVR3WHhsCktNOUZhL1BlbGFZc1ZXTVlpa1ZGbmNRNjg3WnpWejZqenlsb2p1QjJwK3JudHZ0Vkg2RFpGQ2xUekdsY2xJSnIKRXRFNHVNMm1DbW9BSmVRUHhDVWxWZmJGbS9GYUlSbFJ5cUE4WUZQT1gxUmlYdlJ0dXBxblh0eHhaTWhIWkRyTQpmOXBpaTRKL2lmQUx0RTIvZFB2ekViclQ5UzM2dkVKekphRVFML2lhVjQ0RFR5YTlycFVDQXdFQUFhQ0I0VENCCjNnWUpLb1pJaHZjTkFRa09NWUhRTUlITk1JSEtCZ05WSFJFRWdjSXdnYitDQ1hwdmIydGxaWEJsY29JVGVtOXYKYTJWbGNHVnlMbU52Ym1ac2RXVnVkSUlYZW05dmEyVmxjR1Z5TG1OdmJtWnNkV1Z1ZEM1emRtT0NKWHB2YjJ0bApaWEJsY2k1amIyNW1iSFZsYm5RdWMzWmpMbU5zZFhOMFpYSXViRzlqWVd5Q0ZTb3VlbTl2YTJWbGNHVnlMbU52CmJtWnNkV1Z1ZElJbktpNTZiMjlyWldWd1pYSXVZMjl1Wm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnMKZ2gwcUxtTnZibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQwpBUUVBSEJqN2x0Uk9Nc1FVTWlVOUZZUFRQSTJ5NW1iQlk3WGNZNk9tVUE0ampLZ1hZVFlrSU5Cc1htcFBZTGw1CmtRTVR0VTNFSUZrdklwUEVLUE0vTFFLSjNlcHkwUTMybmh6TWFTaTdUdWg2WmpyUzRaMGxvVmpRZU9TTzJ6QVcKaGgvdU15TFBrWUlTbndZbVpqeSsrMDBYeDhRYnlNMjZtVE5FNUt4d2dNaU9HbG1ON2tvU1JGWTdob3BmcWJWeApGUVBGMUpyNm5DTFV0bTRFMVZvN0tMQVJpbGo3QXVmSGNoYVpmZ3RiS2U5Q25mQTc5cTJpYkdtbDNncDEycTZVClZkUWVLUzU1eGJvUDdBc0VycmtwR3UzQm9xMjk0RGJtTW1lV3ovYW9IdDl4N29vRFBGNW9TYlF4eVRkcUNmWXcKSnpNY3Q1Z2l0cjluRGRwNFc5WkxSbEdMWlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K + jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk + keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EqeFjgAABQEwggT9MA4GCisGAQQBKgIRAQEFAASCBOkcB/nfvwtr736A0LeqwWYJXKcMrOGsloCjEpUx2PIsz3f+CGcsbMp1mYGxsgXflHxRpfDgqhFdpwjbVIfQ0zvb4p5S/oWePL5vcynIAxAcqO6rsK08cHmN+AE2R+u5kBh0tqFW/cyl0aUA7GcNlojgoazZavgWHPhh9yqHSA/5lUOlGky6sYFhty2o7NJHDhWd++WRnEssifDmmHHEkv36EaVKpsWtgwYz5EwFWTi2CUl4K5Z0/ZmvMJqSGyMq3Dehl1y1jrwogdwEWQk7kgjcwP00NIEkAWj1OUm0P43wLahMFoxQfpLCEuZABPSePPh52AFQ9EA6x9k4+j/DZ4d9e3i6rWpFiJeCekvJt+8nvxFVa0H+d7V6cBP84NHZWfNtv5vfUdB4yIaonvkCpgvmX0QYrco1S45dc7A54HKW14FcbZmARQl+NBsyhkDR4ykqlG/fr+as2mfIGh3CQBgvNNEsRGvDEaa9yPvLTzDk7b7h6VgGYv/vLNHuwXV3KBgFvN5XMvI66iByU7f/Gep8rj1VpHr7D9uTTkusdxz8b8+DGJUQ1lq+yb1OgjKkEdpQhc/Dm4HEvXUP2A+044MH+Z6WfsYV80w5r76wG2lDsVAOXnkvyjNa0GaertgzagKMyzreT6XXtBpl7xkzsTx1Kresoz5lq0JBuEc97MRThRaQLy2sMK0/3K6K2XT6WcAPdsU7mAZb8Z4RktV0Zoj+ey1esLUTyV81uniZ8tV4pO60m9aNkm1c3FMx2xA/ruPGr9+WceQQ+bjPcmpuLM7bicrhnYTaPRmMfHsK2Bq1C9qMwvLXnQ/6jubL+CjkdR9T8WiY8SauC6FDJ2Z+a8NAZqK5E7eDFKEcKMiDt7Y7YUuF8DAkFYdvp/Pf+/k+aPI1CkZclMzIcngXwokh7aRX5PHJh+WjZa8JbG4zjupspl9m2E1WNgSGyAzeCFBtJk/S7rbK8N/vTuaaN0jXJ5kpGdTjGX6wOdGQhkfWp1FPssciLZxmvfMkU4dxanOlIDIGk7Cba+vXAIMdTbn3Ztj6BQOZI6hCi/PuRbJT6F0kc9XoWXoLvPKCg2mJVXwx1/iExMTYF0awaEQR9s30Q9f85BGy9YERk4kiKjsy4m+CcwkdjC/2aDPrB2oVdGFDvKWamPAfQuoMcfLoXdznpR2+WmLvT/zLEA37a0sfF5hX2AFDtUS/ntwCQxVpEb0nl/8nxf/g+EN28fkxEAK8tjPupU9O+9Ze4sT9Hw/2V9ddvUDLpWSqeEmvQxcB6M9wBzUlbSQ8GTftWuLS9XIRLS1mldVrNoG9BYqDeeDqeI7zomwpOSaCND4Ey12JbeFdUgWENn9lmvDJoQBkoOtMutTSrLmyDjS16j+7/ZH5dmrcijBnBAkT4nDa53fmuq8NGWVkxv5XjrF37Wj59wwPNJ1GaYOSRGRKoNRb8rEciPuFh8voGBgewZmcwuAC3XQpgq+bdXbLUghdFRA0ON1/Al1Nd0ZRTdxiqaJ8wsPnFu6y+ygcC8OIzuSj3ezmjq+ds+ci+fQOIj04jVBIMgAii2fAohm+RlGjA8xnytmkq7l+V+hYMlB42gj+f8WbefK019SYEjAOgWn9Z/pHbzgzIGAd9JYFLpyrTW3cwjHEDzDtB3EHJCEpDJdKDAE5IF8QhrklgKfyP+MxngwAAAABAARYNTA5AAAFLDCCBSgwggMQoAMCAQICEGdpJ7rgx1Lwc4iZOyigcn4wDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDI3MDkyNzE5WhcNMjIwNDIyMDkyNzE5WjBIMQswCQYDVQQGEwJDSDEOMAwGA1UEChMFRHVmcnkxFTATBgNVBAsTDEluc2lnaHRzIFBPQzESMBAGA1UEAxMJem9va2VlcGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyO8VdIfjlt1ChKVHerMd0n1tnZh4057FdvsmBv3Mf70g48eLUTwGSVUYRAj3/oQgysQKL75l2MowmwxwqcmTQCx5xKl4RZooZrXgsvZTzpzeMOnCWf0gsRmDD3cNimJtw2kCWacBF413uGFbe76L7mUoEU6BaZPBfGUoz0Vr896VpixVYxiKRUWdxDrztnNXPqPPKWiO4Han6ue2+1UfoNkUKVPMaVyUgmsS0Ti4zaYKagAl5A/EJSVV9sWb8VohGVHKoDxgU85fVGJe9G26mqde3HFkyEdkOsx/2mKLgn+J8Au0Tb90+/MRutP1Lfq8QnMloRAv+JpXjgNPJr2ulQIDAQABo4IBDjCCAQowDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMIHKBgNVHREEgcIwgb+CCXpvb2tlZXBlcoITem9va2VlcGVyLmNvbmZsdWVudIIXem9va2VlcGVyLmNvbmZsdWVudC5zdmOCJXpvb2tlZXBlci5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCFSouem9va2VlcGVyLmNvbmZsdWVudIInKi56b29rZWVwZXIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2Fsgh0qLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAc/mIXN8mtOfOY+/yEVKUEi01ZC0qyEg0frpdHQJjeaenynKyvVEbQUHQ4UT6Of4IS4Q1FunsLCvqWMLe0hkFmuj59sK+CtwKfq5cc2jTlq1BACyTJB/peTsJHUL/CQKenMlRJMJS64tRDzYIdndQSG4M0LRrfnuiw6nkPIBNhb0Ud4hv3Fu4W2TKADGGGdfxd5gGCwB6o4hMp0/0Xaj9Mks5fqQq1Gc8AeLDTnw8GgZmUzBuH071rJxM5nENAlzP2mb/FqbbwmYkZArAslTFh+ngfYa/p7YzYxsKrS6Al22IncYwk26bs8f0fMnrlClj/4BJw6PishPY2p7HuChtLEkeUG+8ITBYLUeEvHlqZ3D7cYYbtbwYkqTNRx16sNe3cYGBSpDtbT/+89CUPGdWEKckaKCKXx+LYSy8nJrmJ4yEnuixRZgdqv8fptFabZqCKjQDGJF1gr/xgobyg12k75rE6oSIrZpfG/fAagRXADRQwWU/krtKMvh6kJh3HK8JxsuYBshsK43fdBgm3Y+aCteS80SdiZGkYelM3LLMxba7tA2JlPiMTMRK2eFgzjhy9Zu4sStFLentbNAUUJtT+xRP+Y1g0e1qgu9zprH91hdX6b2StyV3MIilbmrZ23XNYFEZH3cHiqMXuCyFICh7IllqYLxVd/r5FlURFHSuqYEAAAACAAJjYQAAAXkSp4WPAARYNTA5AAAFDDCCBQgwggLwAgkAwCk1qRAIiMUwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDE5MjExNTUyWhcNMjQwMjA3MjExNTUyWjBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALrJQmV40plWUHCZwtWRl0mRqY8RifLa6YrhemNh4GlpLT7D97hNxlc477QCZ8+9HKW+KTmRCt7t1vjbkC8Pl5Q4uVx8g7knCyMhr9SdWJnkkVQEOIwl4QYqjUKsvtWGgCaZdiJ7CtRcJVoguGaB8H8gbFeuTx/L4gNh3KzwWoS0rHAYGCeJDKQRY13OnhMmVhTunmDf9xm/Cpk91YYAXQ8X65V66ScA4wLlllmmdYMbDW3uHdgTF0XIwBsE8zm7QahAq6myjbcylSzZAqOVTtknSFpovcfaA/nqabjzrzKK5zXd9m/ClsTy7nD9WXIYa3MBjlkmBJITayw4aV/rSlBTOHehBnRL+MgOICMeCTeDLwWuqJzOR1Jlxpr69DpAZ27Iv2ZO+3P45g5C+d5/4xtVeQUd5C57dOIeMYcoiuiEzZjUeRzUnZc4Sk/6nZ3qiGKAFSELxwv8FANwfgd7rq4ba/WunC2L8mvVgQDSYEAy3Elw2uswZb2j8+17UTmjCpGOFOhQp9K+2tdq9eeAmFsI8ZGDeK+3m8cPcIFWtBpERbDBlRGf7wogeKtyx77QLuJkWAW9bKzGdeX1E59A0J+US+uRcE6bdQUX4lB4V7jVkQ83asqEXIoT9uWE1j3MluAGRhbLUwmR6Cv7EkuvvxO81Zb7d2Sq6cl4TTSN0Bt7AgMBAAEwDQYJKoZIhvcNAQELBQADggIBAHjqFcAFwJKPlw3UXj6LrzXR0RhTRKuux/9BfcggprOXe4jFtV+XWt+7pGHt0wljGBT+idhxgXWy/CGaZ66OLNiDx9hM9FYGmPeTeogZGRHQpT7IRinK5RJIHggOYAPiCtvKZfTlybX9lOAxi9CwBg7p/O/sDy7g0VZKeEnRM1WBkccuWNCIrqGIqc6Y9QCexPYN7pcBpFp7djaf+6WjcAJhA94PyByHcsN38lWxyYD47BbEZ7iyYIcCrPeVj/dn2oCWJ7qI+kU6OG6Os+s9cGL0M8s8U9ZqYE4ZtBcqkjnsrifn/rXLSW53OmnzLXpaAyiQXwDzQze3LkPGoGo+0XKpCip3TjzqsWfxuk8qkdTA0IOZgZW1le3o6AQEMIZ6Oq/HzUXo1VZpBGexfgSxklidsTxsBnBB7qA77QI0qFZaxC0kVYzilDBcIk/YO1gK5XZF1mGcO5834n76NyoS42JjlmSoc5OPvDZ8mrJSOYwk3r9MARASeV8I/JnvP8StzLv1UI8yBjuWx03E31zgmXHUE0COuXwPMg4nVu2T9g5+MjJOJqyIxsbt6o/XWsSob7wgDoW8ck2Xwm3ItW1hFOaHIU7u3LAV+DJWJYWKc4rbH8p3chWi/Vo1/LqeMvdD8Tjt0gpbdJZbX8vzVxwmWY+enJiqehXLXJT6IqbUyEaieC/K8+LUymGYeLMd7VgAaaZu7jQ= + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZLRENDQXhDZ0F3SUJBZ0lRWjJrbnV1REhVdkJ6aUprN0tLQnlmakFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjd09USTNNVGxhRncweU1qQTBNakl3Ck9USTNNVGxhTUVneEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1SSXdFQVlEVlFRREV3bDZiMjlyWldWd1pYSXdnZ0VpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREk3eFYwaCtPVzNVS0VwVWQ2c3gzU2ZXMmRtSGpUbnNWMit5WUcvY3gvCnZTRGp4NHRSUEFaSlZSaEVDUGYraENES3hBb3Z2bVhZeWpDYkRIQ3B5Wk5BTEhuRXFYaEZtaWhtdGVDeTlsUE8Kbk40dzZjSlovU0N4R1lNUGR3MktZbTNEYVFKWnB3RVhqWGU0WVZ0N3ZvdnVaU2dSVG9GcGs4RjhaU2pQUld2egozcFdtTEZWakdJcEZSWjNFT3ZPMmMxYytvODhwYUk3Z2RxZnE1N2I3VlIrZzJSUXBVOHhwWEpTQ2F4TFJPTGpOCnBncHFBQ1hrRDhRbEpWWDJ4WnZ4V2lFWlVjcWdQR0JUemw5VVlsNzBiYnFhcDE3Y2NXVElSMlE2ekgvYVlvdUMKZjRud0M3Uk52M1Q3OHhHNjAvVXQrcnhDY3lXaEVDLzRtbGVPQTA4bXZhNlZBZ01CQUFHamdnRU9NSUlCQ2pBTwpCZ05WSFE4QkFmOEVCQU1DQXFRd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHCkExVWRFd0VCL3dRQ01BQXdnY29HQTFVZEVRU0J3akNCdjRJSmVtOXZhMlZsY0dWeWdoTjZiMjlyWldWd1pYSXUKWTI5dVpteDFaVzUwZ2hkNmIyOXJaV1Z3WlhJdVkyOXVabXgxWlc1MExuTjJZNElsZW05dmEyVmxjR1Z5TG1OdgpibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSVZLaTU2YjI5clpXVndaWEl1WTI5dVpteDFaVzUwCmdpY3FMbnB2YjJ0bFpYQmxjaTVqYjI1bWJIVmxiblF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDSFNvdVkyOXUKWm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUJ6K1loYwozeWEwNTg1ajcvSVJVcFFTTFRWa0xTcklTRFIrdWwwZEFtTjVwNmZLY3JLOVVSdEJRZERoUlBvNS9naExoRFVXCjZld3NLK3BZd3Q3U0dRV2E2UG4yd3I0SzNBcCtybHh6YU5PV3JVRUFMSk1rSCtsNU93a2RRdjhKQXA2Y3lWRWsKd2xMcmkxRVBOZ2gyZDFCSWJnelF0R3QrZTZMRHFlUThnRTJGdlJSM2lHL2NXN2hiWk1vQU1ZWVoxL0YzbUFZTApBSHFqaUV5blQvUmRxUDB5U3psK3BDclVaendCNHNOT2ZEd2FCbVpUTUc0ZlR2V3NuRXptY1EwQ1hNL2FadjhXCnB0dkNaaVJrQ3NDeVZNV0g2ZUI5aHIrbnRqTmpHd3F0TG9DWGJZaWR4akNUYnB1engvUjh5ZXVVS1dQL2dFbkQKbytLeUU5amFuc2U0S0cwc1NSNVFiN3doTUZndFI0UzhlV3BuY1B0eGhodTF2QmlTcE0xSEhYcXcxN2R4Z1lGSwprTzF0UC83ejBKUThaMVlRcHlSb29JcGZINHRoTEx5Y211WW5qSVNlNkxGRm1CMnEveCttMFZwdG1vSXFOQU1ZCmtYV0N2L0dDaHZLRFhhVHZtc1RxaElpdG1sOGI5OEJxQkZjQU5GREJaVCtTdTBveStIcVFtSGNjcnduR3k1Z0cKeUd3cmpkOTBHQ2JkajVvSzE1THpSSjJKa2FSaDZVemNzc3pGdHJ1MERZbVUrSXhNeEVyWjRXRE9PSEwxbTdpeApLMFV0NmUxczBCUlFtMVA3RkUvNWpXRFI3V3FDNzNPbXNmM1dGMWZwdlpLM0pYY3dpS1Z1YXRuYmRjMWdVUmtmCmR3ZUtveGU0TElVZ0tIc2lXV3BndkZWMyt2a1dWUkVVZEs2cGdRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRREk3eFYwaCtPVzNVS0UKcFVkNnN4M1NmVzJkbUhqVG5zVjIreVlHL2N4L3ZTRGp4NHRSUEFaSlZSaEVDUGYraENES3hBb3Z2bVhZeWpDYgpESENweVpOQUxIbkVxWGhGbWlobXRlQ3k5bFBPbk40dzZjSlovU0N4R1lNUGR3MktZbTNEYVFKWnB3RVhqWGU0CllWdDd2b3Z1WlNnUlRvRnBrOEY4WlNqUFJXdnozcFdtTEZWakdJcEZSWjNFT3ZPMmMxYytvODhwYUk3Z2RxZnEKNTdiN1ZSK2cyUlFwVTh4cFhKU0NheExST0xqTnBncHFBQ1hrRDhRbEpWWDJ4WnZ4V2lFWlVjcWdQR0JUemw5VQpZbDcwYmJxYXAxN2NjV1RJUjJRNnpIL2FZb3VDZjRud0M3Uk52M1Q3OHhHNjAvVXQrcnhDY3lXaEVDLzRtbGVPCkEwOG12YTZWQWdNQkFBRUNnZ0VBYWh3ZjkyNy9tQjcyVHJnOW5DVlUzV0NSYjRVaVlaYlo3ckJJYjY2OXZNTnkKeC9jTHNuV0JXRjZRdHZVSmlhWGE3MWxCaTk3L1I5SFdnenE1a0dBNzI4cmc3eU1UdWFYa0tnRm9UUG5hWGlUbgpEV3VVMEJMbG5jQzhQb0YvYkJINHB4WWdRSm41OEtjcmp2b1M1ckZFa2p0blFtUno0UDQvVW1MVmYwZkk3M292ClkrUll3UCtXVjhXcHBlbjdETk00VE41T2dsVTZQUVNpcDhhRXdHWUxjZS9BTVV4TnhrWjZsVmtFZ2NLaStWdXYKTTI4YUZiV1A0bk5zWjEwQnIvZTVYSHluakV6MkxtZ1J3RGdYMTloUy9VYWc3KzFqTGwrNjMzZGhNTkR1U0lQZApOdm9rNlVSWGZPbVh2dnpBd1dvWnU1b3krSUtGL3pJSVNQNVdCT0xGb1FLQmdRRGNFT3JMUWw5UUIyZkxJYldCCjRhUU90Y0w3U3hRRGpPRGxPeHFCbjJIUzlFbFV2T1NjNklPVmp3WUlscmRBemh2VFM3d2FERExpbFQ5QzhKSngKRUdxV3IxNCt2bkZSbGdZYkgrU09kOGxOczFETklTMHFyZ1FPNlo2NjcvUW5JMjUwLzhsWitNVGFNMEk5YThhaQp5T2JtSjBRZzQwUDVpT3RCYjlVaFlRMVUyUUtCZ1FEcHZtb1hrNXBDOEJLelJJUTlQWm1RNUFUQ1VYai8yeE5ICi81VmZZYmJQQSt6U2ZoS0NUcnRNWGtMTStlMzMvcHBmbWNiL1c4M2wzOW1Kb01Vd2tTdnk2bjZ5YjJHYWdOL0wKZkRTc1ZxNFlLdUhiN1FmVWp6ZGtqNHBVVTJabkZTMkVmaDFhc3VHR0F2TEN0dklMUGh5UVNmS1BLMlRyRmY3OQo1STNFNDhCaUhRS0JnUUNmS2YwbmxaR3FLREVCMGhlZElMMnZoZmJJR2IwWDlFU1VodkxjM1pHN0tjUC83YjdMClhjQU40NnZSZW5DQUJwSkplSFZMd1pic0dsWHU3R0IrTmdsaGd1VC9MRzU1TzdDZTNhcEpBSW93RUlsWVU2NS8KTit6bmZFQzVvK05LaTIzUVlWQVlLcnoxdEMwc2owN1RYY3JpbTNQQzlaeXNWa01ReVBtMWNxUlp3UUtCZ0VWUgpGWTgyVTNua1RmZGhxMEdxQWQ5bzcweGM4dUFWTEt1ZVRNTERiSDRKc1BKZk5zZno1ekZuaHJIWXNFeHA4WWZHClI3QTBubU84Tlh2TjlJeEprTm54MW02OS94amRmUUNRTGVLcHRla3UxbG5zK2ZSOElEWXZKeHVJdkFaM3prN0wKUTVOQkZ3WXgyNklJdE5ER3M1dktnaWNZL0UyRzhWNkRwOU1xbzBPMUFvR0FKUEU1M0t0NnFDazhJT1BhYkN2ZwpHVHJXbGMvOVN4b3prb1NyMzZIc3JaZHcva2wvRHhMc0tnL0JsK0swb3NVMy9oZTl0N2tRUWFxTVNqWUp5WG1oCndvOUFjMnpWcHR4SzZtWStaNklmQ3ord21kVW1VVSt3cnNIbFoyWlNxaVdUMHZ4Ujl0a1d0eHVUWTZTZHk3NGsKMlJ5UmdNVHo0UC9FV2pzRkVubnJDMDg9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EqeFjwAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGonq6PS2Q0EZUlgvokUMUzxA3ONO3 +--- \ No newline at end of file diff --git a/apps/base/kafka/control-centre.yaml b/kustomize/base/confluent/control-centre.yaml similarity index 97% rename from apps/base/kafka/control-centre.yaml rename to kustomize/base/confluent/control-centre.yaml index 6c5e561..019eebc 100644 --- a/apps/base/kafka/control-centre.yaml +++ b/kustomize/base/confluent/control-centre.yaml @@ -3,7 +3,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: ControlCenter metadata: name: controlcenter - namespace: confluent spec: replicas: 1 podTemplate: diff --git a/apps/base/kafka/kafka-connect.yaml b/kustomize/base/confluent/kafka-connect.yaml similarity index 98% rename from apps/base/kafka/kafka-connect.yaml rename to kustomize/base/confluent/kafka-connect.yaml index e43236b..4461f2a 100644 --- a/apps/base/kafka/kafka-connect.yaml +++ b/kustomize/base/confluent/kafka-connect.yaml @@ -3,7 +3,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: Connect metadata: name: connect - namespace: confluent spec: replicas: 1 image: diff --git a/kustomize/base/confluent/kafka.yaml b/kustomize/base/confluent/kafka.yaml new file mode 100644 index 0000000..013f0e5 --- /dev/null +++ b/kustomize/base/confluent/kafka.yaml @@ -0,0 +1,122 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + replicas: 3 + image: + application: confluentinc/cp-server-operator:6.1.1.0 + init: confluentinc/cp-init-container-operator:6.1.1.0 + dataVolumeCapacity: 40Gi + tls: + autoGeneratedCerts: true + listeners: + # internal listener is used to access the Kafka cluster from the same Kubernetes cluster, + # i.e. in the svc.cluster.local + internal: + authentication: + type: plain + jaasConfig: + secretRef: credential + tls: + enabled: true + # external listener exposes the Kafka bootstrap and brokers as LB endpoints + external: + authentication: + type: plain + jaasConfig: + secretRef: credential + tls: + enabled: true + authorization: + type: rbac + superUsers: + - User:kafka + services: + mds: + tls: + enabled: true + tokenKeyPair: + secretRef: mds-token + provider: + type: ldap + ldap: + address: ldap://ldap.tools.svc.cluster.local:389 + authentication: + type: simple + simple: + secretRef: credential + configurations: + groupNameAttribute: cn + groupObjectClass: group + groupMemberAttribute: member + groupMemberAttributePattern: CN=(.*),DC=test,DC=com + groupSearchBase: dc=test,dc=com + userNameAttribute: cn + userMemberOfAttributePattern: CN=(.*),DC=test,DC=com + userObjectClass: organizationalRole + userSearchBase: dc=test,dc=com + configOverrides: + server: + # the LDAP lookup is set by default to ONE_LEVEL + - ldap.user.search.scope=2 + - ldap.search.mode=GROUPS + + # Overwrite the default settings on the INTERNAL listener + - listener.name.internal.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER + - listener.name.internal.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; + - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler + - listener.name.internal.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; + - listener.name.internal.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler + - listener.name.internal.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler + + # Overwrite the default settings on the EXTERNAL listener + - listener.name.external.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER + - listener.name.external.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; + - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler + - listener.name.external.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; + - listener.name.external.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler + - listener.name.external.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler + + # Overwrite the default settings on the REPLICATION listener + - listener.name.replication.sasl.enabled.mechanisms=PLAIN + - listener.name.replication.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="${file:/mnt/secrets/credential/plain.txt:username}" password="${file:/mnt/secrets/credential/plain.txt:password}"; + - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler + + # log4j: + # - log4j.logger.io.confluent.security.auth.provider.ldap.LdapGroupManager=DEBUG + dependencies: + kafkaRest: + authentication: + type: bearer + bearer: + secretRef: mds-client + zookeeper: + endpoint: zookeeper.confluent.svc.cluster.local:2182 + authentication: + type: digest + jaasConfig: + secretRef: credential + tls: + enabled: true + metricReporter: + enabled: true + bootstrapEndpoint: kafka.confluent.svc.cluster.local:9071 + authentication: + type: plain + jaasConfig: + secretRef: credential + tls: + enabled: true +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaRestClass +metadata: + name: default +spec: + kafkaRest: + authentication: + type: bearer + bearer: + secretRef: rest-credential \ No newline at end of file diff --git a/apps/base/kafka/ksqldb.yaml b/kustomize/base/confluent/ksqldb.yaml similarity index 97% rename from apps/base/kafka/ksqldb.yaml rename to kustomize/base/confluent/ksqldb.yaml index 3d7708e..4b8cf30 100644 --- a/apps/base/kafka/ksqldb.yaml +++ b/kustomize/base/confluent/ksqldb.yaml @@ -3,7 +3,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: KsqlDB metadata: name: ksqldb - namespace: confluent spec: replicas: 1 image: diff --git a/kustomize/base/confluent/kustomization.yaml b/kustomize/base/confluent/kustomization.yaml new file mode 100644 index 0000000..58aea4c --- /dev/null +++ b/kustomize/base/confluent/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - certificates.yaml + - zookeeper.yaml + - kafka.yaml + - kafka-connect.yaml + - schema-registry.yaml + - control-centre.yaml + - rest-proxy.yaml + - ksqldb.yaml \ No newline at end of file diff --git a/apps/base/kafka/rest-proxy.yaml b/kustomize/base/confluent/rest-proxy.yaml similarity index 91% rename from apps/base/kafka/rest-proxy.yaml rename to kustomize/base/confluent/rest-proxy.yaml index 03132f5..2ac0205 100644 --- a/apps/base/kafka/rest-proxy.yaml +++ b/kustomize/base/confluent/rest-proxy.yaml @@ -8,7 +8,6 @@ metadata: labels: type: rest name: rest - namespace: confluent spec: podManagementPolicy: Parallel replicas: 1 @@ -44,28 +43,19 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - - name: KAFKA_REST_CONFIG_PROVIDERS value: file - name: KAFKA_REST_CONFIG_PROVIDERS_FILE_CLASS value: org.apache.kafka.common.config.provider.FileConfigProvider - # duplicated for the proper generation of /etc/kafka-rest/admin.properties - name: KAFKA_REST_CLIENT_CONFIG_PROVIDERS value: file - name: KAFKA_REST_CLIENT_CONFIG_PROVIDERS_FILE_CLASS value: org.apache.kafka.common.config.provider.FileConfigProvider - - name: KAFKA_REST_BOOTSTRAP_SERVERS value: kafka.confluent.svc.cluster.local:9071 - name: KAFKA_REST_CLIENT_SECURITY_PROTOCOL value: SASL_SSL - # - name: KAFKA_REST_CLIENT_SASL_MECHANISM - # value: OAUTHBEARER - # - name: KAFKA_REST_CLIENT_SASL_JAAS_CONFIG - # value: org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required metadataServerUrls="https://kafka.confluent.svc.cluster.local:8090" username="${file:/mnt/secrets/rest/bearer.txt:username}" password="${file:/mnt/secrets/rest/bearer.txt:password}"; - # - name: KAFKA_REST_CLIENT_SASL_LOGIN_CALLBACK_HANDLER_CLASS - # value: io.confluent.kafka.clients.plugins.auth.token.TokenUserLoginCallbackHandler - name: KAFKA_REST_CLIENT_SASL_MECHANISM value: PLAIN - name: KAFKA_REST_CLIENT_SASL_JAAS_CONFIG @@ -80,7 +70,6 @@ spec: value: /mnt/sslcerts/truststore.jks - name: KAFKA_REST_CLIENT_SSL_TRUSTSTORE_PASSWORD value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_LISTENERS value: https://0.0.0.0:8080,http://localhost:9080 - name: KAFKA_REST_SSL_ENABLED_PROTOCOLS @@ -95,7 +84,6 @@ spec: value: /mnt/sslcerts/truststore.jks - name: KAFKA_REST_SSL_TRUSTSTORE_PASSWORD value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_SCHEMA_REGISTRY_URL value: https://registry.confluent.svc.cluster.local:8081 - name: KAFKA_REST_SCHEMA_REGISTRY_HTTPS_SSL_KEY_PASSWORD @@ -108,18 +96,14 @@ spec: value: /mnt/sslcerts/truststore.jks - name: KAFKA_REST_SCHEMA_REGISTRY_HTTPS_SSL_TRUSTSTORE_PASSWORD value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_CONFLUENT_REST_AUTH_PROPAGATE_METHOD value: JETTY_AUTH - - name: KAFKA_REST_KAFKA_REST_RESOURCE_EXTENSION_CLASS value: io.confluent.kafkarest.security.KafkaRestSecurityResourceExtension - name: KAFKA_REST_REST_SERVLET_INITIALIZOR_CLASSES value: io.confluent.common.security.jetty.initializer.InstallBearerOrBasicSecurityHandler - - name: KAFKA_REST_PUBLIC_KEY_PATH value: /mnt/secrets/rest/mdsPublicKey.pem - - name: KAFKA_REST_CONFLUENT_METADATA_BOOTSTRAP_SERVER_URLS value: https://kafka.confluent.svc.cluster.local:8090 - name: KAFKA_REST_CONFLUENT_METADATA_HTTP_AUTH_CREDENTIALS_PROVIDER @@ -130,7 +114,6 @@ spec: value: /mnt/sslcerts/truststore.jks - name: KAFKA_REST_CONFLUENT_METADATA_SSL_TRUSTSTORE_PASSWORD value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - startupProbe: exec: command: @@ -141,7 +124,6 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 - livenessProbe: exec: command: @@ -152,7 +134,6 @@ spec: periodSeconds: 30 successThreshold: 1 timeoutSeconds: 5 - ports: - containerPort: 8080 name: external @@ -175,10 +156,8 @@ spec: name: sslcerts - mountPath: /mnt/secrets/rest name: credentials - dnsPolicy: ClusterFirst restartPolicy: Always - volumes: - name: sslcerts secret: @@ -187,8 +166,7 @@ spec: - name: credentials secret: defaultMode: 420 - secretName: rest - + secretName: credential updateStrategy: type: RollingUpdate --- @@ -198,7 +176,6 @@ metadata: labels: type: rest name: rest - namespace: confluent spec: clusterIP: None ports: diff --git a/apps/base/kafka/schema-registry.yaml b/kustomize/base/confluent/schema-registry.yaml similarity index 76% rename from apps/base/kafka/schema-registry.yaml rename to kustomize/base/confluent/schema-registry.yaml index 3047bbf..89f7ab2 100644 --- a/apps/base/kafka/schema-registry.yaml +++ b/kustomize/base/confluent/schema-registry.yaml @@ -3,7 +3,6 @@ apiVersion: platform.confluent.io/v1beta1 kind: SchemaRegistry metadata: name: registry - namespace: confluent spec: replicas: 1 image: @@ -23,20 +22,20 @@ spec: tls: enabled: true mds: + endpoint: https://kafka.confluent.svc.cluster.local:8090 + tokenKeyPair: + secretRef: mds-token authentication: type: bearer bearer: secretRef: sr-mds-client - endpoint: https://kafka.confluent.svc.cluster.local:8090 tls: enabled: true - tokenKeyPair: - secretRef: mds-token - configOverrides: - server: - - leader.eligibility=true - - inter.instance.protocol=https - # operator changes the defaults - - schema.registry.group.id=schema-registry - - kafkastore.topic=_schemas +# configOverrides: +# server: +# - leader.eligibility=true +# - inter.instance.protocol=https +# # operator changes the defaults +# - schema.registry.group.id=schema-registry +# - kafkastore.topic=_schemas --- \ No newline at end of file diff --git a/kustomize/base/confluent/zookeeper.yaml b/kustomize/base/confluent/zookeeper.yaml new file mode 100644 index 0000000..fbe052f --- /dev/null +++ b/kustomize/base/confluent/zookeeper.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Zookeeper +metadata: + name: zookeeper +spec: + replicas: 3 + image: + application: confluentinc/cp-zookeeper-operator:6.1.1.0 + init: confluentinc/cp-init-container-operator:6.1.1.0 + dataVolumeCapacity: 10Gi + logVolumeCapacity: 10Gi + authentication: + type: digest + jaasConfig: + secretRef: credential + tls: + autoGeneratedCerts: true \ No newline at end of file diff --git a/apps/base/kustomization.yaml b/kustomize/base/kustomization.yaml similarity index 77% rename from apps/base/kustomization.yaml rename to kustomize/base/kustomization.yaml index c449752..f984546 100644 --- a/apps/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - secrets + - confluent - rolebindings - - kafka diff --git a/kustomize/base/rolebindings/connect/connect-base.yaml b/kustomize/base/rolebindings/connect/connect-base.yaml new file mode 100644 index 0000000..0dfc382 --- /dev/null +++ b/kustomize/base/rolebindings/connect/connect-base.yaml @@ -0,0 +1,44 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: connect-cluster-base +spec: + clustersScopeByIds: + connectClusterId: confluent.connect + principal: + name: connect + type: user + role: SecurityAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: connect-resources-base +spec: + principal: + name: connect + type: user + resourcePatterns: + - name: confluent.connect + patternType: LITERAL + resourceType: Group + - name: confluent.connect- + patternType: PREFIXED + resourceType: Topic + role: ResourceOwner +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: connect-monitoring-base +spec: + principal: + name: connect + type: user + resourcePatterns: + - name: _confluent-monitoring + patternType: PREFIXED + resourceType: Topic + role: DeveloperWrite + + diff --git a/kustomize/base/rolebindings/connect/connect-groups.yaml b/kustomize/base/rolebindings/connect/connect-groups.yaml new file mode 100644 index 0000000..c62b7b5 --- /dev/null +++ b/kustomize/base/rolebindings/connect/connect-groups.yaml @@ -0,0 +1,16 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: connect-groups +spec: + principal: + name: connect + type: user + resourcePatterns: + - name: connect-cluster + patternType: LITERAL + resourceType: Group + - name: connect-secrets + patternType: LITERAL + resourceType: Group + role: ResourceOwner diff --git a/kustomize/base/rolebindings/connect/connect-topics.yaml b/kustomize/base/rolebindings/connect/connect-topics.yaml new file mode 100644 index 0000000..316544e --- /dev/null +++ b/kustomize/base/rolebindings/connect/connect-topics.yaml @@ -0,0 +1,25 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: connect-topics +spec: + principal: + name: connect + type: user + resourcePatterns: + - name: _confluent-connect-secrets + patternType: LITERAL + resourceType: Topic + - name: _confluent-connect-status + patternType: LITERAL + resourceType: Topic + - name: _confluent-connect-offsets + patternType: LITERAL + resourceType: Topic + - name: _confluent-connect-configs + patternType: LITERAL + resourceType: Topic + - name: confluent.connect- + patternType: PREFIXED + resourceType: Topic + role: ResourceOwner diff --git a/kustomize/base/rolebindings/connect/kustomization.yaml b/kustomize/base/rolebindings/connect/kustomization.yaml new file mode 100644 index 0000000..6275c8d --- /dev/null +++ b/kustomize/base/rolebindings/connect/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: confluent +resources: + - connect-base.yaml + - connect-groups.yaml + - connect-topics.yaml diff --git a/kustomize/base/rolebindings/controlcenter/controlcentre-base.yaml b/kustomize/base/rolebindings/controlcenter/controlcentre-base.yaml new file mode 100644 index 0000000..64a4063 --- /dev/null +++ b/kustomize/base/rolebindings/controlcenter/controlcentre-base.yaml @@ -0,0 +1,9 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: control-centre-base +spec: + principal: + name: ccc + type: user + role: SystemAdmin diff --git a/kustomize/base/rolebindings/controlcenter/controlcentre-clusters.yaml b/kustomize/base/rolebindings/controlcenter/controlcentre-clusters.yaml new file mode 100644 index 0000000..600571f --- /dev/null +++ b/kustomize/base/rolebindings/controlcenter/controlcentre-clusters.yaml @@ -0,0 +1,35 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: control-centre-cluster-registry +spec: + clustersScopeByIds: + schemaRegistryClusterId: schema-registry + principal: + name: ccc + type: user + role: SystemAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: control-centre-cluster-connect +spec: + clustersScopeByIds: + connectClusterId: confluent.connect + principal: + name: ccc + type: user + role: SystemAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: control-centre-cluster-ksqldb +spec: + clustersScopeByIds: + ksqlClusterId: ksqldb-cluster + principal: + name: ccc + type: user + role: SystemAdmin diff --git a/kustomize/base/rolebindings/controlcenter/kustomization.yaml b/kustomize/base/rolebindings/controlcenter/kustomization.yaml new file mode 100644 index 0000000..5b6c76f --- /dev/null +++ b/kustomize/base/rolebindings/controlcenter/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: confluent +resources: + - controlcentre-base.yaml + - controlcentre-clusters.yaml \ No newline at end of file diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-base.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-base.yaml new file mode 100644 index 0000000..bc777a6 --- /dev/null +++ b/kustomize/base/rolebindings/ksqldb/ksqldb-base.yaml @@ -0,0 +1,29 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: ksqldb-cluster-base +spec: + clustersScopeByIds: + ksqlClusterId: confluent.ksqldb_ + principal: + name: ksql + type: user + resourcePatterns: + - name: ksql-cluster + patternType: LITERAL + resourceType: KsqlCluster + role: ResourceOwner +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: ksqldb-cluster-resources-base +spec: + principal: + name: ksql + type: user + resourcePatterns: + - name: _confluent-ksql-confluent.ksqldb_ + patternType: PREFIXED + resourceType: Topic + role: ResourceOwner diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-cluster.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-cluster.yaml new file mode 100644 index 0000000..ce34f3f --- /dev/null +++ b/kustomize/base/rolebindings/ksqldb/ksqldb-cluster.yaml @@ -0,0 +1,14 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: ksqldb-cluster +spec: + clustersScopeByIds: + kafkaClusterId: qrGPK1LPTaa1s9d5D4V1rw + principal: + name: ksql + type: user + resourcePatterns: + - name: kafka-cluster + resourceType: Cluster + role: DeveloperWrite \ No newline at end of file diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-groups.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-groups.yaml new file mode 100644 index 0000000..04083cd --- /dev/null +++ b/kustomize/base/rolebindings/ksqldb/ksqldb-groups.yaml @@ -0,0 +1,13 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: ksqldb-cluster-groups +spec: + principal: + name: ksql + type: user + resourcePatterns: + - name: _confluent-ksql-ksqldb-cluster + patternType: PREFIXED + resourceType: Group + role: ResourceOwner diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml new file mode 100644 index 0000000..63e70dc --- /dev/null +++ b/kustomize/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml @@ -0,0 +1,16 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: ksqldb-cluster-ksqlcluster +spec: + clustersScopeByIds: + ksqlClusterId: confluent.ksqldb_ + principal: + name: ksql + type: user + resourcePatterns: + - name: ksql-cluster + patternType: LITERAL + resourceType: KsqlCluster + role: ResourceOwner +--- diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-topics.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-topics.yaml new file mode 100644 index 0000000..0ba6994 --- /dev/null +++ b/kustomize/base/rolebindings/ksqldb/ksqldb-topics.yaml @@ -0,0 +1,19 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: ksqldb-cluster-topics +spec: + principal: + name: ksql + type: user + resourcePatterns: + - name: _confluent-ksql-confluent.ksqldb_ + patternType: PREFIXED + resourceType: Topic + - name: _confluent-ksql-ksqldb-cluster_command_topic + patternType: PREFIXED + resourceType: Topic + - name: ksqldb-clusterksql_processing_log + patternType: PREFIXED + resourceType: Topic + role: ResourceOwner diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-transaction.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-transaction.yaml new file mode 100644 index 0000000..0e7910b --- /dev/null +++ b/kustomize/base/rolebindings/ksqldb/ksqldb-transaction.yaml @@ -0,0 +1,13 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: ksqldb-cluster-transaction +spec: + principal: + name: ksql + type: user + resourcePatterns: + - name: ksqldb-cluster + patternType: PREFIXED + resourceType: TransactionalId + role: ResourceOwner diff --git a/kustomize/base/rolebindings/ksqldb/kustomization.yaml b/kustomize/base/rolebindings/ksqldb/kustomization.yaml new file mode 100644 index 0000000..3d026df --- /dev/null +++ b/kustomize/base/rolebindings/ksqldb/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: confluent +resources: + - ksqldb-base.yaml + - ksqldb-cluster.yaml + - ksqldb-groups.yaml + - ksqldb-ksqlcluster.yaml + - ksqldb-topics.yaml + - ksqldb-transaction.yaml \ No newline at end of file diff --git a/kustomize/base/rolebindings/kustomization.yaml b/kustomize/base/rolebindings/kustomization.yaml new file mode 100644 index 0000000..c00c807 --- /dev/null +++ b/kustomize/base/rolebindings/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: confluent +resources: + - ldap + - controlcenter + - connect + - ksqldb + - schemaregistry \ No newline at end of file diff --git a/apps/base/rolebindings/ldap/kustomization.yaml b/kustomize/base/rolebindings/ldap/groups/kustomization.yaml similarity index 82% rename from apps/base/rolebindings/ldap/kustomization.yaml rename to kustomize/base/rolebindings/ldap/groups/kustomization.yaml index f46f4bd..3ced4b9 100644 --- a/apps/base/rolebindings/ldap/kustomization.yaml +++ b/kustomize/base/rolebindings/ldap/groups/kustomization.yaml @@ -2,5 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: confluent resources: - - groups - - users \ No newline at end of file + - ldap-groups.yaml \ No newline at end of file diff --git a/kustomize/base/rolebindings/ldap/groups/ldap-groups.yaml b/kustomize/base/rolebindings/ldap/groups/ldap-groups.yaml new file mode 100644 index 0000000..755ce6e --- /dev/null +++ b/kustomize/base/rolebindings/ldap/groups/ldap-groups.yaml @@ -0,0 +1,77 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: admin-groups-kafka-cluster-connect +spec: + clustersScopeByIds: + connectClusterId: confluent.connect + principal: + name: admins + type: group + resourcePatterns: + - name: "*" + resourceType: Connector + role: ResourceOwner +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: admin-groups-kafka-cluster-sr +spec: + clustersScopeByIds: + schemaRegistryClusterId: schema-registry + principal: + name: admins + type: group + role: SystemAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: admin-groups-kafka-cluster-ksql +spec: + clustersScopeByIds: + ksqlClusterId: ksqldb-cluster + principal: + name: admins + type: group + role: SystemAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: admin-group-topics +spec: + principal: + name: admins + type: group + resourcePatterns: + - name: "*" + resourceType: Topic + role: ResourceOwner +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: admin-group-groups +spec: + principal: + name: admins + type: group + resourcePatterns: + - name: "*" + resourceType: Group + role: ResourceOwner +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: admin-group-transactionalid +spec: + principal: + name: admins + type: group + resourcePatterns: + - name: "*" + resourceType: TransactionalId + role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/rolebindings/ldap/kustomization.yaml b/kustomize/base/rolebindings/ldap/kustomization.yaml new file mode 100644 index 0000000..c860fd8 --- /dev/null +++ b/kustomize/base/rolebindings/ldap/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - groups + - users \ No newline at end of file diff --git a/infrastructure/confluent/kustomization.yaml b/kustomize/base/rolebindings/ldap/users/kustomization.yaml similarity index 67% rename from infrastructure/confluent/kustomization.yaml rename to kustomize/base/rolebindings/ldap/users/kustomization.yaml index 86734a3..63f5568 100644 --- a/infrastructure/confluent/kustomization.yaml +++ b/kustomize/base/rolebindings/ldap/users/kustomization.yaml @@ -2,5 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: confluent resources: - - namespace.yaml - - confluent-operator.yaml \ No newline at end of file + - ldap-users.yaml \ No newline at end of file diff --git a/kustomize/base/rolebindings/ldap/users/ldap-users.yaml b/kustomize/base/rolebindings/ldap/users/ldap-users.yaml new file mode 100644 index 0000000..e69de29 diff --git a/kustomize/base/rolebindings/schemaregistry/kustomization.yaml b/kustomize/base/rolebindings/schemaregistry/kustomization.yaml new file mode 100644 index 0000000..9e63810 --- /dev/null +++ b/kustomize/base/rolebindings/schemaregistry/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: confluent +resources: + - schemaregistry-base.yaml + - schemaregistry-groups.yaml + - schemaregistry-topics.yaml \ No newline at end of file diff --git a/kustomize/base/rolebindings/schemaregistry/schemaregistry-base.yaml b/kustomize/base/rolebindings/schemaregistry/schemaregistry-base.yaml new file mode 100644 index 0000000..3a9eea6 --- /dev/null +++ b/kustomize/base/rolebindings/schemaregistry/schemaregistry-base.yaml @@ -0,0 +1,33 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: registry-base + namespace: confluent +spec: + clustersScopeByIds: + schemaRegistryClusterId: id_registry_confluent + principal: + name: registry + type: user + role: SecurityAdmin +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: registry-mds-client-resources-base + namespace: confluent +spec: + principal: + name: registry + type: user + resourcePatterns: + - name: _confluent-license + patternType: LITERAL + resourceType: Topic + - name: _schemas_schemaregistry_confluent + patternType: LITERAL + resourceType: Topic + - name: id_schemaregistry_confluent + patternType: LITERAL + resourceType: Group + role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/rolebindings/schemaregistry/schemaregistry-groups.yaml b/kustomize/base/rolebindings/schemaregistry/schemaregistry-groups.yaml new file mode 100644 index 0000000..1696c23 --- /dev/null +++ b/kustomize/base/rolebindings/schemaregistry/schemaregistry-groups.yaml @@ -0,0 +1,17 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: registry-groups + namespace: confluent +spec: + principal: + name: registry + type: user + resourcePatterns: + - name: id_schemaregistry_confluent + patternType: LITERAL + resourceType: Group + - name: schema-registry + patternType: LITERAL + resourceType: Group + role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/rolebindings/schemaregistry/schemaregistry-topics.yaml b/kustomize/base/rolebindings/schemaregistry/schemaregistry-topics.yaml new file mode 100644 index 0000000..ab7d24b --- /dev/null +++ b/kustomize/base/rolebindings/schemaregistry/schemaregistry-topics.yaml @@ -0,0 +1,14 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: ConfluentRolebinding +metadata: + name: registry-topics + namespace: confluent +spec: + principal: + name: registry + type: user + resourcePatterns: + - name: _schemas + patternType: LITERAL + resourceType: Topic + role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/secrets/c3-mds-client.yaml b/kustomize/base/secrets/c3-mds-client.yaml new file mode 100644 index 0000000..3d6d429 --- /dev/null +++ b/kustomize/base/secrets/c3-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9YzMKcGFzc3dvcmQ9YzMtc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: c3-mds-client diff --git a/kustomize/base/secrets/connect-mds-client.yaml b/kustomize/base/secrets/connect-mds-client.yaml new file mode 100644 index 0000000..3adbc0b --- /dev/null +++ b/kustomize/base/secrets/connect-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9Y29ubmVjdApwYXNzd29yZD1jb25uZWN0LXNlY3JldAo= +kind: Secret +metadata: + creationTimestamp: null + name: connect-mds-client diff --git a/kustomize/base/secrets/credential.yaml b/kustomize/base/secrets/credential.yaml new file mode 100644 index 0000000..053a4d6 --- /dev/null +++ b/kustomize/base/secrets/credential.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +data: + basic.txt: YzM6IGMzLXNlY3JldCxBZG1pbmlzdHJhdG9ycwphZG1pbjogRGV2ZWxvcGVyMSxBZG1pbmlzdHJhdG9ycwphZG1pbjE6IERldmVsb3BlcjEsQWRtaW5pc3RyYXRvcnMK + digest-users.json: ewogICJrYWZrYSI6ICJrYWZrYS1zZWNyZXQiCn0K + digest.txt: dXNlcm5hbWU9ImthZmthIgpwYXNzd29yZD0ia2Fma2Etc2VjcmV0Ig== + ldap.txt: dXNlcm5hbWU9Y249bWRzLGRjPXRlc3QsZGM9Y29tCnBhc3N3b3JkPURldmVsb3BlciEK + mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t + mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== + plain-users.json: ewogICJrYWZrYV9jbGllbnQiOiAia2Fma2FfY2xpZW50LXNlY3JldCIsCiAgImMzIjogImMzLXNlY3JldCIsCiAgImthZmthIjogImthZmthLXNlY3JldCIKfQ== + plain.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: credential diff --git a/kustomize/base/secrets/ksqldb-mds-client.yaml b/kustomize/base/secrets/ksqldb-mds-client.yaml new file mode 100644 index 0000000..6a053fc --- /dev/null +++ b/kustomize/base/secrets/ksqldb-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9a3NxbApwYXNzd29yZD1rc3FsLXNlY3JldAo= +kind: Secret +metadata: + creationTimestamp: null + name: ksqldb-mds-client diff --git a/kustomize/base/secrets/kustomization.yaml b/kustomize/base/secrets/kustomization.yaml new file mode 100644 index 0000000..5471250 --- /dev/null +++ b/kustomize/base/secrets/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - c3-mds-client.yaml + - connect-mds-client.yaml + - credential.yaml + - ksqldb-mds-client.yaml + - mds-client.yaml + - mds-token.yaml + - rest-credential.yaml + - sr-mds-client.yaml \ No newline at end of file diff --git a/kustomize/base/secrets/mds-client.yaml b/kustomize/base/secrets/mds-client.yaml new file mode 100644 index 0000000..24de26d --- /dev/null +++ b/kustomize/base/secrets/mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: mds-client diff --git a/kustomize/base/secrets/mds-token.yaml b/kustomize/base/secrets/mds-token.yaml new file mode 100644 index 0000000..ae87e43 --- /dev/null +++ b/kustomize/base/secrets/mds-token.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t + mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== +kind: Secret +metadata: + creationTimestamp: null + name: mds-token diff --git a/kustomize/base/secrets/rest-credential.yaml b/kustomize/base/secrets/rest-credential.yaml new file mode 100644 index 0000000..f7901ac --- /dev/null +++ b/kustomize/base/secrets/rest-credential.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + basic.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== + bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== + plain.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: rest-credential diff --git a/kustomize/base/secrets/sr-mds-client.yaml b/kustomize/base/secrets/sr-mds-client.yaml new file mode 100644 index 0000000..fb57182 --- /dev/null +++ b/kustomize/base/secrets/sr-mds-client.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + bearer.txt: dXNlcm5hbWU9c3IKcGFzc3dvcmQ9c3Itc2VjcmV0Cg== +kind: Secret +metadata: + creationTimestamp: null + name: sr-mds-client diff --git a/kustomize/base/topics/foobar.yaml b/kustomize/base/topics/foobar.yaml new file mode 100644 index 0000000..b1a752d --- /dev/null +++ b/kustomize/base/topics/foobar.yaml @@ -0,0 +1,7 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: foobar +spec: + replicas: 1 + partitionCount: 12 diff --git a/kustomize/base/topics/topic2.yaml b/kustomize/base/topics/topic2.yaml new file mode 100644 index 0000000..782dd6d --- /dev/null +++ b/kustomize/base/topics/topic2.yaml @@ -0,0 +1,7 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: topic-rbac +spec: + replicas: 1 + partitionCount: 12 \ No newline at end of file diff --git a/kustomize/environments/dev/control-centre.yaml b/kustomize/environments/dev/control-centre.yaml new file mode 100644 index 0000000..0fbd39b --- /dev/null +++ b/kustomize/environments/dev/control-centre.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ControlCenter +metadata: + name: controlcenter +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 + mds: + endpoint: https://kafka.dev.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/dev/kafka-connect.yaml b/kustomize/environments/dev/kafka-connect.yaml new file mode 100644 index 0000000..ed69f20 --- /dev/null +++ b/kustomize/environments/dev/kafka-connect.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Connect +metadata: + name: connect +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 + mds: + endpoint: https://kafka.dev.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/dev/kafka.yaml b/kustomize/environments/dev/kafka.yaml new file mode 100644 index 0000000..5179afb --- /dev/null +++ b/kustomize/environments/dev/kafka.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + dependencies: + zookeeper: + endpoint: zookeeper.dev.svc.cluster.local:2182 + metricReporter: + bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 diff --git a/kustomize/environments/dev/ksqldb.yaml b/kustomize/environments/dev/ksqldb.yaml new file mode 100644 index 0000000..87ed05d --- /dev/null +++ b/kustomize/environments/dev/ksqldb.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KsqlDB +metadata: + name: ksqldb +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 + mds: + endpoint: https://kafka.dev.svc.cluster.local:8090 diff --git a/kustomize/environments/dev/kustomization.yaml b/kustomize/environments/dev/kustomization.yaml new file mode 100644 index 0000000..21fdde4 --- /dev/null +++ b/kustomize/environments/dev/kustomization.yaml @@ -0,0 +1,10 @@ +namespace: dev +resources: +- namespace.yaml +- ../../base +patchesStrategicMerge: + - control-centre.yaml + - kafka.yaml + - kafka-connect.yaml + - ksqldb.yaml + - schema-registry.yaml \ No newline at end of file diff --git a/infrastructure/tools/namespace.yaml b/kustomize/environments/dev/namespace.yaml similarity index 75% rename from infrastructure/tools/namespace.yaml rename to kustomize/environments/dev/namespace.yaml index 11152f6..e3472ba 100644 --- a/infrastructure/tools/namespace.yaml +++ b/kustomize/environments/dev/namespace.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: tools \ No newline at end of file + name: dev \ No newline at end of file diff --git a/kustomize/environments/dev/schema-registry.yaml b/kustomize/environments/dev/schema-registry.yaml new file mode 100644 index 0000000..38942b2 --- /dev/null +++ b/kustomize/environments/dev/schema-registry.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: SchemaRegistry +metadata: + name: registry +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 + mds: + endpoint: https://kafka.dev.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/kustomization.yaml b/kustomize/environments/kustomization.yaml new file mode 100644 index 0000000..88bc450 --- /dev/null +++ b/kustomize/environments/kustomization.yaml @@ -0,0 +1,4 @@ +resources: +- dev +- staging +- production diff --git a/kustomize/environments/production/control-centre.yaml b/kustomize/environments/production/control-centre.yaml new file mode 100644 index 0000000..3bb0125 --- /dev/null +++ b/kustomize/environments/production/control-centre.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ControlCenter +metadata: + name: controlcenter +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.production.svc.cluster.local:9071 + mds: + endpoint: https://kafka.production.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/production/kafka-connect.yaml b/kustomize/environments/production/kafka-connect.yaml new file mode 100644 index 0000000..610d3a5 --- /dev/null +++ b/kustomize/environments/production/kafka-connect.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Connect +metadata: + name: connect +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.production.svc.cluster.local:9071 + mds: + endpoint: https://kafka.production.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/production/kafka.yaml b/kustomize/environments/production/kafka.yaml new file mode 100644 index 0000000..9b4e762 --- /dev/null +++ b/kustomize/environments/production/kafka.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + dependencies: + zookeeper: + endpoint: zookeeper.production.svc.cluster.local:2182 + metricReporter: + bootstrapEndpoint: kafka.production.svc.cluster.local:9071 diff --git a/kustomize/environments/production/ksqldb.yaml b/kustomize/environments/production/ksqldb.yaml new file mode 100644 index 0000000..cbad49d --- /dev/null +++ b/kustomize/environments/production/ksqldb.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KsqlDB +metadata: + name: ksqldb +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.production.svc.cluster.local:9071 + mds: + endpoint: https://kafka.production.svc.cluster.local:8090 diff --git a/kustomize/environments/production/kustomization.yaml b/kustomize/environments/production/kustomization.yaml new file mode 100644 index 0000000..3e21d5c --- /dev/null +++ b/kustomize/environments/production/kustomization.yaml @@ -0,0 +1,10 @@ +namespace: production +resources: +- namespace.yaml +- ../../base +patchesStrategicMerge: + - control-centre.yaml + - kafka.yaml + - kafka-connect.yaml + - ksqldb.yaml + - schema-registry.yaml diff --git a/kustomize/environments/production/namespace.yaml b/kustomize/environments/production/namespace.yaml new file mode 100644 index 0000000..9b8854c --- /dev/null +++ b/kustomize/environments/production/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: production \ No newline at end of file diff --git a/kustomize/environments/production/schema-registry.yaml b/kustomize/environments/production/schema-registry.yaml new file mode 100644 index 0000000..4435b13 --- /dev/null +++ b/kustomize/environments/production/schema-registry.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: SchemaRegistry +metadata: + name: registry +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.production.svc.cluster.local:9071 + mds: + endpoint: https://kafka.production.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/staging/control-centre.yaml b/kustomize/environments/staging/control-centre.yaml new file mode 100644 index 0000000..1a071ef --- /dev/null +++ b/kustomize/environments/staging/control-centre.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ControlCenter +metadata: + name: controlcenter +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.staging.svc.cluster.local:9071 + mds: + endpoint: https://kafka.staging.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/staging/kafka-connect.yaml b/kustomize/environments/staging/kafka-connect.yaml new file mode 100644 index 0000000..703ffb3 --- /dev/null +++ b/kustomize/environments/staging/kafka-connect.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Connect +metadata: + name: connect +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.staging.svc.cluster.local:9071 + mds: + endpoint: https://kafka.staging.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/staging/kafka.yaml b/kustomize/environments/staging/kafka.yaml new file mode 100644 index 0000000..2c2c250 --- /dev/null +++ b/kustomize/environments/staging/kafka.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: + dependencies: + zookeeper: + endpoint: zookeeper.staging.svc.cluster.local:2182 + metricReporter: + bootstrapEndpoint: kafka.staging.svc.cluster.local:9071 diff --git a/kustomize/environments/staging/ksqldb.yaml b/kustomize/environments/staging/ksqldb.yaml new file mode 100644 index 0000000..4277f5d --- /dev/null +++ b/kustomize/environments/staging/ksqldb.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KsqlDB +metadata: + name: ksqldb +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.staging.svc.cluster.local:9071 + mds: + endpoint: https://kafka.staging.svc.cluster.local:8090 diff --git a/kustomize/environments/staging/kustomization.yaml b/kustomize/environments/staging/kustomization.yaml new file mode 100644 index 0000000..1ccf259 --- /dev/null +++ b/kustomize/environments/staging/kustomization.yaml @@ -0,0 +1,12 @@ +namespace: staging +resources: +- namespace.yaml +- ../../base +patchesStrategicMerge: + - control-centre.yaml + - kafka.yaml + - kafka-connect.yaml + - ksqldb.yaml + - schema-registry.yaml + + diff --git a/infrastructure/confluent/namespace.yaml b/kustomize/environments/staging/namespace.yaml similarity index 70% rename from infrastructure/confluent/namespace.yaml rename to kustomize/environments/staging/namespace.yaml index 3ac163a..c6212de 100644 --- a/infrastructure/confluent/namespace.yaml +++ b/kustomize/environments/staging/namespace.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: Namespace metadata: - name: confluent \ No newline at end of file + name: staging \ No newline at end of file diff --git a/kustomize/environments/staging/schema-registry.yaml b/kustomize/environments/staging/schema-registry.yaml new file mode 100644 index 0000000..090e01e --- /dev/null +++ b/kustomize/environments/staging/schema-registry.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: SchemaRegistry +metadata: + name: registry +spec: + dependencies: + kafka: + bootstrapEndpoint: kafka.staging.svc.cluster.local:9071 + mds: + endpoint: https://kafka.staging.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/infrastructure/confluent-operator-credentials.yaml b/kustomize/infrastructure/confluent-operator-credentials.yaml new file mode 100644 index 0000000..c366c6e --- /dev/null +++ b/kustomize/infrastructure/confluent-operator-credentials.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: confluent-private + namespace: flux-system +spec: + url: https://packages.confluent.io/helm + interval: 1m diff --git a/infrastructure/confluent/confluent-operator.yaml b/kustomize/infrastructure/confluent-operator-helm-release-dev.yaml similarity index 74% rename from infrastructure/confluent/confluent-operator.yaml rename to kustomize/infrastructure/confluent-operator-helm-release-dev.yaml index bce6a2d..de8b74f 100644 --- a/infrastructure/confluent/confluent-operator.yaml +++ b/kustomize/infrastructure/confluent-operator-helm-release-dev.yaml @@ -1,9 +1,8 @@ ---- apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: confluent - namespace: confluent + namespace: dev spec: interval: 1m chart: @@ -15,4 +14,4 @@ spec: namespace: flux-system values: image: - registry: confluent-docker-internal-early-access-operator-2.jfrog.io + registry: docker.io \ No newline at end of file diff --git a/kustomize/infrastructure/confluent-operator-helm-release-production.yaml b/kustomize/infrastructure/confluent-operator-helm-release-production.yaml new file mode 100644 index 0000000..d8336cb --- /dev/null +++ b/kustomize/infrastructure/confluent-operator-helm-release-production.yaml @@ -0,0 +1,17 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: confluent + namespace: production +spec: + interval: 1m + chart: + spec: + chart: confluent-for-kubernetes + sourceRef: + kind: HelmRepository + name: confluent-private + namespace: flux-system + values: + image: + registry: docker.io \ No newline at end of file diff --git a/kustomize/infrastructure/confluent-operator-helm-release-staging.yaml b/kustomize/infrastructure/confluent-operator-helm-release-staging.yaml new file mode 100644 index 0000000..9f3302c --- /dev/null +++ b/kustomize/infrastructure/confluent-operator-helm-release-staging.yaml @@ -0,0 +1,17 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: confluent + namespace: staging +spec: + interval: 1m + chart: + spec: + chart: confluent-for-kubernetes + sourceRef: + kind: HelmRepository + name: confluent-private + namespace: flux-system + values: + image: + registry: docker.io \ No newline at end of file diff --git a/kustomize/infrastructure/kustomization.yaml b/kustomize/infrastructure/kustomization.yaml new file mode 100644 index 0000000..4f8b62d --- /dev/null +++ b/kustomize/infrastructure/kustomization.yaml @@ -0,0 +1,10 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespaces.yaml + - proxy.yaml + - ldap.yaml + - confluent-operator-credentials.yaml + - confluent-operator-helm-release-dev.yaml + - confluent-operator-helm-release-staging.yaml + - confluent-operator-helm-release-production.yaml diff --git a/infrastructure/tools/ldap.yaml b/kustomize/infrastructure/ldap.yaml similarity index 100% rename from infrastructure/tools/ldap.yaml rename to kustomize/infrastructure/ldap.yaml diff --git a/kustomize/infrastructure/namespaces.yaml b/kustomize/infrastructure/namespaces.yaml new file mode 100644 index 0000000..acdfcd1 --- /dev/null +++ b/kustomize/infrastructure/namespaces.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: tools +--- +apiVersion: v1 +kind: Namespace +metadata: + name: dev +--- +apiVersion: v1 +kind: Namespace +metadata: + name: staging +--- +apiVersion: v1 +kind: Namespace +metadata: + name: production \ No newline at end of file diff --git a/infrastructure/tools/proxy.yaml b/kustomize/infrastructure/proxy.yaml similarity index 93% rename from infrastructure/tools/proxy.yaml rename to kustomize/infrastructure/proxy.yaml index 050f6f8..5f39f80 100644 --- a/infrastructure/tools/proxy.yaml +++ b/kustomize/infrastructure/proxy.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Pod metadata: name: proxy + namespace: tools labels: role: proxy spec: diff --git a/resources/application-secrets/README.md b/resources/application-secrets/README.md new file mode 100644 index 0000000..a5a8d30 --- /dev/null +++ b/resources/application-secrets/README.md @@ -0,0 +1,2 @@ +### Application Secrets +The script populate_secrets.sh \ No newline at end of file diff --git a/resources/certs/mds-publickey.txt b/resources/application-secrets/certs/mds-publickey.txt similarity index 100% rename from resources/certs/mds-publickey.txt rename to resources/application-secrets/certs/mds-publickey.txt diff --git a/resources/certs/mds-tokenkeypair.txt b/resources/application-secrets/certs/mds-tokenkeypair.txt similarity index 100% rename from resources/certs/mds-tokenkeypair.txt rename to resources/application-secrets/certs/mds-tokenkeypair.txt diff --git a/resources/application-secrets/populate_secrets.sh b/resources/application-secrets/populate_secrets.sh new file mode 100755 index 0000000..2616349 --- /dev/null +++ b/resources/application-secrets/populate_secrets.sh @@ -0,0 +1,43 @@ +#!/bin/bash +kubectl create secret generic credential \ +--from-file=plain-users.json=./users/creds-kafka-sasl-users.json \ +--from-file=digest-users.json=./users/creds-zookeeper-sasl-digest-users.json \ +--from-file=digest.txt=./users/creds-kafka-zookeeper-credentials.txt \ +--from-file=plain.txt=./users/creds-client-kafka-sasl-user.txt \ +--from-file=basic.txt=./users/creds-control-center-users.txt \ +--from-file=ldap.txt=./users/ldap.txt \ +--from-file=mdsPublicKey.pem=./certs/mds-publickey.txt \ +--from-file=mdsTokenKeyPair.pem=./certs/mds-tokenkeypair.txt \ +--dry-run=client --output=yaml > ../../kustomize/base/secrets/credential.yaml + +kubectl create secret generic mds-token \ +--from-file=mdsPublicKey.pem=./certs/mds-publickey.txt \ +--from-file=mdsTokenKeyPair.pem=./certs/mds-tokenkeypair.txt \ +--dry-run=client --output=yaml > ../../kustomize/base/secrets/mds-token.yaml + +# Kafka RBAC credential +kubectl create secret generic mds-client \ +--from-file=bearer.txt=./users/bearer.txt \ +--dry-run=client --output=yaml > ../../kustomize/base/secrets/mds-client.yaml +# Control Center RBAC credential +kubectl create secret generic c3-mds-client \ +--from-file=bearer.txt=./users/c3-mds-client.txt \ +--dry-run=client --output=yaml > ../../kustomize/base/secrets/c3-mds-client.yaml +# Connect RBAC credential +kubectl create secret generic connect-mds-client \ +--from-file=bearer.txt=./users/connect-mds-client.txt \ +--dry-run=client --output=yaml > ../../kustomize/base/secrets/connect-mds-client.yaml +# Schema Registry RBAC credential +kubectl create secret generic sr-mds-client \ +--from-file=bearer.txt=./users/sr-mds-client.txt \ +--dry-run=client --output=yaml > ../../kustomize/base/secrets/sr-mds-client.yaml +# ksqlDB RBAC credential +kubectl create secret generic ksqldb-mds-client \ +--from-file=bearer.txt=./users/ksqldb-mds-client.txt \ +--dry-run=client --output=yaml > ../../kustomize/base/secrets/ksqldb-mds-client.yaml +# Kafka REST credential +kubectl create secret generic rest-credential \ +--from-file=bearer.txt=./users/bearer.txt \ +--from-file=basic.txt=./users/bearer.txt \ +--from-file=plain.txt=./users/bearer.txt \ +--dry-run=client --output=yaml > ../../kustomize/base/secrets/rest-credential.yaml \ No newline at end of file diff --git a/resources/users/bearer.txt b/resources/application-secrets/users/bearer.txt similarity index 100% rename from resources/users/bearer.txt rename to resources/application-secrets/users/bearer.txt diff --git a/resources/users/c3-mds-client.txt b/resources/application-secrets/users/c3-mds-client.txt similarity index 100% rename from resources/users/c3-mds-client.txt rename to resources/application-secrets/users/c3-mds-client.txt diff --git a/resources/users/connect-mds-client.txt b/resources/application-secrets/users/connect-mds-client.txt similarity index 100% rename from resources/users/connect-mds-client.txt rename to resources/application-secrets/users/connect-mds-client.txt diff --git a/resources/users/creds-client-kafka-sasl-user.txt b/resources/application-secrets/users/creds-client-kafka-sasl-user.txt similarity index 100% rename from resources/users/creds-client-kafka-sasl-user.txt rename to resources/application-secrets/users/creds-client-kafka-sasl-user.txt diff --git a/resources/users/creds-control-center-users.txt b/resources/application-secrets/users/creds-control-center-users.txt similarity index 100% rename from resources/users/creds-control-center-users.txt rename to resources/application-secrets/users/creds-control-center-users.txt diff --git a/resources/users/creds-kafka-sasl-users.json b/resources/application-secrets/users/creds-kafka-sasl-users.json similarity index 100% rename from resources/users/creds-kafka-sasl-users.json rename to resources/application-secrets/users/creds-kafka-sasl-users.json diff --git a/resources/users/creds-kafka-zookeeper-credentials.txt b/resources/application-secrets/users/creds-kafka-zookeeper-credentials.txt similarity index 100% rename from resources/users/creds-kafka-zookeeper-credentials.txt rename to resources/application-secrets/users/creds-kafka-zookeeper-credentials.txt diff --git a/resources/users/creds-zookeeper-sasl-digest-users.json b/resources/application-secrets/users/creds-zookeeper-sasl-digest-users.json similarity index 100% rename from resources/users/creds-zookeeper-sasl-digest-users.json rename to resources/application-secrets/users/creds-zookeeper-sasl-digest-users.json diff --git a/resources/users/ksqldb-mds-client.txt b/resources/application-secrets/users/ksqldb-mds-client.txt similarity index 100% rename from resources/users/ksqldb-mds-client.txt rename to resources/application-secrets/users/ksqldb-mds-client.txt diff --git a/resources/users/ldap.txt b/resources/application-secrets/users/ldap.txt similarity index 100% rename from resources/users/ldap.txt rename to resources/application-secrets/users/ldap.txt diff --git a/resources/users/sr-mds-client.txt b/resources/application-secrets/users/sr-mds-client.txt similarity index 100% rename from resources/users/sr-mds-client.txt rename to resources/application-secrets/users/sr-mds-client.txt diff --git a/resources/git/git_repo.sh b/resources/git/git_repo.sh new file mode 100755 index 0000000..fa0c801 --- /dev/null +++ b/resources/git/git_repo.sh @@ -0,0 +1,6 @@ +#!/bin/bash +kubectl create ns flux-system && +kubectl create secret -n flux-system generic flux-system \ +--from-file=identity=./identity \ +--from-file=identity.pub=./identity.pub \ +--from-file=known_hosts=./known_hosts \ No newline at end of file diff --git a/resources/populate_secrets.sh b/resources/populate_secrets.sh deleted file mode 100755 index 9adbb70..0000000 --- a/resources/populate_secrets.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -kubectl create secret generic credential \ ---from-file=plain-users.json=./users/creds-kafka-sasl-users.json \ ---from-file=digest-users.json=./users/creds-zookeeper-sasl-digest-users.json \ ---from-file=digest.txt=./users/creds-kafka-zookeeper-credentials.txt \ ---from-file=plain.txt=./users/creds-client-kafka-sasl-user.txt \ ---from-file=basic.txt=./users/creds-control-center-users.txt \ ---from-file=ldap.txt=./users/ldap.txt -kubectl create secret generic mds-token \ ---from-file=mdsPublicKey.pem=./certs/mds-publickey.txt \ ---from-file=mdsTokenKeyPair.pem=./certs/mds-tokenkeypair.txt - -# Kafka RBAC credential -kubectl create secret generic mds-client \ ---from-file=bearer.txt=./users/bearer.txt -# Control Center RBAC credential -kubectl create secret generic c3-mds-client \ ---from-file=bearer.txt=./users/c3-mds-client.txt -# Connect RBAC credential -kubectl create secret generic connect-mds-client \ ---from-file=bearer.txt=./users/connect-mds-client.txt -# Schema Registry RBAC credential -kubectl create secret generic sr-mds-client \ ---from-file=bearer.txt=./users/sr-mds-client.txt -# ksqlDB RBAC credential -kubectl create secret generic ksqldb-mds-client \ ---from-file=bearer.txt=./users/ksqldb-mds-client.txt -# Kafka REST credential -kubectl create secret generic rest-credential \ ---from-file=bearer.txt=./users/bearer.txt \ ---from-file=basic.txt=./users/bearer.txt \ No newline at end of file diff --git a/tldr.sh b/tldr.sh index 8db4c80..15eb8c7 100755 --- a/tldr.sh +++ b/tldr.sh @@ -3,7 +3,7 @@ flux bootstrap github \ --owner=${GITHUB_USER} \ --repository=${GITHUB_REPO} \ --path=clusters/production \ ---branch=main \ +--branch=develop \ --personal sleep 10 echo "Sleeping for 10 seconds to ensure namespace is created" From c93214a1dc8fbb1bc0a411aaf8701c809ff7449d Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Thu, 20 May 2021 17:04:16 +0100 Subject: [PATCH 05/11] working certificate rotation example --- flux-system/gotk-sync.yaml | 4 +- .../base/confluent-suite/broker/kafka.yaml | 122 ------------------ .../confluent-suite/broker/kustomization.yaml | 11 -- .../rolebindings/connect/connect-base.yaml | 44 ------- .../rolebindings/connect/connect-groups.yaml | 16 --- .../rolebindings/connect/connect-topics.yaml | 25 ---- .../rolebindings/connect/kustomization.yaml | 7 - .../controlcenter/controlcentre-base.yaml | 9 -- .../controlcenter/controlcentre-clusters.yaml | 35 ----- .../controlcenter/kustomization.yaml | 6 - .../rolebindings/ksqldb/ksqldb-base.yaml | 29 ----- .../rolebindings/ksqldb/ksqldb-cluster.yaml | 14 -- .../rolebindings/ksqldb/ksqldb-groups.yaml | 13 -- .../ksqldb/ksqldb-ksqlcluster.yaml | 16 --- .../rolebindings/ksqldb/ksqldb-topics.yaml | 19 --- .../ksqldb/ksqldb-transaction.yaml | 13 -- .../rolebindings/ksqldb/kustomization.yaml | 10 -- .../rolebindings/kustomization.yaml | 9 -- .../ldap/groups/kustomization.yaml | 5 - .../rolebindings/ldap/groups/ldap-groups.yaml | 77 ----------- .../ldap/users/kustomization.yaml | 5 - .../rolebindings/ldap/users/ldap-users.yaml | 0 .../schemaregistry/kustomization.yaml | 7 - .../schemaregistry/schemaregistry-base.yaml | 33 ----- .../schemaregistry/schemaregistry-groups.yaml | 17 --- .../schemaregistry/schemaregistry-topics.yaml | 14 -- .../secrets/c3-mds-client.yaml | 7 - .../secrets/connect-mds-client.yaml | 7 - .../confluent-suite/secrets/credential.yaml | 14 -- .../secrets/ksqldb-mds-client.yaml | 7 - .../secrets/kustomization.yaml | 11 -- .../confluent-suite/secrets/mds-client.yaml | 7 - .../confluent-suite/secrets/mds-token.yaml | 8 -- .../secrets/rest-credential.yaml | 9 -- .../secrets/sr-mds-client.yaml | 7 - .../zookeeper/certificates.yaml | 108 ---------------- .../zookeeper/kustomization.yaml | 5 - .../confluent-suite/zookeeper/zookeeper.yaml | 18 --- kustomize/base/confluent/control-centre.yaml | 2 - kustomize/base/confluent/kafka-connect.yaml | 1 - kustomize/base/confluent/kafka.yaml | 1 - kustomize/base/confluent/ksqldb.yaml | 1 - kustomize/base/confluent/kustomization.yaml | 5 +- kustomize/base/confluent/rest-proxy.yaml | 1 - kustomize/base/confluent/schema-registry.yaml | 8 -- kustomize/base/confluent/zookeeper.yaml | 2 +- kustomize/base/kustomization.yaml | 1 + .../ldap => topics}/kustomization.yaml | 3 +- kustomize/base/topics/topic2.yaml | 7 - kustomize/environments/dev/kustomization.yaml | 1 - kustomize/environments/dev/namespace.yaml | 4 - kustomize/environments/kustomization.yaml | 1 - .../production/control-centre.yaml | 2 + .../production/kafka-connect.yaml | 2 + kustomize/environments/production/kafka.yaml | 2 + kustomize/environments/production/ksqldb.yaml | 2 + .../production/kustomization.yaml | 1 - .../environments/production/namespace.yaml | 4 - .../production/schema-registry.yaml | 2 + .../environments/staging/control-centre.yaml | 11 -- .../environments/staging/kafka-connect.yaml | 11 -- kustomize/environments/staging/kafka.yaml | 11 -- kustomize/environments/staging/ksqldb.yaml | 11 -- .../environments/staging/kustomization.yaml | 12 -- kustomize/environments/staging/namespace.yaml | 4 - .../environments/staging/schema-registry.yaml | 11 -- ...nfluent-operator-helm-release-staging.yaml | 17 --- kustomize/infrastructure/kustomization.yaml | 3 +- kustomize/infrastructure/namespaces.yaml | 7 +- resources/certificates/base-ca-config.json | 26 ++++ resources/certificates/base-ca-csr.json | 16 +++ .../certificates/base-server-domain.json | 19 +++ .../certificates/generate_certificate.sh | 26 ++++ resources/certificates/replace_certificate.sh | 25 ++++ 74 files changed, 136 insertions(+), 895 deletions(-) delete mode 100644 kustomize/base/confluent-suite/broker/kafka.yaml delete mode 100644 kustomize/base/confluent-suite/broker/kustomization.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/connect/connect-base.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/connect/connect-groups.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/connect/connect-topics.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/connect/kustomization.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-base.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-clusters.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/controlcenter/kustomization.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-base.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-cluster.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-groups.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-topics.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-transaction.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/ksqldb/kustomization.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/kustomization.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/ldap/groups/kustomization.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/ldap/groups/ldap-groups.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/ldap/users/kustomization.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/ldap/users/ldap-users.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/schemaregistry/kustomization.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-base.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-groups.yaml delete mode 100644 kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-topics.yaml delete mode 100644 kustomize/base/confluent-suite/secrets/c3-mds-client.yaml delete mode 100644 kustomize/base/confluent-suite/secrets/connect-mds-client.yaml delete mode 100644 kustomize/base/confluent-suite/secrets/credential.yaml delete mode 100644 kustomize/base/confluent-suite/secrets/ksqldb-mds-client.yaml delete mode 100644 kustomize/base/confluent-suite/secrets/kustomization.yaml delete mode 100644 kustomize/base/confluent-suite/secrets/mds-client.yaml delete mode 100644 kustomize/base/confluent-suite/secrets/mds-token.yaml delete mode 100644 kustomize/base/confluent-suite/secrets/rest-credential.yaml delete mode 100644 kustomize/base/confluent-suite/secrets/sr-mds-client.yaml delete mode 100644 kustomize/base/confluent-suite/zookeeper/certificates.yaml delete mode 100644 kustomize/base/confluent-suite/zookeeper/kustomization.yaml delete mode 100644 kustomize/base/confluent-suite/zookeeper/zookeeper.yaml rename kustomize/base/{confluent-suite/rolebindings/ldap => topics}/kustomization.yaml (78%) delete mode 100644 kustomize/base/topics/topic2.yaml delete mode 100644 kustomize/environments/dev/namespace.yaml delete mode 100644 kustomize/environments/production/namespace.yaml delete mode 100644 kustomize/environments/staging/control-centre.yaml delete mode 100644 kustomize/environments/staging/kafka-connect.yaml delete mode 100644 kustomize/environments/staging/kafka.yaml delete mode 100644 kustomize/environments/staging/ksqldb.yaml delete mode 100644 kustomize/environments/staging/kustomization.yaml delete mode 100644 kustomize/environments/staging/namespace.yaml delete mode 100644 kustomize/environments/staging/schema-registry.yaml delete mode 100644 kustomize/infrastructure/confluent-operator-helm-release-staging.yaml create mode 100644 resources/certificates/base-ca-config.json create mode 100644 resources/certificates/base-ca-csr.json create mode 100644 resources/certificates/base-server-domain.json create mode 100755 resources/certificates/generate_certificate.sh create mode 100755 resources/certificates/replace_certificate.sh diff --git a/flux-system/gotk-sync.yaml b/flux-system/gotk-sync.yaml index 7bd52f1..25060d9 100644 --- a/flux-system/gotk-sync.yaml +++ b/flux-system/gotk-sync.yaml @@ -7,10 +7,10 @@ metadata: spec: interval: 1m0s ref: - branch: develop-andrewmccully + branch: playground secretRef: name: flux-system - url: ssh://git@github.com/mccullya/kafka-gitops + url: ssh://git@github.com/osodevops/kafka-gitops --- apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 kind: Kustomization diff --git a/kustomize/base/confluent-suite/broker/kafka.yaml b/kustomize/base/confluent-suite/broker/kafka.yaml deleted file mode 100644 index 013f0e5..0000000 --- a/kustomize/base/confluent-suite/broker/kafka.yaml +++ /dev/null @@ -1,122 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Kafka -metadata: - name: kafka -spec: - replicas: 3 - image: - application: confluentinc/cp-server-operator:6.1.1.0 - init: confluentinc/cp-init-container-operator:6.1.1.0 - dataVolumeCapacity: 40Gi - tls: - autoGeneratedCerts: true - listeners: - # internal listener is used to access the Kafka cluster from the same Kubernetes cluster, - # i.e. in the svc.cluster.local - internal: - authentication: - type: plain - jaasConfig: - secretRef: credential - tls: - enabled: true - # external listener exposes the Kafka bootstrap and brokers as LB endpoints - external: - authentication: - type: plain - jaasConfig: - secretRef: credential - tls: - enabled: true - authorization: - type: rbac - superUsers: - - User:kafka - services: - mds: - tls: - enabled: true - tokenKeyPair: - secretRef: mds-token - provider: - type: ldap - ldap: - address: ldap://ldap.tools.svc.cluster.local:389 - authentication: - type: simple - simple: - secretRef: credential - configurations: - groupNameAttribute: cn - groupObjectClass: group - groupMemberAttribute: member - groupMemberAttributePattern: CN=(.*),DC=test,DC=com - groupSearchBase: dc=test,dc=com - userNameAttribute: cn - userMemberOfAttributePattern: CN=(.*),DC=test,DC=com - userObjectClass: organizationalRole - userSearchBase: dc=test,dc=com - configOverrides: - server: - # the LDAP lookup is set by default to ONE_LEVEL - - ldap.user.search.scope=2 - - ldap.search.mode=GROUPS - - # Overwrite the default settings on the INTERNAL listener - - listener.name.internal.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER - - listener.name.internal.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; - - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.internal.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; - - listener.name.internal.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler - - listener.name.internal.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler - - # Overwrite the default settings on the EXTERNAL listener - - listener.name.external.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER - - listener.name.external.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; - - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.external.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; - - listener.name.external.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler - - listener.name.external.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler - - # Overwrite the default settings on the REPLICATION listener - - listener.name.replication.sasl.enabled.mechanisms=PLAIN - - listener.name.replication.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="${file:/mnt/secrets/credential/plain.txt:username}" password="${file:/mnt/secrets/credential/plain.txt:password}"; - - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - # log4j: - # - log4j.logger.io.confluent.security.auth.provider.ldap.LdapGroupManager=DEBUG - dependencies: - kafkaRest: - authentication: - type: bearer - bearer: - secretRef: mds-client - zookeeper: - endpoint: zookeeper.confluent.svc.cluster.local:2182 - authentication: - type: digest - jaasConfig: - secretRef: credential - tls: - enabled: true - metricReporter: - enabled: true - bootstrapEndpoint: kafka.confluent.svc.cluster.local:9071 - authentication: - type: plain - jaasConfig: - secretRef: credential - tls: - enabled: true ---- -apiVersion: platform.confluent.io/v1beta1 -kind: KafkaRestClass -metadata: - name: default -spec: - kafkaRest: - authentication: - type: bearer - bearer: - secretRef: rest-credential \ No newline at end of file diff --git a/kustomize/base/confluent-suite/broker/kustomization.yaml b/kustomize/base/confluent-suite/broker/kustomization.yaml deleted file mode 100644 index 58aea4c..0000000 --- a/kustomize/base/confluent-suite/broker/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - certificates.yaml - - zookeeper.yaml - - kafka.yaml - - kafka-connect.yaml - - schema-registry.yaml - - control-centre.yaml - - rest-proxy.yaml - - ksqldb.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/connect/connect-base.yaml b/kustomize/base/confluent-suite/rolebindings/connect/connect-base.yaml deleted file mode 100644 index 0dfc382..0000000 --- a/kustomize/base/confluent-suite/rolebindings/connect/connect-base.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: connect-cluster-base -spec: - clustersScopeByIds: - connectClusterId: confluent.connect - principal: - name: connect - type: user - role: SecurityAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: connect-resources-base -spec: - principal: - name: connect - type: user - resourcePatterns: - - name: confluent.connect - patternType: LITERAL - resourceType: Group - - name: confluent.connect- - patternType: PREFIXED - resourceType: Topic - role: ResourceOwner ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: connect-monitoring-base -spec: - principal: - name: connect - type: user - resourcePatterns: - - name: _confluent-monitoring - patternType: PREFIXED - resourceType: Topic - role: DeveloperWrite - - diff --git a/kustomize/base/confluent-suite/rolebindings/connect/connect-groups.yaml b/kustomize/base/confluent-suite/rolebindings/connect/connect-groups.yaml deleted file mode 100644 index c62b7b5..0000000 --- a/kustomize/base/confluent-suite/rolebindings/connect/connect-groups.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: connect-groups -spec: - principal: - name: connect - type: user - resourcePatterns: - - name: connect-cluster - patternType: LITERAL - resourceType: Group - - name: connect-secrets - patternType: LITERAL - resourceType: Group - role: ResourceOwner diff --git a/kustomize/base/confluent-suite/rolebindings/connect/connect-topics.yaml b/kustomize/base/confluent-suite/rolebindings/connect/connect-topics.yaml deleted file mode 100644 index 316544e..0000000 --- a/kustomize/base/confluent-suite/rolebindings/connect/connect-topics.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: connect-topics -spec: - principal: - name: connect - type: user - resourcePatterns: - - name: _confluent-connect-secrets - patternType: LITERAL - resourceType: Topic - - name: _confluent-connect-status - patternType: LITERAL - resourceType: Topic - - name: _confluent-connect-offsets - patternType: LITERAL - resourceType: Topic - - name: _confluent-connect-configs - patternType: LITERAL - resourceType: Topic - - name: confluent.connect- - patternType: PREFIXED - resourceType: Topic - role: ResourceOwner diff --git a/kustomize/base/confluent-suite/rolebindings/connect/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/connect/kustomization.yaml deleted file mode 100644 index 6275c8d..0000000 --- a/kustomize/base/confluent-suite/rolebindings/connect/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - connect-base.yaml - - connect-groups.yaml - - connect-topics.yaml diff --git a/kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-base.yaml b/kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-base.yaml deleted file mode 100644 index 64a4063..0000000 --- a/kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-base.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: control-centre-base -spec: - principal: - name: ccc - type: user - role: SystemAdmin diff --git a/kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-clusters.yaml b/kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-clusters.yaml deleted file mode 100644 index 600571f..0000000 --- a/kustomize/base/confluent-suite/rolebindings/controlcenter/controlcentre-clusters.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: control-centre-cluster-registry -spec: - clustersScopeByIds: - schemaRegistryClusterId: schema-registry - principal: - name: ccc - type: user - role: SystemAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: control-centre-cluster-connect -spec: - clustersScopeByIds: - connectClusterId: confluent.connect - principal: - name: ccc - type: user - role: SystemAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: control-centre-cluster-ksqldb -spec: - clustersScopeByIds: - ksqlClusterId: ksqldb-cluster - principal: - name: ccc - type: user - role: SystemAdmin diff --git a/kustomize/base/confluent-suite/rolebindings/controlcenter/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/controlcenter/kustomization.yaml deleted file mode 100644 index 5b6c76f..0000000 --- a/kustomize/base/confluent-suite/rolebindings/controlcenter/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - controlcentre-base.yaml - - controlcentre-clusters.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-base.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-base.yaml deleted file mode 100644 index bc777a6..0000000 --- a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-base.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-base -spec: - clustersScopeByIds: - ksqlClusterId: confluent.ksqldb_ - principal: - name: ksql - type: user - resourcePatterns: - - name: ksql-cluster - patternType: LITERAL - resourceType: KsqlCluster - role: ResourceOwner ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-resources-base -spec: - principal: - name: ksql - type: user - resourcePatterns: - - name: _confluent-ksql-confluent.ksqldb_ - patternType: PREFIXED - resourceType: Topic - role: ResourceOwner diff --git a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-cluster.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-cluster.yaml deleted file mode 100644 index ce34f3f..0000000 --- a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-cluster.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster -spec: - clustersScopeByIds: - kafkaClusterId: qrGPK1LPTaa1s9d5D4V1rw - principal: - name: ksql - type: user - resourcePatterns: - - name: kafka-cluster - resourceType: Cluster - role: DeveloperWrite \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-groups.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-groups.yaml deleted file mode 100644 index 04083cd..0000000 --- a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-groups.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-groups -spec: - principal: - name: ksql - type: user - resourcePatterns: - - name: _confluent-ksql-ksqldb-cluster - patternType: PREFIXED - resourceType: Group - role: ResourceOwner diff --git a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml deleted file mode 100644 index 63e70dc..0000000 --- a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-ksqlcluster -spec: - clustersScopeByIds: - ksqlClusterId: confluent.ksqldb_ - principal: - name: ksql - type: user - resourcePatterns: - - name: ksql-cluster - patternType: LITERAL - resourceType: KsqlCluster - role: ResourceOwner ---- diff --git a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-topics.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-topics.yaml deleted file mode 100644 index 0ba6994..0000000 --- a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-topics.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-topics -spec: - principal: - name: ksql - type: user - resourcePatterns: - - name: _confluent-ksql-confluent.ksqldb_ - patternType: PREFIXED - resourceType: Topic - - name: _confluent-ksql-ksqldb-cluster_command_topic - patternType: PREFIXED - resourceType: Topic - - name: ksqldb-clusterksql_processing_log - patternType: PREFIXED - resourceType: Topic - role: ResourceOwner diff --git a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-transaction.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-transaction.yaml deleted file mode 100644 index 0e7910b..0000000 --- a/kustomize/base/confluent-suite/rolebindings/ksqldb/ksqldb-transaction.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-transaction -spec: - principal: - name: ksql - type: user - resourcePatterns: - - name: ksqldb-cluster - patternType: PREFIXED - resourceType: TransactionalId - role: ResourceOwner diff --git a/kustomize/base/confluent-suite/rolebindings/ksqldb/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/ksqldb/kustomization.yaml deleted file mode 100644 index 3d026df..0000000 --- a/kustomize/base/confluent-suite/rolebindings/ksqldb/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - ksqldb-base.yaml - - ksqldb-cluster.yaml - - ksqldb-groups.yaml - - ksqldb-ksqlcluster.yaml - - ksqldb-topics.yaml - - ksqldb-transaction.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/kustomization.yaml deleted file mode 100644 index c00c807..0000000 --- a/kustomize/base/confluent-suite/rolebindings/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - ldap - - controlcenter - - connect - - ksqldb - - schemaregistry \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/ldap/groups/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/ldap/groups/kustomization.yaml deleted file mode 100644 index 3ced4b9..0000000 --- a/kustomize/base/confluent-suite/rolebindings/ldap/groups/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - ldap-groups.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/ldap/groups/ldap-groups.yaml b/kustomize/base/confluent-suite/rolebindings/ldap/groups/ldap-groups.yaml deleted file mode 100644 index 755ce6e..0000000 --- a/kustomize/base/confluent-suite/rolebindings/ldap/groups/ldap-groups.yaml +++ /dev/null @@ -1,77 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-groups-kafka-cluster-connect -spec: - clustersScopeByIds: - connectClusterId: confluent.connect - principal: - name: admins - type: group - resourcePatterns: - - name: "*" - resourceType: Connector - role: ResourceOwner ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-groups-kafka-cluster-sr -spec: - clustersScopeByIds: - schemaRegistryClusterId: schema-registry - principal: - name: admins - type: group - role: SystemAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-groups-kafka-cluster-ksql -spec: - clustersScopeByIds: - ksqlClusterId: ksqldb-cluster - principal: - name: admins - type: group - role: SystemAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-group-topics -spec: - principal: - name: admins - type: group - resourcePatterns: - - name: "*" - resourceType: Topic - role: ResourceOwner ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-group-groups -spec: - principal: - name: admins - type: group - resourcePatterns: - - name: "*" - resourceType: Group - role: ResourceOwner ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-group-transactionalid -spec: - principal: - name: admins - type: group - resourcePatterns: - - name: "*" - resourceType: TransactionalId - role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/ldap/users/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/ldap/users/kustomization.yaml deleted file mode 100644 index 63f5568..0000000 --- a/kustomize/base/confluent-suite/rolebindings/ldap/users/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - ldap-users.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/ldap/users/ldap-users.yaml b/kustomize/base/confluent-suite/rolebindings/ldap/users/ldap-users.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/kustomize/base/confluent-suite/rolebindings/schemaregistry/kustomization.yaml b/kustomize/base/confluent-suite/rolebindings/schemaregistry/kustomization.yaml deleted file mode 100644 index 9e63810..0000000 --- a/kustomize/base/confluent-suite/rolebindings/schemaregistry/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - schemaregistry-base.yaml - - schemaregistry-groups.yaml - - schemaregistry-topics.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-base.yaml b/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-base.yaml deleted file mode 100644 index 3a9eea6..0000000 --- a/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-base.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: registry-base - namespace: confluent -spec: - clustersScopeByIds: - schemaRegistryClusterId: id_registry_confluent - principal: - name: registry - type: user - role: SecurityAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: registry-mds-client-resources-base - namespace: confluent -spec: - principal: - name: registry - type: user - resourcePatterns: - - name: _confluent-license - patternType: LITERAL - resourceType: Topic - - name: _schemas_schemaregistry_confluent - patternType: LITERAL - resourceType: Topic - - name: id_schemaregistry_confluent - patternType: LITERAL - resourceType: Group - role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-groups.yaml b/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-groups.yaml deleted file mode 100644 index 1696c23..0000000 --- a/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-groups.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: registry-groups - namespace: confluent -spec: - principal: - name: registry - type: user - resourcePatterns: - - name: id_schemaregistry_confluent - patternType: LITERAL - resourceType: Group - - name: schema-registry - patternType: LITERAL - resourceType: Group - role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-topics.yaml b/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-topics.yaml deleted file mode 100644 index ab7d24b..0000000 --- a/kustomize/base/confluent-suite/rolebindings/schemaregistry/schemaregistry-topics.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: registry-topics - namespace: confluent -spec: - principal: - name: registry - type: user - resourcePatterns: - - name: _schemas - patternType: LITERAL - resourceType: Topic - role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/confluent-suite/secrets/c3-mds-client.yaml b/kustomize/base/confluent-suite/secrets/c3-mds-client.yaml deleted file mode 100644 index 3d6d429..0000000 --- a/kustomize/base/confluent-suite/secrets/c3-mds-client.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9YzMKcGFzc3dvcmQ9YzMtc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: c3-mds-client diff --git a/kustomize/base/confluent-suite/secrets/connect-mds-client.yaml b/kustomize/base/confluent-suite/secrets/connect-mds-client.yaml deleted file mode 100644 index 3adbc0b..0000000 --- a/kustomize/base/confluent-suite/secrets/connect-mds-client.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9Y29ubmVjdApwYXNzd29yZD1jb25uZWN0LXNlY3JldAo= -kind: Secret -metadata: - creationTimestamp: null - name: connect-mds-client diff --git a/kustomize/base/confluent-suite/secrets/credential.yaml b/kustomize/base/confluent-suite/secrets/credential.yaml deleted file mode 100644 index 053a4d6..0000000 --- a/kustomize/base/confluent-suite/secrets/credential.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -data: - basic.txt: YzM6IGMzLXNlY3JldCxBZG1pbmlzdHJhdG9ycwphZG1pbjogRGV2ZWxvcGVyMSxBZG1pbmlzdHJhdG9ycwphZG1pbjE6IERldmVsb3BlcjEsQWRtaW5pc3RyYXRvcnMK - digest-users.json: ewogICJrYWZrYSI6ICJrYWZrYS1zZWNyZXQiCn0K - digest.txt: dXNlcm5hbWU9ImthZmthIgpwYXNzd29yZD0ia2Fma2Etc2VjcmV0Ig== - ldap.txt: dXNlcm5hbWU9Y249bWRzLGRjPXRlc3QsZGM9Y29tCnBhc3N3b3JkPURldmVsb3BlciEK - mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t - mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== - plain-users.json: ewogICJrYWZrYV9jbGllbnQiOiAia2Fma2FfY2xpZW50LXNlY3JldCIsCiAgImMzIjogImMzLXNlY3JldCIsCiAgImthZmthIjogImthZmthLXNlY3JldCIKfQ== - plain.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: credential diff --git a/kustomize/base/confluent-suite/secrets/ksqldb-mds-client.yaml b/kustomize/base/confluent-suite/secrets/ksqldb-mds-client.yaml deleted file mode 100644 index 6a053fc..0000000 --- a/kustomize/base/confluent-suite/secrets/ksqldb-mds-client.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9a3NxbApwYXNzd29yZD1rc3FsLXNlY3JldAo= -kind: Secret -metadata: - creationTimestamp: null - name: ksqldb-mds-client diff --git a/kustomize/base/confluent-suite/secrets/kustomization.yaml b/kustomize/base/confluent-suite/secrets/kustomization.yaml deleted file mode 100644 index 5471250..0000000 --- a/kustomize/base/confluent-suite/secrets/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - c3-mds-client.yaml - - connect-mds-client.yaml - - credential.yaml - - ksqldb-mds-client.yaml - - mds-client.yaml - - mds-token.yaml - - rest-credential.yaml - - sr-mds-client.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-suite/secrets/mds-client.yaml b/kustomize/base/confluent-suite/secrets/mds-client.yaml deleted file mode 100644 index 24de26d..0000000 --- a/kustomize/base/confluent-suite/secrets/mds-client.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: mds-client diff --git a/kustomize/base/confluent-suite/secrets/mds-token.yaml b/kustomize/base/confluent-suite/secrets/mds-token.yaml deleted file mode 100644 index ae87e43..0000000 --- a/kustomize/base/confluent-suite/secrets/mds-token.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -data: - mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t - mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== -kind: Secret -metadata: - creationTimestamp: null - name: mds-token diff --git a/kustomize/base/confluent-suite/secrets/rest-credential.yaml b/kustomize/base/confluent-suite/secrets/rest-credential.yaml deleted file mode 100644 index f7901ac..0000000 --- a/kustomize/base/confluent-suite/secrets/rest-credential.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -data: - basic.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== - bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== - plain.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: rest-credential diff --git a/kustomize/base/confluent-suite/secrets/sr-mds-client.yaml b/kustomize/base/confluent-suite/secrets/sr-mds-client.yaml deleted file mode 100644 index fb57182..0000000 --- a/kustomize/base/confluent-suite/secrets/sr-mds-client.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9c3IKcGFzc3dvcmQ9c3Itc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: sr-mds-client diff --git a/kustomize/base/confluent-suite/zookeeper/certificates.yaml b/kustomize/base/confluent-suite/zookeeper/certificates.yaml deleted file mode 100644 index 5d34267..0000000 --- a/kustomize/base/confluent-suite/zookeeper/certificates.yaml +++ /dev/null @@ -1,108 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: ca-pair-sslcerts -type: kubernetes.io/tls -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzCnVFM0dWemp2dEFKbno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTQKakNYaEJpcU5RcXkrMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWQpKNGtNcEJGalhjNmVFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkCjJCTVhSY2pBR3dUek9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzIKYjhLV3hQTHVjUDFaY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2bwpuTTVIVW1YR212cjBPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1CkhOU2RsemhLVC9xZG5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGEKNnpCbHZhUHo3WHRST2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVgpFWi92Q2lCNHEzTEh2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxCnlvUmNpaFAyNVlUV1BjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUEKQVFLQ0FnQXZ3TktEeEw3Nnl0Rm42RGVpaUVWSVhzQWR2cHNwQm9TY3FBYTFMOG5DeVV2eTl3RDNFcE01cTJuRQorTFIzck42TkZTL084dUQzbTVEUk1Ma00vd3grclgzZVFrc2U0L2Q1OU52U0hLUVJQQmxYaEhpOGc5YWl6L0FyCmNxU2JUSGFvNTZVSExiUFlGUExMdHYvTjNUeVNFOFQvS2FZNjk5SUJrVnhzcmtwR0VUYmd0WmcvUzA5N0JxTUQKMFpZaVNUUEt5REtmaThMTngwUzdaczZYSXJLbjhES2ZsYnZUNStzaHkzYUQxd1hHRGYyQjlGV1c3MUtNMmNVYgpZMG1Yb2VNb1U5aFBXMEhWNjAydUdKRVBKMVh3T0pYTDMybGRsY1JjZVd5c0IwanNRQXphZmJQS1lOSlE2ZGJCCjlsT08wdVZ0a3FGRTgyNUp0a001Ry9iOHVkZldmdlFmcEswWU51aTBuRlVNRmowNHd4WUl1RWNvWDU0RFlzMFMKTnhxRWRqUE1VMUl4bzNXb2dvVU9CRUdLMmFVakIwSVA1SGk1QlN0Tld2bVcrTUMwN3cxUDQxWUJvaVpuT1ZleQp0ZDFoc0p1RW5LVVlCU2pDME9IRnNPMlcveEdhZEU3TVlLUzAzcWh6eVVxVmlKTmNvZkxDckNLNDkyZHJOckU1CjYvTjVvcUtpRzIySE9qejBLblV6T1I3S3QyVjVtYlVQTkQrWGxjRlBKNmo5ZU1CU0t0YlgvQnZXR0ZMSGJtL3UKOXZVQjFvSFErR0IzSlVJNTRSRGY5WXMyTlIrM0VVWmdvakcybzZXbE1PTDNMMm93OGQrYllZZEt3SHUxcVlMSQpLSWJvTnJYRTVYcmYvSUdwNmQ2WXExbURXd09PS1AxTzUvVFFqSHdQWXNNMlpObFlxUUtDQVFFQThzQmtndnB0Clo3MDlxMkZDQWRIZnBsK0RQMllPL0g5emFqc1Z5M2ZWTmtlTUQ4V2ZvQUppZnFPbEQ3d0s4SVNzTFVkRThHVnIKdzVmQjdBUTVONUZFekc1WVZFU1pTY0oydnF5RnVUVHEwcm93VFF4NDZaTWEyS25kZnRIdVJKZitjczV1eFV0YQpMZ3grNHBsK3Q1NEI3NUd2TkdOaE4wNHlPbHZUU2EzRDZYNDFGTDJ4TFRxcjA3YjVZTTZlTXNoQ1BKMWF4Ti9yCmpQb1RQUDJxYkRObE53RWlBcm9Vb3lacitrVzh6Nkx0eWxkSTBWNjhsYW53NkhabXptazNUSExVTXJzV2EvWmQKdUIybGY3UklKdHg5QVVkZm8rWHRmUk54WGgxZWtlQXkvbWh3dUN0M0JSWU13ek5weVRld3BMa0dzTUNJREZ3SwprODhjTEN4ZUtUTFpYd0tDQVFFQXhQcnlGbEhlZHBPR1JteHRaZGRRaGg3YlB5M0R1aThjZjYrdmVhT2JkN3QyCnZuQUpUaWtYT0VLOUoxU2k2S1QzbDdicm01b0dzangxZHNmV1dPQ2VCbG81NEFXQU1hUWxzR2g3RWk0Y2dNeTUKMkJFb010Q0ZrRy9PMThrSndnNnoyTEhPbSswYlh3b0Y2eTdKbTUrbCtOeCtERWxCMnFaNGEwQzZQU3NKZExvNwpsN1NtNEorc2I0TVBmaktJd1Q0eWtqS09ObE9HT0ZhckpPQnZGWENpaStaeEIwK3ZzRHpaV2lSZGVSVEM2WlRPCjJWOXkxemdpd0d2dWQ3UDFraGZJZG9XU3grYjlhVTJzZUdtTzkydkw0UDNXUHRFdGhaTXF3R0t0Tzh1U0M3Mm0KckNaZDF1MmpISWVWNXRUR0I3bUg3WlFEYU5xMnhLb2lOeFIxaGVsSFpRS0NBUUFvRVF0Rjl4R1J1dEZ2OVFpUgpCbFAwd1BVSHhNK2FhMnJnVU1wRElBOUgrejBwNlVOMGhKQS9PTUZvdkcvTnpRZ2lIUTVLNDJLTEVRUkg4VmFFClRtemRsU1R0RzdsMVRDeVBRaWg4TGpqSCtVVTVvbUplb3hJZVNzTXRTSGNjU1Q0Tk12ZGpoeEZtWWxlYkRSeTIKTDlVLzluckZtZFdVN0Vvc0NiWHhCa1k4eHNENklHa2Evd0VYVzY4RGhIYm1DTm10NllidTBjcXVKU1NCdjVpZQpiVWs2Yit4dUtNcDVOMEZCT0x0MlJmMGJsWmFHUUMyK1FpTnFLd2pDN3VqYXJHVkx6a2RnSUhUTmk4OGlLZDV5CjA1ZXFXMTUwemVHSjhHaVkwUjRuMDZwM0JVUDlrZWIrSnVxS1dYVVBhaXEwdFhsZU9SajdlVUdocmVDSGhmY3cKczV6ZkFvSUJBUUM1REVKbXcyeHBHcmYyNnA5dkgvSXV2VWdjdHlKN2d3eVR5M2plbmR0TWhOak5tTFMxTDViMwpySUxFTXhlRDFJNGdnYUFmSW5pTjhvd3JGUnNCamFvR3I3WlZCUFhrTEorWGROL0JPWDVmWlhSbFRlRGtzODMxCjNZT0VaZ0Y3dzVJaXpROGFub21ySStCaGl5ZXN3ak1LY2lFYjY2b28vV0I4NldiTVZlVGhPcDhIS3BmbXh6b1gKM0JpdTVreGd0Y3lPV1Y0T0hUTW5OQXc5YlhZTnZ5MkVuZXlyQUtvOHR6MDlHSktUVC9TM3VLc0Z2RXhIY1IzOApoS2lXM1lHaVNDTnpiSkp5cDBhREtZd1A1cUovUDA1ZHhEa0Q5RUIranIySDFHdUhrL3RVZWtyY3lJSTVpaTlFCmV2OVF4YXh2ejFTcDFQWExDRVRReGorMFhNejNDeXFkQW9JQkFDcmlMYzdocmczNHZ2Q1F6dzN0cnk3b0JYL0sKSVhzZzBPY1BtSU9BZjhiaytUd2lBOWxFMWhwOU1IYkU5bER0cmF2WmIxTE5ZOHBPbE1GcVRMNkVHV0o1a0tQSgpxdW56Y200bHBUSUNCVUtMelQxdVhYa21WUTRreWM3SDZ4QXpkRUd6bkZlYlQydnE1aXRqZzIwWEVoeTFTMzZlCnNOVjkxaHYzZWRMT096NnRYc1lEdVY0RkJWWnloTmkzTGY3UE0xMEg4dE9XRzI4UlRnSTFGSTBvVnhacE5Hd1AKSFF1dkhlMWZway9uWm9Xd3RSejBuODVJSlN0T29mejc4dzZXTmdhY084bDBzZFhlT2lWZmNrMC9ZaG9rTUNNNgo5WFY5eUJ3enJoQ1Z1a0g0WXgvS2hyL0pIMWZlTlhHMng2UFgxbXRONzQvTDArcUtvZ29ha1Q0bHpFbz0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K ---- -apiVersion: v1 -kind: Secret -metadata: - name: connect-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRFlUQ0NBa2tDQVFBd1JqRUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhFREFPQmdOVkJBTVRCMk52Ym01bFkzUXdnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREVXbTNJOWREdnBGK3d1MnZEOFdaaGFOSnhjMm1vWEw2WHZhYkgKQitaUWhYR3JGSjI1UFFZNis1WE1EaW1oZUhXcytWYjB0KzYycEhydktmVnNabURsZEFkMVdnVlJIZmsyOVF1SgpRTWsyazhrVUpBL2ExQ1ZEaCtkYUQ3K0hvZGo4NmZKSDFXNlRrbUlQeU83QWFuRENGbG04cWlqVmp5YUpVNHMrCnJIN1I1MitrekVDVXJrSk1uRVNpRkxzRDFTZDMvK1dLQUpYelc2UFI0ekM1YmpiRFVvM3lRSVh6TkZrVjhhRjQKYVloVTVxY0RXSTBkK1Z5TkR6REdRWUF2REdjQzVkaGpkVDI3dWFMeFRiWmc4V1NqSTJzZGE1NHo4T3lvRzliMApxTjRBQjNBeTFWV1hISEtlSDYvRWJLMzFOVFJuOTh1WFVWbWlYNzBlaitFbWhsTEJBZ01CQUFHZ2dkVXdnZElHCkNTcUdTSWIzRFFFSkRqR0J4RENCd1RDQnZnWURWUjBSQklHMk1JR3pnZ2RqYjI1dVpXTjBnaEZqYjI1dVpXTjAKTG1OdmJtWnNkV1Z1ZElJVlkyOXVibVZqZEM1amIyNW1iSFZsYm5RdWMzWmpnaU5qYjI1dVpXTjBMbU52Ym1acwpkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJVEtpNWpiMjV1WldOMExtTnZibVpzZFdWdWRJSWxLaTVqCmIyNXVaV04wTG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJZEtpNWpiMjVtYkhWbGJuUXUKYzNaakxtTnNkWE4wWlhJdWJHOWpZV3d3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQU1CNm9uSHMwOEV0QWE0aQpCZndYNTcyNXdSdUZKWFlBS2ZtZkg1eGFlVWNobnRhNW1tV2Y4Z1NyZVd3SDJPS3BneS9tZWYzYXdyWWhZWlBlClRMM2ZTZUdGZDdlYkR4Ty9oYW9ibk81THdtc0ZyekJPeDNhNTkrdXRCUGgvSHZMNWIwWll4c1ovdzQyYUw1T1IKWWpSTmVZMmlHaFVJRHFNbm1kZFpiRkNwMXVmNUp6N3RtdGxnN2J0Szd5T1pGVFZzZHZkVFZkbGdOekx2SWNRSAo5dTRNajhkV1lQb01waER6cmRiUmtqMVlsZU1EeHQzZ0RtRlhxTXNDQlJyMXBMTXJNb0lWdmhNc1RlWmpzN1AvCmhuL0o2dDVwNDIrRVpGVmE4S2VzeGNOVzBHZmEvRmdnM0RpK0hBcWY2dU01bXZQZGRNSTFSMVNEZjEzU3JJbloKbkdod1hyMD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EtLmkQAABQEwggT9MA4GCisGAQQBKgIRAQEFAASCBOmHkf+k/dFm49XH1xNNe9kMfnhChmgsnsA/yxQZEJ70Bj3tTq1X5Q+hkKKP/HBvN2cqSMx6bMCQtLCarZuilLYBQ910wG7mMJXqJJFpFNRdN/3om4mKWKZeEgkjy+Evpo0rs7PFCVnA8lYgYYcgwwadm0cuhwxHsvyFnUwum+OTp47f/zjwG2+4YvMBWGR297Se0+KcCBRnunacRFAttiltr3SwgN7LA4WutRm8VYVLR2VmjmhfxmX91UVEmtJ5UM7X3Dl2i8ClroUTGZpAfqlEw0U7Edkhdl7Gcw5QjxHcUL7vXyrOP6zK8+h6Foi+1sdYsVmcGAftM2I4ugH9KIv8YG6eCVesqIE2I10Djer5d+qmYGO1H0525xU3y/PH06DFymA4fh0c74l9b96vPRCyydN2IjtnLi+c5IvgkwKMMjSd+1c4/MrO7JCwZBx2QkxSced0emiXDEW27DbC/KPCjPTzc6X81104om0/UqAoJ2QyGevPZL27T/AhD9N2HmNEm/IRKkDD45IWVOLmS1bB+gsmOwGsUtfykt3BPPSaiGPL9mfH3J/16QaS/NaHvvC0FEaQ43hz049W+B4W8OmPY2oRNW6J1AjVw+lh3XJtCbGN7DnVlwEV2V3eMMMqF4XZGSboFq23VvDdBM1ZqcwlH4p970AqHkTg9O+5X506dNLGpFHKJzN5JdSeY2AOzkZIxDwK17ofxR4brTWZvHKkUSXDYUJv2nMfp/IF3ZcfoFOMY72X0ojU16nf/RJejumAF4fQDKkeMGDfTmOYsL8ACNR/yl/YqAI+LBcBD2U36IYc/SBOKtjPZasH8P7d1Yk/o6b3gQNBO0EexVUIY6c4UJIL+MZYfyX0cv/xEV22dhkVU2QbTtmbKTVvs0tC8NuXhzklVQmf60mAhEoTUWmlOwpnn7/upX5OYiJjEtsupo3fB8aS6zl7bZhAxuPcU39R49oALk/+iuyffj2dW8bU0JmYCpUyhFc6F93GEKK2acK6kIPrhiZnQ+0giMNM4XWI8ioVmD2XFx2u58OBYCMF01TIOiWKWtBNWesqR84C0zZWH6NXNgSgbW1rOeUxSN9+MkTFHdrUxxr9klax1bji7WJzrzNNWhdV23qJyFUCnUBtPufwGa6KJQ1Y5MpS5gijnzH13GkOdRdoavEsiTgeXCxq64jX2FwhLmiogrge5rnNTGzFwqt3kc3OuHPxItkHzv0sXmcxWGkYPAn9ShUrXvlNPNLc/Br5+7XdcGgKVETLyvVno0eZKTTQ3fXeiuXFq/r4FXK1fVJdGpjpfKw6LgGnRe1fKSIeVL/8ydvZOFOknandg2hIHitYIPgeuVKT/SsLPzfA7rbhSCV2nrYgviv/GUumL1jj06rtrvLNTFEXBcXYL3nXRixK72XkeUZ+MOLUQmsr+0SYcBPj0O7NrOCjRBRNEhGLinoyYiEKHiJ9tTZpWI8oAwUZ8guRjz78Lu7QdZS6UxVc/H8ObExQq/cYUkCHsoOvQm80xf2pkmKYUW69e33YjXxSKfk5Bhq49/0eRPyh36mUAdPbUdap+l1KP3gu9fg56CpXGzM0KpPA0Crd9gnVr1INvMoAcrYhwA8wZtLhFqV3LS/s3giOvKpxgoF8FFUflpoWQ2nEYdhAstRnVkrc8VPaLXUKQ/URjHiyapvndxwAAAABAARYNTA5AAAFHjCCBRowggMCoAMCAQICEQDuaKmy9452uDaLdOLVW0iDMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQyNzEwMTQ0MloXDTIyMDQyMjEwMTQ0MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoTBUR1ZnJ5MRUwEwYDVQQLEwxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMTB2Nvbm5lY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEWm3I9dDvpF+wu2vD8WZhaNJxc2moXL6XvabHB+ZQhXGrFJ25PQY6+5XMDimheHWs+Vb0t+62pHrvKfVsZmDldAd1WgVRHfk29QuJQMk2k8kUJA/a1CVDh+daD7+Hodj86fJH1W6TkmIPyO7AanDCFlm8qijVjyaJU4s+rH7R52+kzECUrkJMnESiFLsD1Sd3/+WKAJXzW6PR4zC5bjbDUo3yQIXzNFkV8aF4aYhU5qcDWI0d+VyNDzDGQYAvDGcC5dhjdT27uaLxTbZg8WSjI2sda54z8OyoG9b0qN4AB3Ay1VWXHHKeH6/EbK31NTRn98uXUVmiX70ej+EmhlLBAgMBAAGjggEBMIH+MA4GA1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADCBvgYDVR0RBIG2MIGzggdjb25uZWN0ghFjb25uZWN0LmNvbmZsdWVudIIVY29ubmVjdC5jb25mbHVlbnQuc3ZjgiNjb25uZWN0LmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIITKi5jb25uZWN0LmNvbmZsdWVudIIlKi5jb25uZWN0LmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIIdKi5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWwwDQYJKoZIhvcNAQELBQADggIBAINqRb4iAE0vJ66Wvq+n3emjTv+PKNjmHn5mv4IGmubgWvoz4vLhmHxrfxHhYk81pZ5B48SWl9WyivmS523vSVrTDgjCI9Zawgblag8h+ZvxmkdkvD4M1r2gsyBaFhoERWGJb4mHvFovEtG9d9OL0ysGCpw67iOwYJf7xdPguw5oNLQVkXtzjUwAsSf8B89Rz+iisilBeGk+WzMDw91qhXb7CTFJ657400piFPI8Uj61Ua8tT5f41TojGY0Hf9DBSI9FsRtQWMmXAd1eo5jMJO2m8ui3CqEP0a/KQg/RB/v7iDtxaD5u9YYRpDf8l2UU+LmNKe7bfkhFH08uWkxSmrsMoG+8NqpJWZxw51pU5YuhZ2GZPmczQoYJsLyClUjd7+R4IpMJrjD0tfYYi4QtAjETNs3h4rIwNOXhFM1KQsJgJ0wVrYcGrLvYCiF6Q5IQUGU97Kj2jQUSk+kFEbk51jsg8HZuPREGB8IJ4X8bJOGptdc5e2i9NHih6k5U1VT7c1Ep7atWxjAY7mHNpfKyzxN7UlX223uE18jUptkGdUrcv4QN4oFmmak6+LWxFN0HQEAgKe3W/L5GUk4t+7KanMAcccr7bsPAs6D+gaJRAQlee6d+SuW2UWCIQEmjNsr0pIuNX5AMnwrpRnGiUoWt11i8EWuDo0cKfiM81l+I86HSAAAAAgACY2EAAAF5EtLmkQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGoi/Ja8QPuA/NAqzf3d5xdWvXJuUR - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZHakNDQXdLZ0F3SUJBZ0lSQU81b3FiTDNqbmE0Tm90MDR0VmJTSU13RFFZSktvWklodmNOQVFFTEJRQXcKUmpFTE1Ba0dBMVVFQmhNQ1EwZ3hEakFNQmdOVkJBb01CVVIxWm5KNU1SVXdFd1lEVlFRTERBeEpibk5wWjJoMApjeUJRVDBNeEVEQU9CZ05WQkFNTUIxSnZiM1FnUTBFd0hoY05NakV3TkRJM01UQXhORFF5V2hjTk1qSXdOREl5Ck1UQXhORFF5V2pCR01Rc3dDUVlEVlFRR0V3SkRTREVPTUF3R0ExVUVDaE1GUkhWbWNua3hGVEFUQmdOVkJBc1QKREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRUF4TUhZMjl1Ym1WamREQ0NBU0l3RFFZSktvWklodmNOQVFFQgpCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNUmFiY2oxME8ra1g3QzdhOFB4Wm1GbzBuRnphYWhjdnBlOXBzY0g1bENGCmNhc1VuYms5QmpyN2xjd09LYUY0ZGF6NVZ2UzM3cmFrZXU4cDlXeG1ZT1YwQjNWYUJWRWQrVGIxQzRsQXlUYVQKeVJRa0Q5clVKVU9INTFvUHY0ZWgyUHpwOGtmVmJwT1NZZy9JN3NCcWNNSVdXYnlxS05XUEpvbFRpejZzZnRIbgpiNlRNUUpTdVFreWNSS0lVdXdQVkozZi81WW9BbGZOYm85SGpNTGx1TnNOU2pmSkFoZk0wV1JYeG9YaHBpRlRtCnB3TllqUjM1WEkwUE1NWkJnQzhNWndMbDJHTjFQYnU1b3ZGTnRtRHhaS01qYXgxcm5qUHc3S2diMXZTbzNnQUgKY0RMVlZaY2NjcDRmcjhSc3JmVTFOR2YzeTVkUldhSmZ2UjZQNFNhR1VzRUNBd0VBQWFPQ0FRRXdnZjR3RGdZRApWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQU1CZ05WCkhSTUJBZjhFQWpBQU1JRytCZ05WSFJFRWdiWXdnYk9DQjJOdmJtNWxZM1NDRVdOdmJtNWxZM1F1WTI5dVpteDEKWlc1MGdoVmpiMjV1WldOMExtTnZibVpzZFdWdWRDNXpkbU9DSTJOdmJtNWxZM1F1WTI5dVpteDFaVzUwTG5OMgpZeTVqYkhWemRHVnlMbXh2WTJGc2doTXFMbU52Ym01bFkzUXVZMjl1Wm14MVpXNTBnaVVxTG1OdmJtNWxZM1F1ClkyOXVabXgxWlc1MExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDEKYzNSbGNpNXNiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWcycEZ2aUlBVFM4bnJwYStyNmZkNmFOTwovNDhvMk9ZZWZtYS9nZ2FhNXVCYStqUGk4dUdZZkd0L0VlRmlUeldsbmtIanhKYVgxYktLK1pMbmJlOUpXdE1PCkNNSWoxbHJDQnVWcUR5SDVtL0dhUjJTOFBneld2YUN6SUZvV0dnUkZZWWx2aVllOFdpOFMwYjEzMDR2VEt3WUsKbkRydUk3QmdsL3ZGMCtDN0RtZzB0QldSZTNPTlRBQ3hKL3dIejFIUDZLS3lLVUY0YVQ1Yk13UEQzV3FGZHZzSgpNVW5ybnZqVFNtSVU4anhTUHJWUnJ5MVBsL2pWT2lNWmpRZC8wTUZJajBXeEcxQll5WmNCM1Y2am1Nd2s3YWJ5CjZMY0tvUS9ScjhwQ0Q5RUgrL3VJTzNGb1BtNzFoaEdrTi95WFpSVDR1WTBwN3R0K1NFVWZUeTVhVEZLYXV3eWcKYjd3MnFrbFpuSERuV2xUbGk2Rm5ZWmsrWnpOQ2hnbXd2SUtWU04zdjVIZ2lrd211TVBTMTloaUxoQzBDTVJNMgp6ZUhpc2pBMDVlRVV6VXBDd21BblRCV3Rod2FzdTlnS0lYcERraEJRWlQzc3FQYU5CUktUNlFVUnVUbldPeUR3CmRtNDlFUVlId2duaGZ4c2s0YW0xMXpsN2FMMDBlS0hxVGxUVlZQdHpVU250cTFiR01CanVZYzJsOHJMUEUzdFMKVmZiYmU0VFh5TlNtMlFaMVN0eS9oQTNpZ1dhWnFUcjR0YkVVM1FkQVFDQXA3ZGI4dmtaU1RpMzdzcHFjd0J4eAp5dnR1dzhDem9QNkJvbEVCQ1Y1N3AzNUs1YlpSWUloQVNhTTJ5dlNraTQxZmtBeWZDdWxHY2FKU2hhM1hXTHdSCmE0T2pSd3ArSXp6V1g0anpvZEk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRREVXbTNJOWREdnBGK3cKdTJ2RDhXWmhhTkp4YzJtb1hMNlh2YWJIQitaUWhYR3JGSjI1UFFZNis1WE1EaW1oZUhXcytWYjB0KzYycEhydgpLZlZzWm1EbGRBZDFXZ1ZSSGZrMjlRdUpRTWsyazhrVUpBL2ExQ1ZEaCtkYUQ3K0hvZGo4NmZKSDFXNlRrbUlQCnlPN0FhbkRDRmxtOHFpalZqeWFKVTRzK3JIN1I1MitrekVDVXJrSk1uRVNpRkxzRDFTZDMvK1dLQUpYelc2UFIKNHpDNWJqYkRVbzN5UUlYek5Ga1Y4YUY0YVloVTVxY0RXSTBkK1Z5TkR6REdRWUF2REdjQzVkaGpkVDI3dWFMeApUYlpnOFdTakkyc2RhNTR6OE95b0c5YjBxTjRBQjNBeTFWV1hISEtlSDYvRWJLMzFOVFJuOTh1WFVWbWlYNzBlCmorRW1obExCQWdNQkFBRUNnZ0VBUUQwWmg5S3NQWXE0WjdpWmhDeDVBMHRvOWdiOVBVRENkaUJzN05hdnlnNHUKWnZ0Q3NyUzlVaFMzS0dCRnpIYjlnTTYrWFNmRDZHc2RjUnQ0R0xQUjVaKzFSUFpqb09zK2VuVm5CY3QxU083RwpyVmt5K3JQSFVUV29RZlcvQXArM3Z0N0hEaXRNbHVrZ1Bldk4rSk9hT2xWWG5IckxDenRmTHpSdTdOMUFUR2xwCmtIU0ZaWFJLN1daNTNrb3NrVEhVUERBbzBiclNuVjFReXYxcFFKcHRYSGVoeEphMWxyVXdEN2ZKS1BkOEptSDcKTFRza2RJbWFPZ1V1dk1YellvWlpETGhPZ3k3WUJSTDdrZk9aWlI4K09OaVhNOFNWTFFZdFpaNEY2NzBxR3I1UApLemxpVGZrT0RQMkFoRG5FK1NLdnFNUTRyL1hhUDh6SzdmZ2hEODhVVlFLQmdRRGZmM0NNSXgvL0ZyR05ka3JZCldsQ3VsQXptNE1GTjhJQ2NVRDJJUkhTcDJ1c20xU2t4TkJvYmlqQ2ZSdEtITTByVjltR0JWS2VnYXEyNzJ0a2QKNStoR1JkZ2pIaGRiL1lTQS9vbTAwUVlUSkcrak5ubmVlNUY4YXRFRlJFNTkzdm1PN09ZTnFmYlkxblk3V1lUegpPTDNIb2tWUFc1blNuTEhYTmVoaFZBYzd1d0tCZ1FEZzZHMi9ZWFBsSVEybDRwWG14dWlMeDJXRlM0TTIzUXNTCnJhcWZRRS83amY4TDhHczZ2NnFWTER6aWhVR0FwampJSGYvTk5zdEl4dXJacDlzK0NQeHIzOTJXa1dzckZ2M08KMzFOaTVmWVloNFFhMnV4dnQza2RwSXJKS3EvRk9WaStRbTREMTNqU0J3c2RwSThNOUZNZVc4c0tOKy8vK2RXbQpFZUdyV3ZROXN3S0JnQ0VDQWs1QUZjYW54RnMvSURpcHhnYXlpT0ZFU21oSFg4YzJOcEE4Zy9wZUFhSy9rcERZCndBNVhMMjBtbVlzc01SNCtnQklJdmFUOGZHSWxKVEc4Z1ZwM2tEOUhmMjJ2bUhVd29vZlk0d3ZLc3M0cENvQ28KUVVsZHdUY0U2bzYrY3A4QUw4M096MDBoQjE4bWpuTVphelhqcWxiWkVYUEFmcWRwSjhQUUZDMW5Bb0dCQUtlOAo4YzBnYzMxYUQ0Rys0aW5DQThIc0xzMGhLbldLbWkyT0ZJaTlRR25PMTM4aUNmZEE1NHBsK2VxL2s4RE5OK0FZCmI2V3Z6aUV6S2dpMjVnNzRTTHB6dGlJTHhxL1diK2tRS25MQ0s2N1RzelVNUGZaOEVmcUhzM0toUVlLSWFLVk4KaWh1WFltYlNGZm8vdHVqa2QvRldhTEh3VWpESk5neXJuWEZkWG5kOUFvR0FVMlMrYTQ1U3JGK2x1azZ1bE16ZQpDQXpYQTlpYTF4cm00ZERrRjFMRUZXdWN1WndvZEhhYWVLMDdDVzNzVHFRRG9aRjA0ZkY4c2dBc0M1SitJYU1mCngxV1ZsQnRiOHpyYlFXeG03dEV1NCtWbHFkZmhCNXZmV3JFT3crWktIOEYrOUpzZHVmNVlPU3pBbktzS3pZNjEKTXBReGtpOEdzSWdIc3F6VGpNT1k0bkE9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EtLmkQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGov70Iu1X2a5v2mcMWU/txGnyBbwK ---- -apiVersion: v1 -kind: Secret -metadata: - name: controlcenter-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRGl6Q0NBbk1DQVFBd1RERUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhGakFVQmdOVkJBTVREV052Ym5SeWIyeGpaVzUwWlhJd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDdVFDUmV0Z2pyY0RYa3RuSU0vM3RWejVzM2xhTG4KTHAvWXlSMGZCVkZqd2FvMnFsRFNId29uUUJPQWl0VVUycmpjZEV5SEtUZ1Nrby9zaDdnR0ppTzZSOHdDVTJwVgp6T0NOamU1UFB2N0t3cmZsMXh2QmY1TUtzc3N4dFFPSStybjVQUFVxZU9YRDh1QXFSRXpLUTgzVWlOVFkxU3FPCnFWRnV1bjJQamIxQm1DWnpobXRMVTFseUFVRndvWXo4L2xnWVBGZzBlR2hnUzdwaERPb3Bkb3JWOG1zMDJDNzgKVWc2bUVEa0p1VVY1SXdzQyt5citNejVrdldMNmV1WnI1YVZQVVZGN0NiMHdDdDN3TkpOZWlaT1o5NHdYOFJDaQovam1IekIwU0hXUGp2UnhFbXBCUFhqMFgyRXhXdzhXOENrR2o1MzdQV25meUVGSUwvM1FIWDlGN0FnTUJBQUdnCmdma3dnZllHQ1NxR1NJYjNEUUVKRGpHQjZEQ0I1VENCNGdZRFZSMFJCSUhhTUlIWGdnMWpiMjUwY205c1kyVnUKZEdWeWdoZGpiMjUwY205c1kyVnVkR1Z5TG1OdmJtWnNkV1Z1ZElJYlkyOXVkSEp2YkdObGJuUmxjaTVqYjI1bQpiSFZsYm5RdWMzWmpnaWxqYjI1MGNtOXNZMlZ1ZEdWeUxtTnZibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzCmIyTmhiSUlaS2k1amIyNTBjbTlzWTJWdWRHVnlMbU52Ym1ac2RXVnVkSUlyS2k1amIyNTBjbTlzWTJWdWRHVnkKTG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJZEtpNWpiMjVtYkhWbGJuUXVjM1pqTG1OcwpkWE4wWlhJdWJHOWpZV3d3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUJYcUNUQ3owS2tYUzdya1dOK2dxZ1RqCmY3emp1Ujd3dTV1Zjczcko4ZnJ2c0h1OTRUajBQMVR6WkhYbWU2c0lOVXVNOEdhZFpSV1EvejlSSEJ0K3hoN1MKZkdqTmIyT01zOXRneUcrTFhjQno4eXdTaVdiK3c5bld5OW9xa3pSZzRrc2dpUGV3TnNTRGZvb1ZlazNHaVBnZgppT25rRGR0L2piVmdySzhjMkVWWE85UHdMVXdPNXNUcVpFaTNKdm9TTlpub1FuWlBxRS9qY0l2eGJWQjhmbFRzCkQwQjFUUU4vOXRjYjlpOVpTZXBQT0FBNmlZZjV3NE12YWpZRUJsODhjNnZldDdXVFIzRFhFWndzVWlMMnR2WXgKODJjTW4rWXU4RldWSWhsb0hONkxOZFFyRWNUc0ZTNDF5N3JuelBST2oxQlJZWkw5N1FxemFsVENUQ0lIM0pBPQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EtLheAAABQAwggT8MA4GCisGAQQBKgIRAQEFAASCBOiTZtkqHXnlkp0RFUJuhZVEdAuzrThfEE+7q+s+B79Pzvj2IXKtecntE44mxdcJgSwV95iKuQC7Js+Jku5hpWdS285ADZ2i8s/DdYaBy+aeZijQ4sXfx9dfzBD5cUXJUj2ZfzuPnMedm7teAWhdxt1Xqqe2MNHwqiANkjQ16OOuoNcnpJpxZFnzlHktMENLkLmErGjs3F/nwC1n7fxh0cb3AiI1LvZfbc99bfY80sBi641Fc8b10Gg+wp+TrlavC4WJEhFEAy+semupK1OakM9agOKiZY0MzEWfE5hZw7fYaGctyySa7BFu9kCl6KsGu9NENTEn/5kW6FLp42PbOOfMhJ3ptMIJ7do0gKKfrTu6xaZKHOwLC8oWjQjhNT+ylvs+74cdGCfl53cQF5ImyU9/Cx3XWtauzDQGn5ghwHn3Fk6FhIfhhgSQ3yitfOxpnkeZexkdd4pVRWHIFc/W7U0SDv7qNibih4I0IZFZod9iqDi+SW2krsNSyP1R8dmUKwpUGs5mJjqiq7s9mj8Y2LLs3PR0fm/I1M8IjyvA/Em74HxuWYLEiggqc7921CmLL+2G+gZk9Fji2YDR4llaUtTUHLpyeuIqGXH0UJM2C/5ZlQx2yfC6RJHb5SOT60mrIeeygxaLl/HQ8pcfCYiyb1qtG6mpkYY54PRaJtx1dKAW3qo1B8o3nmkuAQCH8dWBGs5n6IGqv4W7oejfQKI5rDlTJLiBgQ1HZ+JGkdWRazdMPn4CQ2gVKJ0cK25cZdCgTWG7+gWAwL+X1kPpEIG2AvK4cstU/6CbF57HjQhwFSGDxV2mQtVIY79BrLDtOw3pxqJuT5ZLArM8CMAUYZOwggHB5OnroCrNyZYTw6hJctYiG3+Qb1Ux87sm8HYgiq93qQorNZfj/rEyd0L5oTOHbTgET4FfwJ2IxBRHHm2ezOOazc57g7PFTFhDZ8EO2s0H/QFSEpvB0lAaobIMhtclAV4KjUZqJvMujlk+svYfRh4U3umJLpgpqaTWXv8TMq6PZVp/wh+nD6c5fttednxaM4MST4z27T/dwszK8k1MB04S+B3UUv2WphOe59Kf9m8VLM1E2jgnOgjGBPNhb3ym1ScGP83pcQc/5R+PPPg6fLzyAUTi1GwOjmPqLOpqKUuG1H7lLbeK0RC8eP6X1hZEt/INxiEs7S0zb6M+tPcZAQ7De5M2D5vg4x6LCWWIZLmsWDCwgTyKaYTJNr87mAhQwmD94M1QVd6e6I6+28oHxMX2z0XspGmfGs0ZH/u40GcD+GDvvEhiaB5p+YW6I/h2/AvQbsyWBzqWAIdDci7dqibeY+8hCUhquUnWpZn6bG7RkjgC9KATBM+wcE8ai29ux5/mNkLdR+P8ffl7wqmatV3qMSkvMdmXvaeFutKLVaWySYdOshooZTh/Maf11J2jjxtneksaWFAa3/eXUOiFdg0J2TpVdAMvC1kVcovrGwPwW0yNRqv50SB6QN2bhwowvowKrq7Z36ApxJZT5OzN91OfoTmOo5fcYSIIwEDmj9EOAAZTVk/lp6t8qy8MxxerXEUv+XEJMxIAra5PCkuusF/d/dUqRXWMVvDcSUFS1TKidwBGZ8a8r3eM0EKO8smYqeDAC91pExwsijc2Drk7JVrBlWBvn2nRAvqZlNsxlL+Noau9vl4hiPOT1wAAAAEABFg1MDkAAAVIMIIFRDCCAyygAwIBAgIQe6p780NWXWQRaDGqpdbG2zANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MjcxMDE0NDBaFw0yMjA0MjIxMDE0NDBaMEwxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKEwVEdWZyeTEVMBMGA1UECxMMSW5zaWdodHMgUE9DMRYwFAYDVQQDEw1jb250cm9sY2VudGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkAkXrYI63A15LZyDP97Vc+bN5Wi5y6f2MkdHwVRY8GqNqpQ0h8KJ0ATgIrVFNq43HRMhyk4EpKP7Ie4BiYjukfMAlNqVczgjY3uTz7+ysK35dcbwX+TCrLLMbUDiPq5+Tz1Knjlw/LgKkRMykPN1IjU2NUqjqlRbrp9j429QZgmc4ZrS1NZcgFBcKGM/P5YGDxYNHhoYEu6YQzqKXaK1fJrNNgu/FIOphA5CblFeSMLAvsq/jM+ZL1i+nrma+WlT1FRewm9MArd8DSTXomTmfeMF/EQov45h8wdEh1j470cRJqQT149F9hMVsPFvApBo+d+z1p38hBSC/90B1/RewIDAQABo4IBJjCCASIwDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMIHiBgNVHREEgdowgdeCDWNvbnRyb2xjZW50ZXKCF2NvbnRyb2xjZW50ZXIuY29uZmx1ZW50ghtjb250cm9sY2VudGVyLmNvbmZsdWVudC5zdmOCKWNvbnRyb2xjZW50ZXIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsghkqLmNvbnRyb2xjZW50ZXIuY29uZmx1ZW50gisqLmNvbnRyb2xjZW50ZXIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2Fsgh0qLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAt74y12o0HShVLd+8HrcR3RRdA5U4JvD7MaoYGEZ/dqGpPzmlMAzp5VsLgfvuHkZlQozi8Je+xzj8N+67N47G5liPFfH1ezh8/K9M+42sOR8YHjwuldOwIyLPQO5fBrpafyte7ojac2R10jWhv/4E3r86k3a+OijnJ+QpOHRKEu/JFanLuXigWnJ685G06otcRXmLxKNBQLg/7TJcUwImVic3kxC8x77hmWQDKuUIAeYBlofeM/iHVXadVaYNPUw10lBcljOl4vaiiFS0O4XI8A9XdTatm8FQOvNGLOPSlBtmg5mIOCm16n6o8LY4rh96WcuU5S01YsE4D2dDfqz+knD2RMKjO4Iksc/nwQS2eHHV5AhLXEKzLR8N8bbORftXFz72xcYWytyPEz8WC2nX6L5xT6mq8wtAJmHXM4w9Dbt6tSrSAWovozlQibAMdmFsw3ERZUypfPkso5g88VAtbQApT8merCyXy+eVIK2NUMgLT18qfZXw7h5nxqwDncdKxvDns4MUIMwV9OHGHa0GPzzxJ6k7DO7/gQxt+h/ldwqOEIr3msn+IQ2D1WteYzYLNTUttoHz418q9ynJ69w0czEVVdauUD35kpA8WZeqEfqqjpXyhSx5oBt3S0WfKLc7HuoMDsV+92oDNb2VTxpC8ZAw5ot9+ECJRRXGOfs5mXkAAAACAAJjYQAAAXkS0uF4AARYNTA5AAAFDDCCBQgwggLwAgkAwCk1qRAIiMUwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDE5MjExNTUyWhcNMjQwMjA3MjExNTUyWjBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALrJQmV40plWUHCZwtWRl0mRqY8RifLa6YrhemNh4GlpLT7D97hNxlc477QCZ8+9HKW+KTmRCt7t1vjbkC8Pl5Q4uVx8g7knCyMhr9SdWJnkkVQEOIwl4QYqjUKsvtWGgCaZdiJ7CtRcJVoguGaB8H8gbFeuTx/L4gNh3KzwWoS0rHAYGCeJDKQRY13OnhMmVhTunmDf9xm/Cpk91YYAXQ8X65V66ScA4wLlllmmdYMbDW3uHdgTF0XIwBsE8zm7QahAq6myjbcylSzZAqOVTtknSFpovcfaA/nqabjzrzKK5zXd9m/ClsTy7nD9WXIYa3MBjlkmBJITayw4aV/rSlBTOHehBnRL+MgOICMeCTeDLwWuqJzOR1Jlxpr69DpAZ27Iv2ZO+3P45g5C+d5/4xtVeQUd5C57dOIeMYcoiuiEzZjUeRzUnZc4Sk/6nZ3qiGKAFSELxwv8FANwfgd7rq4ba/WunC2L8mvVgQDSYEAy3Elw2uswZb2j8+17UTmjCpGOFOhQp9K+2tdq9eeAmFsI8ZGDeK+3m8cPcIFWtBpERbDBlRGf7wogeKtyx77QLuJkWAW9bKzGdeX1E59A0J+US+uRcE6bdQUX4lB4V7jVkQ83asqEXIoT9uWE1j3MluAGRhbLUwmR6Cv7EkuvvxO81Zb7d2Sq6cl4TTSN0Bt7AgMBAAEwDQYJKoZIhvcNAQELBQADggIBAHjqFcAFwJKPlw3UXj6LrzXR0RhTRKuux/9BfcggprOXe4jFtV+XWt+7pGHt0wljGBT+idhxgXWy/CGaZ66OLNiDx9hM9FYGmPeTeogZGRHQpT7IRinK5RJIHggOYAPiCtvKZfTlybX9lOAxi9CwBg7p/O/sDy7g0VZKeEnRM1WBkccuWNCIrqGIqc6Y9QCexPYN7pcBpFp7djaf+6WjcAJhA94PyByHcsN38lWxyYD47BbEZ7iyYIcCrPeVj/dn2oCWJ7qI+kU6OG6Os+s9cGL0M8s8U9ZqYE4ZtBcqkjnsrifn/rXLSW53OmnzLXpaAyiQXwDzQze3LkPGoGo+0XKpCip3TjzqsWfxuk8qkdTA0IOZgZW1le3o6AQEMIZ6Oq/HzUXo1VZpBGexfgSxklidsTxsBnBB7qA77QI0qFZaxC0kVYzilDBcIk/YO1gK5XZF1mGcO5834n76NyoS42JjlmSoc5OPvDZ8mrJSOYwk3r9MARASeV8I/JnvP8StzLv1UI8yBjuWx03E31zgmXHUE0COuXwPMg4nVu2T9g5+MjJOJqyIxsbt6o/XWsSob7wgDoW8ck2Xwm3ItW1hFOaHIU7u3LAV+DJWJYWKc4rbH8p3chWi/Vo1/LqeMvdD8Tjt0gpbdJZbX8vzVxwmWY+enJiqehXLXJT6IqbUyEaiPXVyKsVc0eiKICOAM4IvZH974W0= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZSRENDQXl5Z0F3SUJBZ0lRZTZwNzgwTldYV1FSYURHcXBkYkcyekFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjeE1ERTBOREJhRncweU1qQTBNakl4Ck1ERTBOREJhTUV3eEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1SWXdGQVlEVlFRREV3MWpiMjUwY205c1kyVnVkR1Z5TUlJQklqQU5CZ2txaGtpRwo5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBcmtBa1hyWUk2M0ExNUxaeURQOTdWYytiTjVXaTV5NmYyTWtkCkh3VlJZOEdxTnFwUTBoOEtKMEFUZ0lyVkZOcTQzSFJNaHlrNEVwS1A3SWU0QmlZanVrZk1BbE5xVmN6Z2pZM3UKVHo3K3lzSzM1ZGNid1grVENyTExNYlVEaVBxNStUejFLbmpsdy9MZ0trUk15a1BOMUlqVTJOVXFqcWxSYnJwOQpqNDI5UVpnbWM0WnJTMU5aY2dGQmNLR00vUDVZR0R4WU5IaG9ZRXU2WVF6cUtYYUsxZkpyTk5ndS9GSU9waEE1CkNibEZlU01MQXZzcS9qTStaTDFpK25ybWErV2xUMUZSZXdtOU1BcmQ4RFNUWG9tVG1mZU1GL0VRb3Y0NWg4d2QKRWgxajQ3MGNSSnFRVDE0OUY5aE1Wc1BGdkFwQm8rZCt6MXAzOGhCU0MvOTBCMS9SZXdJREFRQUJvNElCSmpDQwpBU0l3RGdZRFZSMFBBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNECkFqQU1CZ05WSFJNQkFmOEVBakFBTUlIaUJnTlZIUkVFZ2Rvd2dkZUNEV052Ym5SeWIyeGpaVzUwWlhLQ0YyTnYKYm5SeWIyeGpaVzUwWlhJdVkyOXVabXgxWlc1MGdodGpiMjUwY205c1kyVnVkR1Z5TG1OdmJtWnNkV1Z1ZEM1egpkbU9DS1dOdmJuUnliMnhqWlc1MFpYSXVZMjl1Wm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNnaGtxCkxtTnZiblJ5YjJ4alpXNTBaWEl1WTI5dVpteDFaVzUwZ2lzcUxtTnZiblJ5YjJ4alpXNTBaWEl1WTI5dVpteDEKWlc1MExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDFjM1JsY2k1cwpiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQXQ3NHkxMm8wSFNoVkxkKzhIcmNSM1JSZEE1VTRKdkQ3Ck1hb1lHRVovZHFHcFB6bWxNQXpwNVZzTGdmdnVIa1psUW96aThKZSt4emo4Tis2N040N0c1bGlQRmZIMWV6aDgKL0s5TSs0MnNPUjhZSGp3dWxkT3dJeUxQUU81ZkJycGFmeXRlN29qYWMyUjEwaldodi80RTNyODZrM2ErT2lqbgpKK1FwT0hSS0V1L0pGYW5MdVhpZ1duSjY4NUcwNm90Y1JYbUx4S05CUUxnLzdUSmNVd0ltVmljM2t4Qzh4NzdoCm1XUURLdVVJQWVZQmxvZmVNL2lIVlhhZFZhWU5QVXcxMGxCY2xqT2w0dmFpaUZTME80WEk4QTlYZFRhdG04RlEKT3ZOR0xPUFNsQnRtZzVtSU9DbTE2bjZvOExZNHJoOTZXY3VVNVMwMVlzRTREMmREZnF6K2tuRDJSTUtqTzRJawpzYy9ud1FTMmVISFY1QWhMWEVLekxSOE44YmJPUmZ0WEZ6NzJ4Y1lXeXR5UEV6OFdDMm5YNkw1eFQ2bXE4d3RBCkptSFhNNHc5RGJ0NnRTclNBV292b3psUWliQU1kbUZzdzNFUlpVeXBmUGtzbzVnODhWQXRiUUFwVDhtZXJDeVgKeStlVklLMk5VTWdMVDE4cWZaWHc3aDVueHF3RG5jZEt4dkRuczRNVUlNd1Y5T0hHSGEwR1B6enhKNms3RE83LwpnUXh0K2gvbGR3cU9FSXIzbXNuK0lRMkQxV3RlWXpZTE5UVXR0b0h6NDE4cTl5bko2OXcwY3pFVlZkYXVVRDM1CmtwQThXWmVxRWZxcWpwWHloU3g1b0J0M1MwV2ZLTGM3SHVvTURzVis5Mm9ETmIyVlR4cEM4WkF3NW90OStFQ0oKUlJYR09mczVtWGs9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ3VRQ1JldGdqcmNEWGsKdG5JTS8zdFZ6NXMzbGFMbkxwL1l5UjBmQlZGandhbzJxbERTSHdvblFCT0FpdFVVMnJqY2RFeUhLVGdTa28vcwpoN2dHSmlPNlI4d0NVMnBWek9DTmplNVBQdjdLd3JmbDF4dkJmNU1Lc3NzeHRRT0krcm41UFBVcWVPWEQ4dUFxClJFektRODNVaU5UWTFTcU9xVkZ1dW4yUGpiMUJtQ1p6aG10TFUxbHlBVUZ3b1l6OC9sZ1lQRmcwZUdoZ1M3cGgKRE9vcGRvclY4bXMwMkM3OFVnNm1FRGtKdVVWNUl3c0MreXIrTXo1a3ZXTDZldVpyNWFWUFVWRjdDYjB3Q3QzdwpOSk5laVpPWjk0d1g4UkNpL2ptSHpCMFNIV1BqdlJ4RW1wQlBYajBYMkV4V3c4VzhDa0dqNTM3UFduZnlFRklMCi8zUUhYOUY3QWdNQkFBRUNnZ0VBZldHd0NlcG9McWsyVGxVdGFjYm53MDQ0UE4zU014RXNlYnYwMVY1cE95T2UKUytsdmNGSmZadkRIVjZZT1B3eEhHbklnb3R6NCtQdzJ6WmEyeHMzb3hXQm1Ib0pSTUYzVWNtYmZSR3hxd0JFdQpiQmJGWlExY0M4V3RTaDRhNWhTcmZ2anEzRjNUenBSVDBuWUUzMEc4dUtLZ3JVbHRidXZNcWFWTk5kOWlmL0JBCk8ySWYrOFZORWw2TmZvQng1N3VHanFkVGVKak5lRGFuKzhZU0phRGdqZ1hOdGNtOCtEZHB4T042ZURFYldqZE4KWE5XS0FFSm0xaG9qNjZwVUNrYUlEcVFEY0ZLSTBJYXhUcVZPbXhkT1Bybk9Jb2VmVzU3U3NHUE91Vzl6NXBHVAo4MjZ6Tk9pQTZtN1E2S29ETHJxbENDUHNMSVZ5OEhTN0pEL3MybCtrR1FLQmdRRFJGb3NacVUrb3E4aE9ySTBrCmZPSFN4dHJCd1BSSkJscDZoN0M1bTVlZmZRbkM2Vk1TVTBMQnRIUzZ3UWJnczNMOFIvUlU3ejlWZ01HWmN3QjIKV0YzdlJYeU1PaU1nQ0hzVWxSbU5laWw5cG9jeGNQYmxpRFhsYnNveGVieVh2eCt1RTI3bVV6VXhuSkJEVGtkeQpJZ09BUUFhUUUxV3llNndTT1hxajRqTkpYd0tCZ1FEVldLQkFPVUxjQS9iOW0xRHVKMGVZZ2QyR0RwcytLaGFDCndWRHo1cmRobkl4VDlST21CeDdPRUN0anBFN2JIdm1hSWZ6TFJHMnZhMzBpMlNhOWR0VnhSYjg5Ym9OQWlvQisKc0NSMDZXaC9sUGdFZHYweXZHdWE1YldTSDdtUXR4Z2pLdkM2RW9HZXZCVytBRFo0b2M1K2Mwa1VlT0Q3cHVvMQpuemtQajdXQlpRS0JnQXh2cE5KZjZhY0VvS05kUy8vUmxiVHRzdkUzUXRCZEdtQ1RWWVdVcFk0TTU5bTUrd0RxCkJ0eHltVWJLV0ZoaEZBUEJXOXo1WmZEMStZM2c4elFXeVcrRDJJYVdwcVF2SFBMNmMweWc2WHJadnN6SUJVZGQKdEtieTBmL2pWNzVHMWVHS3NsdnNzd3RDWHFwQ0s2bTBNRFVlbWNWVUFSTGVuRHR4UThRZm5pRk5Bb0dBSUdxMAovczAwa1lXd3M5d3pzZHdhRHR3OHNxL3Blc3FlWFFQT3J5Q3hZSTJPN1ByaUgyb1pqaW42emNzYmlFUHVuVExvCjNHSHJZS291ZTJzUGJkNXVsQ1dLNTJTeFlNOHFzeFZFbE5jYVg3aGM3eUM5WEVZdyszcEgyb29qZ2crd0JUZnoKRi9MVDZ6Q2RCUiszSnlFKzVRdlRZTjcxSUllK01xT2M0Zlp1RjlrQ2dZQmVVckIwTWlCSHRYTWllTS9uZXVmYwpqYjl5OGRiSUhDTmtuVVRRalZFZDJvSmJvM0FzRklLY1pxc1crSENQN0xuem5aNGpDM2JWakZqQ0laOG1jTUx1Cm9PNnVDV3piUmdYK05XRXhaYW9pRTFUZUlTdU40QkdiczBORzQ4VjFHSVo0V21mN3ZGbUVNU3F6WTJ6YWgweHAKWnBwTGdweldmK0pwdDEwZW9BeUNjQT09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EtLheQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGogKOqbvH8v+lhm8jipCdQ4N7IngA ---- -apiVersion: v1 -kind: Secret -metadata: - name: kafka-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRFV6Q0NBanNDQVFBd1JERUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhEakFNQmdOVkJBTVRCV3RoWm10aE1JSUJJakFOQmdrcWhraUc5dzBCCkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQWxnaUVnQUszSDY4MXBuaGtmaTV6YURGSC9jTVdOODd1TVowQ3dBQ1YKOEsxcnl2YTQ1cG9heWlyeDBrSTFxKyt5VWk0dkRvemQwY2NsdXJ6aVNyU2c0SHFTSUxsSW9UZ0p6aHBkdkVMOQpnMkpRVkxUeGZGSTNneTZyMG9uQlU4TTRTSlI5R3JONUhzUDNxYVYzRzdHOEJnS0FDbzNuK283QThtRnpLUzhICjJubExMbHNzalRuY0tCZHlWNzF3NFpwa2I4V0h6VnJyWUhMd1VMSzhwekVOWjYwdnhMalorQnp1R2I5MDNYVkoKdmVpQkw4M2JVRUp1VjZNSzc1S1hHTUkyKzJEajYrQTVUaEpGdSt6M3FDbGZLOFJpWUhsSjdQV1g3d0pwOVp4Twp5TmlPUThYTzM1RmZ3N09IQklETmNWWWNkNHVIN3pTcUxDdnczeHBtekVJU1RRSURBUUFCb0lISk1JSEdCZ2txCmhraUc5dzBCQ1E0eGdiZ3dnYlV3Z2JJR0ExVWRFUVNCcWpDQnA0SUZhMkZtYTJHQ0QydGhabXRoTG1OdmJtWnMKZFdWdWRJSVRhMkZtYTJFdVkyOXVabXgxWlc1MExuTjJZNEloYTJGbWEyRXVZMjl1Wm14MVpXNTBMbk4yWXk1agpiSFZ6ZEdWeUxteHZZMkZzZ2hFcUxtdGhabXRoTG1OdmJtWnNkV1Z1ZElJaktpNXJZV1pyWVM1amIyNW1iSFZsCmJuUXVjM1pqTG1Oc2RYTjBaWEl1Ykc5allXeUNIU291WTI5dVpteDFaVzUwTG5OMll5NWpiSFZ6ZEdWeUxteHYKWTJGc01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQjJ2UEhDY3RrRFVORlpiUi8wcTRGM055QXc5WEVOaThBMApwQWNjamtmc2k1bnRWY3VBVGwvWmoyMlhIc3RxdjB5Nm1MMC9TdjZmK0dRdFUzOEdCVnhXS25tOVhlb0FVSjJQCllhRFdHc3Z5aDQ5a3NYZkhVbnhxTDJOZEdKRWpqdlJTNG5xMHVwQTNtUU4remdpd0VHQ3FEanhZK1BxUUZ5YkwKWHJGbVJBUUR2SzNLcFlmZENOOFZ3bzhwbUo0a3JiOUJXRTFNNmNiQUZUUFRMT2E0VTBaOUdvcVRMdlBiT2dqcwpBUHhwejZSeHJXR3VnKzQwb1VLL2IrK3N6Rjk5Vm9ZM0s1SDcwTEhVOTVSaFBVbTRFakR0eTVDVkxEVnAydTZJClk1SERReDZzVmhlQ0xpcUdydUtka1lGQkU2NUJKOTRFdERnTHhHNi82bk52SVpBa1NidGcKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5ErDMNQAABQIwggT+MA4GCisGAQQBKgIRAQEFAASCBOoBANW4I6IZvIFa4JaoHzuQDlcZg91sQNAv9fhhDGtSf/AddlKCI0dgPljcjVPQFGXpe4vTMoec3twlAisp4gDZVpJAKaV3UMmANK/f8f6Nit2CHVebzNk+G4t3m0QA+4p0hvv36DeMknzyjp+iWvuJAAWPNQWRYCY+Ph7jjXXyjwIynY4e2GgM0Jb831kJds47USnHWAoyVNs+eEmu7HpbU4RlfgxNA/07J52r0x8hzPucAnjOujaAveJaDiKmnqdJT0j5iKGIisKdtc2RQOrTJRLr6tHqu0kHuP8c77M3LkFaNMTex9MoGh/SmCccHOmR20DAUCm7Xn6KQVXqBeGQTZZfBUbMA4VXJFXQF3YmncwERupjT50nUpFlL+hMAWww4Tl9UolaVp+GrR+j6l+yfaCDkbBFRUDXZOO/+IedN7agBn+YvpK5VV6Ak6Vuw/wXxBQQdrhxX+h8c5Ka4h/ELblCYf0A4rsZaAzpOVSbet0nBWD2uE6ERsdHjpzWyOtr2nyfI6dRrmGRYlcdENy+XSaaRpvhaiRUf5DUwSG8w7On/FDJrbvRuiyJRCJh5U25+wUUD3veDcEMqbIZ0cC1ISvg4bS0BMoYvVga2m4xlktEu5cuMut1rdRmHwDyofcg7geULxrZfvtKDx/OXcuSr/ag9oXhN4z+jzbE0+tKWiVmghgm7uDTaIjl5LnuxauIBuPl0kk2+tGqBrKcIyMbboZHfH0Zz4w6cZ93ediXfJJ9+mKGIFV0S5CCzzbaSr+t9PKtdnaLdkWLY3dyr50o0zyeizX8XoswTZ+fKd8ZZOnxDXm6NVkxIJUJZOyJtV8siJm2eqih3k0ujkzutlZYUAGkGG6BIQHjjyENXUiNhlRUsMYDniDSqrRT8vDrhgRqQk1U14cYb53WbGMwCJd6zicD1TiTzmiwriH5egYdEg7/uNbMdFZ3u1WvpPO3av1fDkL7CUWosIDY3RXFyK2tafAI4uGSnHZ+NV9kZ9RA5KcL3HXs1ZQNRFRq83WxCsAS54AbEJHyt1TZvmooD53J9mVQZDChW37pB/M64zXMSVeujB+vSvupVUQVQ1i3AsPbrujp397H3ShUdBUg5mcTSV8i9noxoYq3TRO2d+5GnmqhOM0h9lRWIA7pn7TBOyQQfx+NPmi1BwMqKCCT4UXS11FLmAZiak7nJVKgYrDjD2y+KU2o7cTbyDXfj8c687rk8haPy6Pfly+bwzs06lWYxxVEFDWjQkjwAtSMU3P8yc+TCi+cO487z5UaSBWoadFFQuSliKx5jaqTRNL9+0Riun9TYY7+CLXlAvLSct/QOE4ivONmAObOlMq9Oq3bqWmtlJ0VoX1X7eJV6dVRyugGiLaC5qrtBq3XWScGlKqTRRtQ1VJx71uz3YKi4JUqVbJmUpabtWTStxaolWJqiqYxqu8FEFbPOn5ft8koOWDP9oVJgXQ8oJiW5hXJ7OF3pxPlg1LXTJGanU1Bcy7gYt7pzQhYAMb2EEDGBl5i8v5Q52nIGhZowPybCp2+GIGj64MQfnUrg8NAAHejmgrm+TCcWtZhNsqA4/UZejLsq+LTWUsjrVVRCHSZTPUDtGOdTJdtDQW2ewfNQW3tDZEYBgTZy5rYrBM/ONzFQ+FtEWIw0AfSeBwyvuAHSjLK+qa81s2LMy72ZNnbbWcHAAAAAQAEWDUwOQAABQ8wggULMIIC86ADAgECAhEAw0UgqDhhKhtWERN8lkh/mTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MjcwOTM3MjdaFw0yMjA0MjIwOTM3MjdaMEQxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKEwVEdWZyeTEVMBMGA1UECxMMSW5zaWdodHMgUE9DMQ4wDAYDVQQDEwVrYWZrYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYIhIACtx+vNaZ4ZH4uc2gxR/3DFjfO7jGdAsAAlfCta8r2uOaaGsoq8dJCNavvslIuLw6M3dHHJbq84kq0oOB6kiC5SKE4Cc4aXbxC/YNiUFS08XxSN4Muq9KJwVPDOEiUfRqzeR7D96mldxuxvAYCgAqN5/qOwPJhcykvB9p5Sy5bLI053CgXcle9cOGaZG/Fh81a62By8FCyvKcxDWetL8S42fgc7hm/dN11Sb3ogS/N21BCblejCu+SlxjCNvtg4+vgOU4SRbvs96gpXyvEYmB5Sez1l+8CafWcTsjYjkPFzt+RX8OzhwSAzXFWHHeLh+80qiwr8N8aZsxCEk0CAwEAAaOB9TCB8jAOBgNVHQ8BAf8EBAMCAqQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwgbIGA1UdEQSBqjCBp4IFa2Fma2GCD2thZmthLmNvbmZsdWVudIITa2Fma2EuY29uZmx1ZW50LnN2Y4Iha2Fma2EuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsghEqLmthZmthLmNvbmZsdWVudIIjKi5rYWZrYS5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCHSouY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsMA0GCSqGSIb3DQEBCwUAA4ICAQBi/cIE48RiWD1DkdnskBFIrurORqWn6WsURj1GEduOWnJaTNmmdhZTNK9Rdw3N8p+bRw9O8P+qhZZuJiUMnt2mC7RvKKReQEfWIQA95/G9jxiz+Njo/z3Pxo0xmmC8Q2393jpq4cn26myETtrrlvureqaaBLNeOwP/xfI0/TccXa4yQHkLma9FDhgzK5fFDXo6BGhOjh7m+Yp4drul53zJQD+7Su2WxdxGpdhDH15T7k34RCJqJEHp4flukSkmJfoXwIL6Wq1PWNDJcVROnZ3ScoLS/VaoV2HyjdYkqrv8dnY6VgvycsAGhb3iiVcKBrIomMYwzB4SmGGqL7i1z1vJxVUfsVzbzfA4IGuL8HY6QMa96Qexj2IxwPwmXfjpCAw4y63k7TlfEZtf4PXc+FfLUSpR+XvfpZFd5ON8VtucH/4AWD2D+XxGrESudfLfzb8uTUE6KlVBgV23rsBJaOXX/SF345UxCRT6/tiZp3WZ7YyJsix3v8qJIyqRj72eAb1Ju5Ii8A6MV1HX4UsnALCAbr+v24l2InZSzZu47K5RD8EjyGcBVrXXDf9WhrMGflX+ht505EVFCDazYEKovUTItssh7Ta+x8Myf7O3sthJJYY6rPUgoJRgKWkEOibCFz5XiK3K62Bg1N95Tnxkp1yTrIIwUCh55sGbob5Z8ispIgAAAAIAAmNhAAABeRKwzDUABFg1MDkAAAUMMIIFCDCCAvACCQDAKTWpEAiIxTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yNDAyMDcyMTE1NTJaMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuslCZXjSmVZQcJnC1ZGXSZGpjxGJ8trpiuF6Y2HgaWktPsP3uE3GVzjvtAJnz70cpb4pOZEK3u3W+NuQLw+XlDi5XHyDuScLIyGv1J1YmeSRVAQ4jCXhBiqNQqy+1YaAJpl2InsK1FwlWiC4ZoHwfyBsV65PH8viA2HcrPBahLSscBgYJ4kMpBFjXc6eEyZWFO6eYN/3Gb8KmT3VhgBdDxfrlXrpJwDjAuWWWaZ1gxsNbe4d2BMXRcjAGwTzObtBqECrqbKNtzKVLNkCo5VO2SdIWmi9x9oD+eppuPOvMornNd32b8KWxPLucP1ZchhrcwGOWSYEkhNrLDhpX+tKUFM4d6EGdEv4yA4gIx4JN4MvBa6onM5HUmXGmvr0OkBnbsi/Zk77c/jmDkL53n/jG1V5BR3kLnt04h4xhyiK6ITNmNR5HNSdlzhKT/qdneqIYoAVIQvHC/wUA3B+B3uurhtr9a6cLYvya9WBANJgQDLcSXDa6zBlvaPz7XtROaMKkY4U6FCn0r7a12r154CYWwjxkYN4r7ebxw9wgVa0GkRFsMGVEZ/vCiB4q3LHvtAu4mRYBb1srMZ15fUTn0DQn5RL65FwTpt1BRfiUHhXuNWRDzdqyoRcihP25YTWPcyW4AZGFstTCZHoK/sSS6+/E7zVlvt3ZKrpyXhNNI3QG3sCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAeOoVwAXAko+XDdRePouvNdHRGFNEq67H/0F9yCCms5d7iMW1X5da37ukYe3TCWMYFP6J2HGBdbL8IZpnro4s2IPH2Ez0VgaY95N6iBkZEdClPshGKcrlEkgeCA5gA+IK28pl9OXJtf2U4DGL0LAGDun87+wPLuDRVkp4SdEzVYGRxy5Y0IiuoYipzpj1AJ7E9g3ulwGkWnt2Np/7paNwAmED3g/IHIdyw3fyVbHJgPjsFsRnuLJghwKs95WP92fagJYnuoj6RTo4bo6z6z1wYvQzyzxT1mpgThm0FyqSOeyuJ+f+tctJbnc6afMteloDKJBfAPNDN7cuQ8agaj7RcqkKKndOPOqxZ/G6TyqR1MDQg5mBlbWV7ejoBAQwhno6r8fNRejVVmkEZ7F+BLGSWJ2xPGwGcEHuoDvtAjSoVlrELSRVjOKUMFwiT9g7WArldkXWYZw7nzfifvo3KhLjYmOWZKhzk4+8NnyaslI5jCTev0wBEBJ5Xwj8me8/xK3Mu/VQjzIGO5bHTcTfXOCZcdQTQI65fA8yDidW7ZP2Dn4yMk4mrIjGxu3qj9daxKhvvCAOhbxyTZfCbci1bWEU5ochTu7csBX4MlYlhYpzitsfyndyFaL9WjX8up4y90PxOO3SClt0lltfy/NXHCZZj56cmKp6FctclPoiptTIRqJVPK9nxNuoZ39mkA+Xi/FSlKVL/Q== - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDekNDQXZPZ0F3SUJBZ0lSQU1ORklLZzRZU29iVmhFVGZKWklmNWt3RFFZSktvWklodmNOQVFFTEJRQXcKUmpFTE1Ba0dBMVVFQmhNQ1EwZ3hEakFNQmdOVkJBb01CVVIxWm5KNU1SVXdFd1lEVlFRTERBeEpibk5wWjJoMApjeUJRVDBNeEVEQU9CZ05WQkFNTUIxSnZiM1FnUTBFd0hoY05NakV3TkRJM01Ea3pOekkzV2hjTk1qSXdOREl5Ck1Ea3pOekkzV2pCRU1Rc3dDUVlEVlFRR0V3SkRTREVPTUF3R0ExVUVDaE1GUkhWbWNua3hGVEFUQmdOVkJBc1QKREVsdWMybG5hSFJ6SUZCUFF6RU9NQXdHQTFVRUF4TUZhMkZtYTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQpBNElCRHdBd2dnRUtBb0lCQVFDV0NJU0FBcmNmcnpXbWVHUitMbk5vTVVmOXd4WTN6dTR4blFMQUFKWHdyV3ZLCjlyam1taHJLS3ZIU1FqV3I3N0pTTGk4T2pOM1J4eVc2dk9KS3RLRGdlcElndVVpaE9Bbk9HbDI4UXYyRFlsQlUKdFBGOFVqZURMcXZTaWNGVHd6aElsSDBhczNrZXcvZXBwWGNic2J3R0FvQUtqZWY2anNEeVlYTXBMd2ZhZVVzdQpXeXlOT2R3b0YzSlh2WERobW1SdnhZZk5XdXRnY3ZCUXNyeW5NUTFuclMvRXVObjRITzRadjNUZGRVbTk2SUV2CnpkdFFRbTVYb3dydmtwY1l3amI3WU9QcjREbE9Fa1c3N1Blb0tWOHJ4R0pnZVVuczlaZnZBbW4xbkU3STJJNUQKeGM3ZmtWL0RzNGNFZ00xeFZoeDNpNGZ2Tktvc0svRGZHbWJNUWhKTkFnTUJBQUdqZ2ZVd2dmSXdEZ1lEVlIwUApBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CCkFmOEVBakFBTUlHeUJnTlZIUkVFZ2Fvd2dhZUNCV3RoWm10aGdnOXJZV1pyWVM1amIyNW1iSFZsYm5TQ0UydGgKWm10aExtTnZibVpzZFdWdWRDNXpkbU9DSVd0aFptdGhMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDFjM1JsY2k1cwpiMk5oYklJUktpNXJZV1pyWVM1amIyNW1iSFZsYm5TQ0l5b3VhMkZtYTJFdVkyOXVabXgxWlc1MExuTjJZeTVqCmJIVnpkR1Z5TG14dlkyRnNnaDBxTG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYkRBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FnRUFZdjNDQk9QRVlsZzlRNUhaN0pBUlNLN3F6a2FscCtsckZFWTlSaEhiamxweQpXa3pacG5ZV1V6U3ZVWGNOemZLZm0wY1BUdkQvcW9XV2JpWWxESjdkcGd1MGJ5aWtYa0JIMWlFQVBlZnh2WThZCnMvalk2UDg5ejhhTk1acGd2RU50L2Q0NmF1SEo5dXBzaEU3YTY1YjdxM3FtbWdTelhqc0QvOFh5TlAwM0hGMnUKTWtCNUM1bXZSUTRZTXl1WHhRMTZPZ1JvVG80ZTV2bUtlSGE3cGVkOHlVQS91MHJ0bHNYY1JxWFlReDllVSs1TgorRVFpYWlSQjZlSDVicEVwSmlYNkY4Q0MrbHF0VDFqUXlYRlVUcDJkMG5LQzB2MVdxRmRoOG8zV0pLcTcvSFoyCk9sWUw4bkxBQm9XOTRvbFhDZ2F5S0pqR01Nd2VFcGhocWkrNHRjOWJ5Y1ZWSDdGYzI4M3dPQ0JyaS9CMk9rREcKdmVrSHNZOWlNY0Q4SmwzNDZRZ01PTXV0NU8wNVh4R2JYK0QxM1BoWHkxRXFVZmw3MzZXUlhlVGpmRmJibkIvKwpBRmc5Zy9sOFJxeEVyblh5MzgyL0xrMUJPaXBWUVlGZHQ2N0FTV2psMS8waGQrT1ZNUWtVK3Y3WW1hZDFtZTJNCmliSXNkNy9LaVNNcWtZKzluZ0c5U2J1U0l2QU9qRmRSMStGTEp3Q3dnRzYvcjl1SmRpSjJVczJidU95dVVRL0IKSThobkFWYTExdzMvVm9hekJuNVYvb2JlZE9SRlJRZzJzMkJDcUwxRXlMYkxJZTAydnNmRE1uK3p0N0xZU1NXRwpPcXoxSUtDVVlDbHBCRG9td2hjK1Y0aXR5dXRnWU5UZmVVNThaS2RjazZ5Q01GQW9lZWJCbTZHK1dmSXJLU0k9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ1dDSVNBQXJjZnJ6V20KZUdSK0xuTm9NVWY5d3hZM3p1NHhuUUxBQUpYd3JXdks5cmptbWhyS0t2SFNRaldyNzdKU0xpOE9qTjNSeHlXNgp2T0pLdEtEZ2VwSWd1VWloT0FuT0dsMjhRdjJEWWxCVXRQRjhVamVETHF2U2ljRlR3emhJbEgwYXMza2V3L2VwCnBYY2JzYndHQW9BS2plZjZqc0R5WVhNcEx3ZmFlVXN1V3l5Tk9kd29GM0pYdlhEaG1tUnZ4WWZOV3V0Z2N2QlEKc3J5bk1RMW5yUy9FdU5uNEhPNFp2M1RkZFVtOTZJRXZ6ZHRRUW01WG93cnZrcGNZd2piN1lPUHI0RGxPRWtXNwo3UGVvS1Y4cnhHSmdlVW5zOVpmdkFtbjFuRTdJMkk1RHhjN2ZrVi9EczRjRWdNMXhWaHgzaTRmdk5Lb3NLL0RmCkdtYk1RaEpOQWdNQkFBRUNnZ0VBQ3BsemN1KytMRGplbTNJcDkxZ2t3eG1vTWw5VDlJRmtCcEZISG5Wc0ltSysKR01xeGFXazl0MGF0YXVOT2syVU52Z3lST24vdE0rTFQ0WXR5bVVDRmxSWlR1SWdlZjNWTURBbUUwY1lSenZSbApKSGJjRUtKbVZaZzRmMWxJRlRqWGd4a3FkWFowZWgzeUkwUVRWQnVNWXdoT0wzQ3pFTnFBK3g2eldoZCtnSXF4CmVUTHJYV3ZHME51RXV4UGpUZWRMbmZ1M01Ock9CV0p1bVFiaWtNUGROUGRweHZyQzFHNzdHdWFCMlJjMDJ1M3oKSFF5bUJ0RnhGdkhOUVJVU0ZGRWd4aGY5WmorVXhCMVUwbjZKcy9iNlZMSmQrSjI1ZDIwYUNLOGlETG1SMmRQYQpvRndHT1RMRUFkcThUd0hjZ0hDMkNIQkNDT2pYT1ozYXRXZUxwWHdxZ1FLQmdRREJBTGdOdDE5TWk1a1lqYndKCjZJNTNPd0lkLy96S1RlckRTenZhSFltU2FkTEdrTWY3b2JWSFRnbkY0dTE2b1B0cFN1ellxbDJpMTdjY0taU04Kd2FINUpXS1pOZUt4NklDMDZqNDZScmZhZTV4RkY5TFM4YWpEV3ZOaWlyZ3hPMVU1TGZjSmc5ZUIrWTNwcmNyRgpkOElyS0RhOUxxaHVnczlZUmxGMWM5eGlmUUtCZ1FESEFVV0pNcEhsRHBqTmlXUUZjelV6V3cvZk5jSW9sT0pwCnBweldaSlhKNXUyY2ZlUXBkOCs4WGJOdU12cnQyUHZNYTgyMW1kNmJmRGtiMTZyc24yRnM0SFRkY1FyMnhWUUgKbUZOR3pzWEVMa3NoMzdsQ1pCbjk4c09TR0wrenBiOCtTeEtqQW9xVXFPNVFZeFpFQVVCdEdYWU5KZWQwNnhsWAo4bGZlWU93b0VRS0JnR3JteHd0eDRpczN0MWpPU0xVRVJzVHJ2a1Izb2NFOFh5aEU1NlhzYm1MV2twVEJaTU9QCjBpVG9xS2tmQklMRDMvMTJMckhqeTNHRElqMUxHcWxaOHlsWTk3LzlCTStlQkl3d29yOE1wSkV6bmw3Mnp5TmcKRHlZRm5vR2FiR040aGIvaUljNzNZOHJ1T3hpUDFweUJ0TjdLcTJjbURNMEpUMmVKcTF6dkM4YlJBb0dCQUtMRQpYSDZKMlNDVFh0R0YxVVJMNWJDYWc1SGFvM0tUeTlnRUNYV2xrWW94RWhtVU1tRGtlUW1sVGhRTktJWVBtbXVwCnBQZ3E0Uk1sZUlSWVVwbjFCamVLSXF2WVFOSnp0WFg4MWVndFNUNWJhdUpLM1hqNjdQTnpjeGgwbTU4eEt3bWwKVjVueWd5eHlPM0dPaWZDWFlYMmFmSjdtYUxpTmJnNHJ6a2k1MTQ0eEFvR0JBSXprRDB6blpjbVdMdTkwenpLLwpZdVRLdmExQnNyQWZhaTM5Q0d5MXpwaTlVbDN0M2dDdE92ZFVBYk16ejkxdzdLc1pINkdvZWFROWJWWU9DNlBUCkFJbDMwZmhkWENGSDUvQmg4K1RialJBcjhTeE9INmtST0pSSUVRamt2ZXdWZ29OUndBYXFPK0V3M2pmZVZ0NUkKV2l5d3ArMDFzTkJJWlQrT0h2eVVRbklMCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5ErDMNQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGorfYhYy08EA34Sz0atRhctmkVr8A ---- -apiVersion: v1 -kind: Secret -metadata: - name: ksqldb-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRFdqQ0NBa0lDQVFBd1JURUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhEekFOQmdOVkJBTVRCbXR6Y1d4a1lqQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOVXVDZ0NiNmQ1U1BHTUNGWXZ6cytaUFJma1FZY2xIRFRPOTYrejgKaTUvOEJ0TGVHMlVMQzczaXJZdWtSdi9CZ0R6dmdkZURzdmJsRGMvZStQcUcvTllMejg0M1ZiNlJsc2xESTRRQwo0U0h4TEsrUUlUZ2VMZkg1Q0tDVFQyVDlNWVpzTlMzelpLQW94Wk1ORnlJWTdwNDhsTDdUV2RUK0NOYSs4K09jCmFSZnRHc3NIUU9KZW5pbFhzdC9CTWR4MC92ajhsYk0zNmJJekVXMzRFNHIxdTJwYS81bUpveVVIeTFwVjk0REIKZmc1aVVvSitSYWxCclFrUVp4MkdEekdsbkFHYzZ6R1JrdFA4Ujk5c1hFU2pGL2xrWlRFOEI0aXdtL3o0RmRpdAp3Vlo1WFRlYWY0TFNHZVV4TXU1ZlhyUm9yRUUrR2F5ZVdqaHdnNVlRTTZSdnhLc0NBd0VBQWFDQnp6Q0J6QVlKCktvWklodmNOQVFrT01ZRytNSUc3TUlHNEJnTlZIUkVFZ2JBd2dhMkNCbXR6Y1d4a1lvSVFhM054YkdSaUxtTnYKYm1ac2RXVnVkSUlVYTNOeGJHUmlMbU52Ym1ac2RXVnVkQzV6ZG1PQ0ltdHpjV3hrWWk1amIyNW1iSFZsYm5RdQpjM1pqTG1Oc2RYTjBaWEl1Ykc5allXeUNFaW91YTNOeGJHUmlMbU52Ym1ac2RXVnVkSUlrS2k1cmMzRnNaR0l1ClkyOXVabXgxWlc1MExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDEKYzNSbGNpNXNiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQVR3MVhQR3B3ejVDR2pXZmYraXMyUXMrbwp3eFl5Z2FMN1k2Q3BnTTc2eCtidjZySVFxNE9odWVtK1VRMTJueGdsTW04a2xFczY5dnk2alNja3pNekhweFkvCkljREdDNVZQQTQrNWVoVmpybzgrU2F3dzY4aWdXL3lEellMU2h0N2RmYVRZbHpWUFEwVVlMNGFOSEJ4U0wyVi8KV2dpa0daL2R3RzVqR3B5NmM4UEtTVGpQcWxwOVErQnRwcnVpbnlySWlwYmhYRGtVbnZkaitMM0QyVElDVGZlYgpldm5xQllWRURvWnJTbTlWU1l0RTQrMEM0WndZMFdWT0YwV09Sb2RoeldGdWtOeTJEYTMySFJwSGo3T2U2bmVjCnBVK01UbytpcERmbjF5ZnQ4S1p4SDh3cTI2aGZYZWFNWDZ3VE9RVEVDT3R1SERhd1YxNXd3SEoyeWpjV0VRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EtLiRAAABQEwggT9MA4GCisGAQQBKgIRAQEFAASCBOl9GF22s8Ef9INR47xmKtIlr4BrJ/dZZ3IYnYCI1nKOJRLLt513S1TwKQpT4PSqhzN/1Mx4qevsM0fm6bGWJw9hAqjyUKehRN9mcEoyYC7AMZUcwUp7Xw/B5mLgcuX0jeuPzMimdkLXw1m8mUx1XqcH58a+HI+I5upeQn8HWqsS4BsM/fSiOjAmyDMZ/aSQd9tB/E+0+ToghX8sFzQgH48UyniEYXcxR9rd/ja8KxHapKc24X7twPL9q7EjQI/83xu7ahpbwFSPv1Xk0fpp9YhZP/DUwCh5OCjI24xc8Bk/HgbSPec6hi69QuHAfgKNfOYhVnyCd6PKBQo3OMrPER6y7QL6pQvhaFoxC2faSfxJXLVpIgfOWgaBvRK2IU0df/4ptTJjJjqrJr/iq56W4Cn9NX9FhL5JKOcc6b250J6d6kRR93MKNwZxQoN0AczJKX1DpChfyDzl6znl6MWoFwHBW1kKoCLW0wthv/SNkBcJoctpy3hbxUE+CgythJ9wSofEx2MJt4pvwskgxgRmUUpAVIDPZjio2sdniRrdnGvcvYVVuCB0ed+rsYOFd9odKll1ykMf0NTjXLpTucTd8Oz+X++Up7RuFk/dPEtTnAX9BuRPhm+00twaH2E4egcDpwOATiwgjP1AadKZZv0texjG6opxU94rgVJwaoNB5zw423SCWNcyPyl7YGybI8kJhYJIuupCMPP0Ab6aK/gFTsVRlQrKaKLwigca9AeyhPyM3MPzTT2cIDdF9YLI6EuMw5wbZoJ2hSqTFEY1nP8m0+lbJJBzlxMtUmKOiEpSyb1yXSRB+JR+9dnfhKMRTyTfQ7DpbJW04Fa8oPTUK2FWEuuzw6jln0+1HEUpU/jpdUvobYiqv6xKsoJjzXQTWqzukn4FckX/bYEHoWKuSLDWDZOYdFM7A4VzHZ8Z1+No3aaS4ezqahSRULSz0Xg/Nti6znuFfbVp+9i9Wl9lOPYfnqTAf6kRx38usP+DAFZsK7kqRB30pFusSRkF2HOCZQ4OGgxUJXewyz2PJaBv/q1EnY4/ZOojmSxyRJnyzPz5rtW46bX/ZICqdpJ87IkoLWiEtvz43MY4iQh6QeUgbwwGptc1lN4/xDosoT9ty2WkeRiB3Jaria4xQNNDZh/D82hT62AyStiA6wdO4Bcj2c8dz/2TAfg3pxiGnPJEanAWXmSS87BtZDlAnyADJXH1PF9dL5xa0tFFfIQua46xDfe16GF4kU/ZNRya1kpRpYdbIk9mVncmb+ZO7jH+jAFdhnRKCX8cdwC4/kmSp+w/sOSeT9hg4qmr3pZHUXZRYoOVpM4U4HOsvY1Y3TKu8n01FRZMUNX9DhzmxClB9GGex9d2DeR949jfo7bQXf1eeaWTAQ/Vc/1j3woOaDaXhDd6rdoi/6em9JATed/qSrU58juucruVmMDFu8C9q0kFxfJO3JnfBQrqY4bJcNtdx2WiDhtaDLr0LZe8Gsm1HlDuYf2ev2XEA3iyUb/EqroezIEPAse5gG89Y4c4YVgLOoSXjI1P+ej2uG8FRjA+jAOF0/9wgG90JYeB1aZ4eAKG7cNWU/o0BdZRtIQH2qKogIoEig3/Ukx/xX9zOUUm04+7VdyVtdTKzc6rdDrAxQJVHz3BeZqrdwJK4mdxm2y/SM2YKruNs4pw5DmzKLsu+BYAAAABAARYNTA5AAAFFTCCBREwggL5oAMCAQICEGSSOmeurnqTa3lIjrqZWMMwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDI3MTAxNDQwWhcNMjIwNDIyMTAxNDQwWjBFMQswCQYDVQQGEwJDSDEOMAwGA1UEChMFRHVmcnkxFTATBgNVBAsTDEluc2lnaHRzIFBPQzEPMA0GA1UEAxMGa3NxbGRiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1S4KAJvp3lI8YwIVi/Oz5k9F+RBhyUcNM73r7PyLn/wG0t4bZQsLveKti6RG/8GAPO+B14Oy9uUNz974+ob81gvPzjdVvpGWyUMjhALhIfEsr5AhOB4t8fkIoJNPZP0xhmw1LfNkoCjFkw0XIhjunjyUvtNZ1P4I1r7z45xpF+0aywdA4l6eKVey38Ex3HT++PyVszfpsjMRbfgTivW7alr/mYmjJQfLWlX3gMF+DmJSgn5FqUGtCRBnHYYPMaWcAZzrMZGS0/xH32xcRKMX+WRlMTwHiLCb/PgV2K3BVnldN5p/gtIZ5TEy7l9etGisQT4ZrJ5aOHCDlhAzpG/EqwIDAQABo4H7MIH4MA4GA1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADCBuAYDVR0RBIGwMIGtggZrc3FsZGKCEGtzcWxkYi5jb25mbHVlbnSCFGtzcWxkYi5jb25mbHVlbnQuc3ZjgiJrc3FsZGIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsghIqLmtzcWxkYi5jb25mbHVlbnSCJCoua3NxbGRiLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIIdKi5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWwwDQYJKoZIhvcNAQELBQADggIBACq2FIEHRRMafIdY3Y4bynUKyfjBI+09yyxNubu1Rx0DLG7jEsUcGqpbFE/zDOGQ0SZzwbVGEFhAbyYeGpqZZy4gJ0N36b1lpe8HDL5RBNuEG8CsSiWuQi2dmi7pgLbJu16CPFcuGJEQKMnGH7hPOCuVqcx0/jkTqFpEbJaGsl4HVLRMSIBY4/eV3PkHZh5v3vtZC5m/IkMjaTFiF+YO5ZH/C9dFIZnxwRD+u/UG1oF71lqvuhkmEkcmSWWHwBMS71O4CEMiOGwQ9kaBAMvg61gAS4mGBJjw5UpGValPFr+Zw/RfcV2OI8GWF75O77nsp2kOUcTqBH8PreYzvYfBGVazBCvc+RFnRnrZ41rQTn/Q/bXuNrOmkiu2G1w0pQIL2F4a3CFaRJrB9JB59dzHwQGaGgOMiBkCtkyuVoKh138WMKPbjI12PMAcpX9QQlG5y8k6pTI4vJQC8+vQpKmHgtTaO48A5hC5+Ioifye0oQJow6MwpiZWve7vEKc+JgiqV5V5HD+HBOLiUwmDc2Jgg5KbxJWpmYfxjtaRO1x2lkT9zQDnVFD3JyTr6ZtIltgPLMwfTTFVR3sQFEyMKaWf36goVRV7wI3YGyGGzUPXE2k5FWqL8TiOH/w6p079nh0KeQRDeaPfuv+3OE+0p/Qlvxk69SsNknAEJN1LvIn9RMbyAAAAAgACY2EAAAF5EtLiRAAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGohGNcwaQ8wkWlh4HRH6NNI1nRPM7 - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZFVENDQXZtZ0F3SUJBZ0lRWkpJNlo2NnVlcE5yZVVpT3VwbFl3ekFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjeE1ERTBOREJhRncweU1qQTBNakl4Ck1ERTBOREJhTUVVeEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1ROHdEUVlEVlFRREV3WnJjM0ZzWkdJd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQpBNElCRHdBd2dnRUtBb0lCQVFEVkxnb0FtK25lVWp4akFoV0w4N1BtVDBYNUVHSEpSdzB6dmV2cy9JdWYvQWJTCjNodGxDd3U5NHEyTHBFYi93WUE4NzRIWGc3TDI1UTNQM3ZqNmh2eldDOC9PTjFXK2taYkpReU9FQXVFaDhTeXYKa0NFNEhpM3grUWlnazA5ay9UR0diRFV0ODJTZ0tNV1REUmNpR082ZVBKUyswMW5VL2dqV3Z2UGpuR2tYN1JyTApCMERpWHA0cFY3TGZ3VEhjZFA3NC9KV3pOK215TXhGdCtCT0s5YnRxV3YrWmlhTWxCOHRhVmZlQXdYNE9ZbEtDCmZrV3BRYTBKRUdjZGhnOHhwWndCbk9zeGtaTFQvRWZmYkZ4RW94ZjVaR1V4UEFlSXNKdjgrQlhZcmNGV2VWMDMKbW4rQzBobmxNVEx1WDE2MGFLeEJQaG1zbmxvNGNJT1dFRE9rYjhTckFnTUJBQUdqZ2Zzd2dmZ3dEZ1lEVlIwUApBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CCkFmOEVBakFBTUlHNEJnTlZIUkVFZ2JBd2dhMkNCbXR6Y1d4a1lvSVFhM054YkdSaUxtTnZibVpzZFdWdWRJSVUKYTNOeGJHUmlMbU52Ym1ac2RXVnVkQzV6ZG1PQ0ltdHpjV3hrWWk1amIyNW1iSFZsYm5RdWMzWmpMbU5zZFhOMApaWEl1Ykc5allXeUNFaW91YTNOeGJHUmlMbU52Ym1ac2RXVnVkSUlrS2k1cmMzRnNaR0l1WTI5dVpteDFaVzUwCkxuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDFjM1JsY2k1c2IyTmgKYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUtyWVVnUWRGRXhwOGgxamRqaHZLZFFySitNRWo3VDNMTEUyNQp1N1ZISFFNc2J1TVN4UndhcWxzVVQvTU00WkRSSm5QQnRVWVFXRUJ2Smg0YW1wbG5MaUFuUTNmcHZXV2w3d2NNCnZsRUUyNFFid0t4S0phNUNMWjJhTHVtQXRzbTdYb0k4Vnk0WWtSQW95Y1lmdUU4NEs1V3B6SFQrT1JPb1drUnMKbG9heVhnZFV0RXhJZ0Zqajk1WGMrUWRtSG0vZSsxa0xtYjhpUXlOcE1XSVg1Zzdsa2Y4TDEwVWhtZkhCRVA2Nwo5UWJXZ1h2V1dxKzZHU1lTUnlaSlpZZkFFeEx2VTdnSVF5STRiQkQyUm9FQXkrRHJXQUJMaVlZRW1QRGxTa1pWCnFVOFd2NW5EOUY5eFhZNGp3WllYdms3dnVleW5hUTVSeE9vRWZ3K3Q1ak85aDhFWlZyTUVLOXo1RVdkR2V0bmoKV3RCT2Y5RDl0ZTQyczZhU0s3WWJYRFNsQWd2WVhocmNJVnBFbXNIMGtIbjEzTWZCQVpvYUE0eUlHUUsyVEs1VwpncUhYZnhZd285dU1qWFk4d0J5bGYxQkNVYm5MeVRxbE1qaThsQUx6NjlDa3FZZUMxTm83andEbUVMbjRpaUovCko3U2hBbWpEb3pDbUpsYTk3dThRcHo0bUNLcFhsWGtjUDRjRTR1SlRDWU56WW1DRGtwdkVsYW1aaC9HTzFwRTcKWEhhV1JQM05BT2RVVVBjbkpPdnBtMGlXMkE4c3pCOU5NVlZIZXhBVVRJd3BwWi9mcUNoVkZYdkFqZGdiSVliTgpROWNUYVRrVmFvdnhPSTRmL0RxblR2MmVIUXA1QkVONW85KzYvN2M0VDdTbjlDVy9HVHIxS3cyU2NBUWszVXU4CmlmMUV4dkk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRFZMZ29BbStuZVVqeGoKQWhXTDg3UG1UMFg1RUdISlJ3MHp2ZXZzL0l1Zi9BYlMzaHRsQ3d1OTRxMkxwRWIvd1lBODc0SFhnN0wyNVEzUAozdmo2aHZ6V0M4L09OMVcra1piSlF5T0VBdUVoOFN5dmtDRTRIaTN4K1FpZ2swOWsvVEdHYkRVdDgyU2dLTVdUCkRSY2lHTzZlUEpTKzAxblUvZ2pXdnZQam5Ha1g3UnJMQjBEaVhwNHBWN0xmd1RIY2RQNzQvSld6TitteU14RnQKK0JPSzlidHFXditaaWFNbEI4dGFWZmVBd1g0T1lsS0Nma1dwUWEwSkVHY2RoZzh4cFp3Qm5Pc3hrWkxUL0VmZgpiRnhFb3hmNVpHVXhQQWVJc0p2OCtCWFlyY0ZXZVYwM21uK0MwaG5sTVRMdVgxNjBhS3hCUGhtc25sbzRjSU9XCkVET2tiOFNyQWdNQkFBRUNnZ0VBTFRYOVl4R3Q4THVLR1FsWkhueEoyLzlWL0xOdnVhczY3bzFKMnRIWW5zNXAKZUJFb3lDNG1pRmZwckdManQ5d0c0V1YrS1FIQ1U4QlNSSktxUlIrWndaOXhxKzlxWE9jdGpuT1J0YTZTcG9zcQppZlZNUmtXSVF2Z296ejFPcWtGVVhvaldZbTlyR05oc3hub1JQT2NDdkVabTJXMmpjSnVMcmxlREMvT2hDalNZCmtJMGdSWWl6M3YycGJESTYxTEk0T0VnMjlVQ0ZzV216cU01V1RwTDRQZTVvTExiRDhObGNSdWxvK1N1bGxEVHMKVG5RNVhkaStzc3JJMkV2Rk51ajYweEJSWXVuL0l1MEdEZ3cxb3dzcHdnNnRSUnJpeWJTUEdXeDBLSSs4a0phNwpWclJuQmNPLzBHcVF2MWs1Q3FWb0RCWHN0L1pUZ1dFUWhzdzQ0T0dXK1FLQmdRRFpaUThWSkY4dzdYcDlKNlRJCjVvdTdvYWNYT1NVTkt6dW41VE1GMUJYUDJqa2xsRHlpcCtZKzJ3K1UzL1poMUVXSFA5V1pSVGxnSEJxSEU0YWMKUWNNanJ5RmdkSEFZaCt1U2w1MkNmbkxkc0swUHkvc2QxVWcwcVpmWFV0Qk0vU2VaSzMweWlKZXlNN0d1VlZTZgpVSmVITzBraDk3QkdCQUlpQVFIb2lncVNSd0tCZ1FEN0NWM08wNThsTDVzZHh4TENGdXFYT29Udm1HRy8wRmErCjI3VnV1Z21malNMdnR6QkxMdXVQeFVvdWZpZXZ6S2p6TkEvRCs5Rm5MajdXZnlwa1NCL2g2a2syelE1STNQRmwKbWJFejJ0YmRSQjgxV2VlajFBVlFzSWJwbk9pZEk5ejVrRTg0V0hZOGhHSk5sVVJIdFZSVDFaSmdZYmJIRjNLLwpoUVNUQnByb2ZRS0JnUURKZDBWZUE0SVFOdFNnTGVBaHFyNXVXV1lmT0g4azBCOE4vbk9sZ0NIaXFVcnlqNGtOCitHbUJjTVBrNVJWUkhrWjlDK1Jva1dXVnN4WEdmb3J1UG1lWXAxRllNVEE5RzZGdURnSVRrQm5sWnpsSy9XK3YKK3h0YWFwemtHTVFmeFRBd1c4US8wNlE1cW55TW9sbTA5eHdtWUFQcmJiNjNkRG1CeDhzNzlNbk5Pd0tCZ0RrbQpnTHk5WU5YT2FMbjJ3RVovZ1JpOHNkYjZFZ2JoSDE2RUZtSUc2SG55WDZuRFFyTmJFelcvN0l0NUhQL2d6L1hPClBHaVp3NnFCMUx4d1p1NDluVVNKV2ZHbjdVQ1pURHVkS2NKc1o4NG4zQk1CVE1MM1dkNXMwY29OZHNlUGlwY20KUzJMQWdPcDJHUXNnbUZMYTdUL0l0M0pKekpxMnMrRDJIM3g1WEhyaEFvR0FOS3hrSm8xT0VMWGdlZmRKbVltdwpZNVlEK0x5ZmNMKzdGUlNHbTVqdjdMQ1FYbTZqTjRqTHFDNUc3WTEwZjg0UGE3a3NrSkJsNCt6NHh3Q0NHZlk4CkNFdDNYNFhNMVhGMDRNSDB0U1ZYN21IY3ZLbVgwRW1vVVFTMXVsaXJUYjNTSXVQMjQrdlArYkJKSC9aZzYzN0QKdWRYTTFFN3NFSHAxc2NpUG1ZMTJaY0k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EtLiRAAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGoqypfVz1zt0phuvrz37eH0Xveps6 ---- -apiVersion: v1 -kind: Secret -metadata: - name: registry-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRGFEQ0NBbEFDQVFBd1J6RUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhFVEFQQmdOVkJBTVRDSEpsWjJsemRISjVNSUlCSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5YytJcXFLaXZrWk96a1BIeXBtdTd3ajZndHB1QUE1K2J4UlUKSkJ6WjFlNHFtcUFEbVpIOE1PTzJrSDlUV2FvZTFDWXFBN0xnT01tSTlWR1N0UC9EK0RranlhZFlUUDJuSmk2QwpXUFNtRFlzck1KNHlPbWRZcDdMdHB1NWdhQ1BPN0toV255eTdGbnA1SDY4RzVySnRqQm5HS2lJZ3dTbHNmOUxnCkZIS0psYTlIWGlyeEJBM3g3Wk4vYjl5Z0NLdndMWDU3M2lpNW5QVHdIcldxNDFLT1dGYkFKZG9qWGRiYlBYMUcKZFUzNmdINDdJR3pvaFlRdHBldTh5VXVsV21QNFZRVnR4eVBOaW5TVFYvY0g1NzFONlNZbDRzb3JaUDdXTko3YwpzUi95UWJWZDZUVDhHZ0NzNDk1UTk1SzN0UUxpNlBWZ2xnQ0hFbEVJVWdwU1h4MCtKUUlEQVFBQm9JSGJNSUhZCkJna3Foa2lHOXcwQkNRNHhnY293Z2Njd2djUUdBMVVkRVFTQnZEQ0J1WUlJY21WbmFYTjBjbm1DRW5KbFoybHoKZEhKNUxtTnZibVpzZFdWdWRJSVdjbVZuYVhOMGNua3VZMjl1Wm14MVpXNTBMbk4yWTRJa2NtVm5hWE4wY25rdQpZMjl1Wm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNnaFFxTG5KbFoybHpkSEo1TG1OdmJtWnNkV1Z1CmRJSW1LaTV5WldkcGMzUnllUzVqYjI1bWJIVmxiblF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDSFNvdVkyOXUKWm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJQSE9xZwpZNUhUSDVIamx5SFhxa2I5UEVWUEllVHFOSWdLYkZOdWVQcVpKKzcvUEFkNmUyUS9ERlRHQ3Zmb3BUcWNoYVBtCmo2YzY0V0pqQlAySVM2U1B3MVRnQ0hqVmVmU2UrUzdFUUhaS3ZwS1NucWVFaEhkcGRQdVJ2RDc5aEVqbDFQNFEKQTJyVk1pTzkzdmVWS2JYWVpOUENlNDFsRmVWaHdveFNuQWNHYmdJeXVPOW1KZEZLVjV3czR3eEdKOHhrTE1waAp2bUNkcG9BNllVbjE4aVMrd2o2aTA1enBVbXh5aFhXS3IzMjhOdjBGQUozQUlqaVo2TlJucEpUU2piVkFuNHVDCkRJeGxDa2F4V3NwSXhwUk9HWWFiV0JZblJOTzNFTDdKcGg4R3U5alE1SHF3ZStFYUV6K2gvYWtqZ0w5UHJzNGMKa1AraGV0R1c1VjVXSnVxdgotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5ErpCCgAABQIwggT+MA4GCisGAQQBKgIRAQEFAASCBOrWJqMF9Cux5JN17Z5f866XfWbVPU7Ii1Px81GcL1CBiF/tW/AO7mWHLBSrXNy1+c0husWdd058SGkcFY153mUluN1X+rJ6djc659fyN+gjLG0nf1nrjyf8abG/mvLg4s4cd5Z6i+RHTNlGAa7YiBJghaGdENrjvOdSwc5IoJt4kX5S24msdq/C9Po+ROvyP+lMETpd58yVLBl681FAn+0KvbjDTO1xLcVgn3tYWryt6bCFO1U4AwrzxGyXkQDldAmTQj4EvuBk7sJoErhr7nvwxFDfjA1aynw8hsvLVDYVscrVjRpLFU+Db90A+eVKdU5a/Bb97wb7u3kEdL4wi69LVYOzr+bNJJ7Yb7zb5mjJy12cHg+ZghImIGdCABbpbKrIjpfKKJYoNJFMkGGNLaFeUy+VB7t/gqSrFIu+4BlgBALnFN037ijw7RKEt3SKneqTEPg/41hriV9UjQsdpLMXv3uLPP8uzHXr71U0JuN6neGClaUUViEzpEw1Zwwfbw0+lrObyEKB4INPQgmi7UlL+wNdGrW/wHGpqmgO2AUt9Rxly1r9A736edEM8857VRU3Md9WAANimptiuNfHsjhoLh9i2fqu51AHcQev2MYAYI5G8nFA0EHOJB1uSErn8SoTcRmv819gTNRrkzNTQuBNY5iLmb+z7s+5lqInQjRQNqZ3bwC9Lqa9PYEOrS6H82LVQZoWSBnEkHnXyjWWuQEdEIUCTSv3XbcQ7VkNFMYl88jFiZApI1rZNzO5GlmX0BM8eDJHhF6SdG2EoxntwpIvFi7SR66nWGxpt1MtxH2t+A1v0rX0LRhLbvt3OzFTCZY/EW0HMHD7wzesmzNXgLDHi5fzX+dHLrGNg5C1q1zQy7phdI1omW5HSxAxuqWyypqAql2y/DBLwFozEm/ftzr+ERKd9qF92Z8YggKRUsRu8qqMHBkp80Yzzx2jakg+0Cy+f+We7c23jxyVR4CvinBHepatm3Y1mjLzx2UM+FgLxzavqV0BvZiOrlyKru3TO7O3a7dOlHyci1+R86y16yeukn88V4ayAhwqrbLqa2oOhgHGvobUt8wngU7VCNQg0kNn7QuTfyyFOTOxuCswRLyNjp0uPTmbgEYKnckXZ2bo7G0A6U1HwE/h9wnOiOKcVeMA2tevUFayqlyC15caMv666z4+4EkfnzN/ANWDGYAheOXqfDynUgLACTgvDlUPIAl2g7bSA9dGoCvJAqyxAJ8FSd27QhqCxiWuV/LEPDiOI1R9Qos6AMtzCFK7XIOqeUCEpXdvxHgB1VjsPxgk0nd8FemizX0LXFLyBatEh53CyMRJGovdHztwKr12/6T3ClYh7DbjGLw8WnqqGN6m4LBmWJ92haDUnVpDb9WeeGHopZxk8iVXofdVcXEiVRaJWOYV/h/oTjDrXX39/UZZ6MlrirGe3lkxbgtqMa3atlTL2wg+r3C9rDLsS5sq247xU3y6Sv+XtTbJ91WVBPJVbcMioImJ68zBDC6AJehY40ytl3fOiuqzE0lbbsmnuX6yD+Yjwvlp1Vpf/0pv4b3zSEohU2kBlA8LW3HwFscNdbs5BKaOABxRbJ7NX3PNl416XG/rtBHevMuRm2+wWaNY5RrU+vP2SO/OYKS2cKUOEfhfgfgPmkoNDSHG9HnAUnD4mg/ze5MzWkw3DJTNAAAAAQAEWDUwOQAABSUwggUhMIIDCaADAgECAhBwLrRcWC1rU7wsX52RZHicMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQyNzA5NDc0N1oXDTIyMDQyMjA5NDc0N1owRzELMAkGA1UEBhMCQ0gxDjAMBgNVBAoTBUR1ZnJ5MRUwEwYDVQQLEwxJbnNpZ2h0cyBQT0MxETAPBgNVBAMTCHJlZ2lzdHJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyc+IqqKivkZOzkPHypmu7wj6gtpuAA5+bxRUJBzZ1e4qmqADmZH8MOO2kH9TWaoe1CYqA7LgOMmI9VGStP/D+DkjyadYTP2nJi6CWPSmDYsrMJ4yOmdYp7Ltpu5gaCPO7KhWnyy7Fnp5H68G5rJtjBnGKiIgwSlsf9LgFHKJla9HXirxBA3x7ZN/b9ygCKvwLX573ii5nPTwHrWq41KOWFbAJdojXdbbPX1GdU36gH47IGzohYQtpeu8yUulWmP4VQVtxyPNinSTV/cH571N6SYl4sorZP7WNJ7csR/yQbVd6TT8GgCs495Q95K3tQLi6PVglgCHElEIUgpSXx0+JQIDAQABo4IBCDCCAQQwDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMIHEBgNVHREEgbwwgbmCCHJlZ2lzdHJ5ghJyZWdpc3RyeS5jb25mbHVlbnSCFnJlZ2lzdHJ5LmNvbmZsdWVudC5zdmOCJHJlZ2lzdHJ5LmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIIUKi5yZWdpc3RyeS5jb25mbHVlbnSCJioucmVnaXN0cnkuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2Fsgh0qLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAJADP27b6KzRx4mHtqp14fJMMe66xZZGrUc3uOEGnG9f7uxsr+mN/8kPUqwIUkXYCSBoql2l4kcqSJPDyOAn9g5N87i/6JyYXogCypQhMkGjUZh3Oej6nJ9/lsKwnke3t8qimRBm6wQrMwLQIH8AZQGnTzIhbNj4xRVNEeFVTEIDYum/DZY6NA/sRFzyDbs8rHvOdbJxoVHGvuK/nu/7AGjnGneqN1iRYv8rxvBcly8jxMtYD0wu41VijyD0cA8fnFOeiyTIOjQ0QuCPq7tE2hKi53U/GE1/mSgk2FX6QlqIuVFnAwFlNxxOamm2Sqd+S0vpFj8KJ2YMDHBLHepq3P0va8l+STeKVbghBZD0w7xv2ypq4oViRZUYV8nXm5uUf+3xZe5nVbhmUdOrFDTi8dE0ywZNoNyY7fiwcA/8b8sJZ8NyHuocIWsY1OD6PkDKjWPQsmZ061abiCVzyzZfscRdP29jRO4EZy9XBeSLC3cUP9tIpMmVy9St94tQTuYzQtPVpGStJ5QO9mUKUHzAM8ZZ/F8gDE1yHxql004YGSGqe1TuX/5oX0U+9k9ReCLhT0R13uvdOmCqOeYfqcr7RPtYocPRfauogKkj3U3kKlGS9zMBIkr7gh4SuraerNUzpAaYQ4LgQx188ZvTkpK07ufxcWE4hZignCUKJjW765hMAAAACAAJjYQAAAXkSukIKAARYNTA5AAAFDDCCBQgwggLwAgkAwCk1qRAIiMUwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDE5MjExNTUyWhcNMjQwMjA3MjExNTUyWjBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALrJQmV40plWUHCZwtWRl0mRqY8RifLa6YrhemNh4GlpLT7D97hNxlc477QCZ8+9HKW+KTmRCt7t1vjbkC8Pl5Q4uVx8g7knCyMhr9SdWJnkkVQEOIwl4QYqjUKsvtWGgCaZdiJ7CtRcJVoguGaB8H8gbFeuTx/L4gNh3KzwWoS0rHAYGCeJDKQRY13OnhMmVhTunmDf9xm/Cpk91YYAXQ8X65V66ScA4wLlllmmdYMbDW3uHdgTF0XIwBsE8zm7QahAq6myjbcylSzZAqOVTtknSFpovcfaA/nqabjzrzKK5zXd9m/ClsTy7nD9WXIYa3MBjlkmBJITayw4aV/rSlBTOHehBnRL+MgOICMeCTeDLwWuqJzOR1Jlxpr69DpAZ27Iv2ZO+3P45g5C+d5/4xtVeQUd5C57dOIeMYcoiuiEzZjUeRzUnZc4Sk/6nZ3qiGKAFSELxwv8FANwfgd7rq4ba/WunC2L8mvVgQDSYEAy3Elw2uswZb2j8+17UTmjCpGOFOhQp9K+2tdq9eeAmFsI8ZGDeK+3m8cPcIFWtBpERbDBlRGf7wogeKtyx77QLuJkWAW9bKzGdeX1E59A0J+US+uRcE6bdQUX4lB4V7jVkQ83asqEXIoT9uWE1j3MluAGRhbLUwmR6Cv7EkuvvxO81Zb7d2Sq6cl4TTSN0Bt7AgMBAAEwDQYJKoZIhvcNAQELBQADggIBAHjqFcAFwJKPlw3UXj6LrzXR0RhTRKuux/9BfcggprOXe4jFtV+XWt+7pGHt0wljGBT+idhxgXWy/CGaZ66OLNiDx9hM9FYGmPeTeogZGRHQpT7IRinK5RJIHggOYAPiCtvKZfTlybX9lOAxi9CwBg7p/O/sDy7g0VZKeEnRM1WBkccuWNCIrqGIqc6Y9QCexPYN7pcBpFp7djaf+6WjcAJhA94PyByHcsN38lWxyYD47BbEZ7iyYIcCrPeVj/dn2oCWJ7qI+kU6OG6Os+s9cGL0M8s8U9ZqYE4ZtBcqkjnsrifn/rXLSW53OmnzLXpaAyiQXwDzQze3LkPGoGo+0XKpCip3TjzqsWfxuk8qkdTA0IOZgZW1le3o6AQEMIZ6Oq/HzUXo1VZpBGexfgSxklidsTxsBnBB7qA77QI0qFZaxC0kVYzilDBcIk/YO1gK5XZF1mGcO5834n76NyoS42JjlmSoc5OPvDZ8mrJSOYwk3r9MARASeV8I/JnvP8StzLv1UI8yBjuWx03E31zgmXHUE0COuXwPMg4nVu2T9g5+MjJOJqyIxsbt6o/XWsSob7wgDoW8ck2Xwm3ItW1hFOaHIU7u3LAV+DJWJYWKc4rbH8p3chWi/Vo1/LqeMvdD8Tjt0gpbdJZbX8vzVxwmWY+enJiqehXLXJT6IqbUyEainAPfsldpFZUDJvjAsK9p1TsHj8g= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZJVENDQXdtZ0F3SUJBZ0lRY0M2MFhGZ3RhMU84TEYrZGtXUjRuREFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjd09UUTNORGRhRncweU1qQTBNakl3Ck9UUTNORGRhTUVjeEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1SRXdEd1lEVlFRREV3aHlaV2RwYzNSeWVUQ0NBU0l3RFFZSktvWklodmNOQVFFQgpCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNblBpS3Fpb3I1R1RzNUR4OHFacnU4SStvTGFiZ0FPZm04VVZDUWMyZFh1CktwcWdBNW1SL0REanRwQi9VMW1xSHRRbUtnT3k0RGpKaVBWUmtyVC93L2c1SThtbldFejlweVl1Z2xqMHBnMkwKS3pDZU1qcG5XS2V5N2FidVlHZ2p6dXlvVnA4c3V4WjZlUit2QnVheWJZd1p4aW9pSU1FcGJIL1M0QlJ5aVpXdgpSMTRxOFFRTjhlMlRmMi9jb0FpcjhDMStlOTRvdVp6MDhCNjFxdU5TamxoV3dDWGFJMTNXMnoxOVJuVk4rb0IrCk95QnM2SVdFTGFYcnZNbExwVnBqK0ZVRmJjY2p6WXAwazFmM0IrZTlUZWttSmVMS0syVCsxalNlM0xFZjhrRzEKWGVrMC9Cb0FyT1BlVVBlU3Q3VUM0dWoxWUpZQWh4SlJDRklLVWw4ZFBpVUNBd0VBQWFPQ0FRZ3dnZ0VFTUE0RwpBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEClZSMFRBUUgvQkFJd0FEQ0J4QVlEVlIwUkJJRzhNSUc1Z2doeVpXZHBjM1J5ZVlJU2NtVm5hWE4wY25rdVkyOXUKWm14MVpXNTBnaFp5WldkcGMzUnllUzVqYjI1bWJIVmxiblF1YzNaamdpUnlaV2RwYzNSeWVTNWpiMjVtYkhWbApiblF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDRkNvdWNtVm5hWE4wY25rdVkyOXVabXgxWlc1MGdpWXFMbkpsCloybHpkSEo1TG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJZEtpNWpiMjVtYkhWbGJuUXUKYzNaakxtTnNkWE4wWlhJdWJHOWpZV3d3RFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUNRQXo5dTIraXMwY2VKaAo3YXFkZUh5VERIdXVzV1dScTFITjdqaEJweHZYKzdzYksvcGpmL0pEMUtzQ0ZKRjJBa2dhS3BkcGVKSEtraVR3CjhqZ0ovWU9UZk80ditpY21GNklBc3FVSVRKQm8xR1lkem5vK3B5ZmY1YkNzSjVIdDdmS29wa1FadXNFS3pNQzAKQ0IvQUdVQnAwOHlJV3pZK01VVlRSSGhWVXhDQTJMcHZ3MldPalFQN0VSYzhnMjdQS3g3em5XeWNhRlJ4cjdpdgo1N3Yrd0JvNXhwM3FqZFlrV0wvSzhid1hKY3ZJOFRMV0E5TUx1TlZZbzhnOUhBUEg1eFRub3NreURvME5FTGdqCjZ1N1JOb1NvdWQxUHhoTmY1a29KTmhWK2tKYWlMbFJad01CWlRjY1RtcHB0a3FuZmt0TDZSWS9DaWRtREF4d1MKeDNxYXR6OUwydkpma2szaWxXNElRV1E5TU84YjlzcWF1S0ZZa1dWR0ZmSjE1dWJsSC90OFdYdVoxVzRabEhUcQp4UTA0dkhSTk1zR1RhRGNtTzM0c0hBUC9HL0xDV2ZEY2g3cUhDRnJHTlRnK2o1QXlvMWowTEptZE90V200Z2xjCjhzMlg3SEVYVDl2WTBUdUJHY3ZWd1hraXd0M0ZEL2JTS1RKbGN2VXJmZUxVRTdtTTBMVDFhUmtyU2VVRHZabEMKbEI4d0RQR1dmeGZJQXhOY2g4YXBkTk9HQmtocW50VTdsLythRjlGUHZaUFVYZ2k0VTlFZGQ3cjNUcGdxam5tSAo2bksrMFQ3V0tIRDBYMnJxSUNwSTkxTjVDcFJrdmN6QVNKSys0SWVFcnEybnF6Vk02UUdtRU9DNEVNZGZQR2IwCjVLU3RPN244WEZoT0lXWW9Kd2xDaVkxdSt1WVQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRREp6NGlxb3FLK1JrN08KUThmS21hN3ZDUHFDMm00QURuNXZGRlFrSE5uVjdpcWFvQU9aa2Z3dzQ3YVFmMU5acWg3VUppb0RzdUE0eVlqMQpVWkswLzhQNE9TUEpwMWhNL2FjbUxvSlk5S1lOaXlzd25qSTZaMWluc3UybTdtQm9JODdzcUZhZkxMc1dlbmtmCnJ3Ym1zbTJNR2NZcUlpREJLV3gvMHVBVWNvbVZyMGRlS3ZFRURmSHRrMzl2M0tBSXEvQXRmbnZlS0xtYzlQQWUKdGFyalVvNVlWc0FsMmlOZDF0czlmVVoxVGZxQWZqc2diT2lGaEMybDY3ekpTNlZhWS9oVkJXM0hJODJLZEpOWAo5d2ZudlUzcEppWGl5aXRrL3RZMG50eXhIL0pCdFYzcE5Qd2FBS3pqM2xEM2tyZTFBdUxvOVdDV0FJY1NVUWhTCkNsSmZIVDRsQWdNQkFBRUNnZ0VCQUx5aVdmSjFObjE0Sm0weWVldHNIMUdiS04xcTRtcjNJVU1lMDA4MkVIK2cKc1AzN0Y2SlNERkorWnNWRjNsanZaUVdUN3EycVkxOXhNYTFzWkI3Kyt1Um9OSVZuQUdobXAvaE9mTlE5U1lGYgpWakdKalJWK1NDWG9YNjhySGIzNXlvNzNBcENpTlBYYjRKKzI4Rkp1OFdxRkpPOTVHdml5aVpJcFAvNmMyUEdwClRMVUx2OWdTOFNwd0I2aUtkQ0lZUnNBdHI1TUhRNjFDcGM4MUxsMGYrUzRlVmw0QXlMbUI3eC9oMVBoWTNScTgKU2E0N0w0VEpEclJCbmdZMzh5YjE0VHFvdWZERkpaK3lDMjJlOWx1VXArMWxMVjE2MXR2YWNxdElZV0dlTzNZNgpFNm9uZmZUcTFRdXZvbzhzdklEcFdmSzQ4TjNtYm5xN09lMk1BNzdoajRFQ2dZRUExQ29icFptSTdwczV5cVl5Ck1LL2JtSXhBUU5yQnVjVWtzSXExcE5PV2JCa28yVFZ6dG1PTWcrSTMxUlJEZXZ3WlZBa1ZoZmpXV1ZWR3NDbnMKWjI4eG1Pd2I3TXNYSi9ycFJyOHZyQWdpQURvbHNjK2dwbnRYVGpaZy9OWk5rOEVRbGFEMTJHb0lqZEdXc05pcAptWEJOU05TcTU4d2c1d1o1N2l3eDVqNGN6UEVDZ1lFQTg0SEp3R1dOTlFOY2grVGhGZkFwRTU0L3d0Wnd6eEFoCkFoUnprM3FtYzV6SW1abW5yc0V4aWtaWTBsMlpJWmxWYmgwdUZyTXcwY3N5dFoyUkdidVZzeEJPNUxMZXFLcVoKeFU1RjZLbkxBM1NHSVNzT254WmRZRVNydzR2QmZWbXVJSTBTR09Edm5Pem1TVDVNVnFkUGRsK0krOVRpVXNFTgpvc3lsNkxYODFIVUNnWUJDVzlFOTRHRzF6NU1wMFFXTnVOTkVTVW1uZjBSc2FEN3JnTmNEY0xKeHFRVGZ1eG93CkI3N2hXUllCYlU4VjNsZkZzdm1xWjRRVGVOcWRLdCtvRWwwKzZVcHFxN0xZYkdBZUlwbzBnbTZ3QjMvV3Q0d1YKeGlvdWFrKzNoUWZLbU80by9xa21RVFBmdDVnY1JBZjMxK28wUjJBVkZBR09nTFlPU29CbzlUQm80UUtCZ0NlZQplMXZ4YWVzeE05SHNmRzdjVjJLWXdka0ttT29udnFjZStyc0pIcUg2NVd5UVlvYjlhZmtNZnhFakozSWZCNVpWCjZ4VEliTzRGZUtleURsUzRmNS9WekhCTFpnemRUUTJjTWFXc1VwcXFUOVIvcys1UWJqcm1rV2ZNaWx2QnhxSUgKTWVXWVc0UVZ5MVlwYTdSQm5wMHM2QlhKU2xXYWtZUm1kYXdLU0N1dEFvR0JBTXM0SkFUTlNOTFJhU3JmaENwRgpIRVZxNGNUL2dBUWNiNTRHaG10STBxa1Rzek1NL1UwTElRaWZBWk9ZM3djM2VYUUc4YkRGUmR4VXpPL2RyM3A3CnhqNVlQZWpGSUxlRG9wekx2Y0o5RldBQlVBMXVXUFk0eVE2elZVNVNZVkd1eVh5OWJNcGNIeUdHNysyRHhlaWcKVEh3L2prblRGZkRybUNydjNJc0hrZmoxCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5ErpCCgAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGop0nmg8QgU4VXD1zTfkq5kZ392GD ---- -apiVersion: v1 -kind: Secret -metadata: - name: rest-sslcerts -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2lEQ0NBWEFDQVFBd1F6RUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9NQlVSMVpuSjVNUlV3RXdZRApWUVFMREF4SmJuTnBaMmgwY3lCUVQwTXhEVEFMQmdOVkJBTU1CSEpsYzNRd2dnRWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDdWpiK1drYjlNTGxtQnpRbTVTZ1hBeTVrNmRPNjM5bHlZSUl3K1c1TUgKTEZUQ2diN3lSQUhOY2N3a0RsaG9oVFJpY0tYc0Q3cHBzNEJtK2hsNlVta0FuZDR4NzJ6OC82dXNkMENnT1hlTwowZG04SmFxdWQrVW11cnk3Y0U1VEtTaElGL2tacmEzMFlEemRVSjhFNTFPR29NYk9lZlZRMlMwQlVTeHRRTmFLCm1aYnRoNWRQbUJEckcwamFycDhDZDRZY1BpdHRjSTNiNFdXRXZ1WHpCa2hmN21TRUpSdnBRUkI3YTgvdldMTVoKL0FoblpFRnh0UDEvSHZpckJYa0ZUNXd6MEhuY3NXcGtwd2JWbDJhYVRST0JzMTJUUGJJOXRpMnU2MnJGRHJlYgppRkZERlVVWFVjRitrYXAwRUtSYVNHRHZpai9CZkdkVHZUMFd0N1lGekE5cEFnTUJBQUdnQURBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFrOHRIQXpXY3ZTaFFJRGN3b3pzSHNpYThkNlZnNlJrbG5hbEt0SFgzY0FqRitvOWkKMnU5aWczbVFDRGVGUEpmdDlmSnlLM1gwUDUzSU9TM3VWWDRnRmpkTnU2aVNRY3ZKOXVnbWZ6cUZybWNheEg1ZgozVlZQZm9WdUpEaVpxc0FlZTJJNWhhMzEwMUNsTWdiU3A2YmZBSVNMQ0xoUiswaHVaNnYzQ0FFN2dsUHNZMnhFCjFOSE9ka1dDYm5NcU5Ib3ZWOCt6WlhEYUt3RXQxanVUeW0zMEp2VjluL1hTWGVMQVF4ZkpyMTBkWEkvc00rbzQKTWJNOW5WZzh4cVkwdit0b3NwbEwvbjdNWkNENTRIaXpsbW1KbHpRZDVSUElGaGc4UWZVd0ZHejZydzJKSWE4dQpYeGcwVURDaS8ybHlMUkR0S0QzMUVqWWhud0EzQVMyM0JMbkJ4dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo= - jksPassword.txt: amtzUGFzc3dvcmQ9Y2hhbmdlaXQKCg== - keystore.jks: /u3+7QAAAAIAAAABAAAAAQAEcmVzdAAAAXj0oI9WAAAFATCCBP0wDgYKKwYBBAEqAhEBAQUABIIE6XptDRk9DByyOU1E+J4F19K6tGx3lmtyQYXswcmvhuig4zbLvi7baWqFV9pZrCP1O2vcfsfkByXTezKCLPoJUsT6dmpGzjscwZ90kSkjWytZkvz9xLlEGAwE7DurmXgOXu+ucXtXRvdYMSb9kJsk7zsH37fFoyHxPSAMG2DdHw3yV4ysaGCTHzx56VoaQWz3Ett+Q28hltmfamyzyyGFS4osSQi9Ll/ZW/LJJXOjR5kGG8JTZevBKdEACusMG2RELbg4STBMef2LEwF0TDvCiAK+k6J5pixVP0x0+/JmA4cA/P8Vxc2nu8DapAKuWbQdzpZ3We+O5TRPhdyuFFTtJFicWQnvX3J4/82POM6rDlDI0MtgOL7mmj9mij/2OG7Fqan9eFpFuS4RUfBcTnsOhKku3wDsaAqrwlMm9n8cHk6GBkmYKj1FILYJ9HjS+m60wFdWHA1QTCSWYCCZet8m+K8eyZgI1ZxTFeogL4rgiev8aMw2ZxFphxWCjI2KZ7FsGqPnrVmWAyzjY8gOSfABpDewYTwTmieEvipPojkAEyVNyZXaNEr+bBBzHxduLY9nAL8v+LtZBKUCXpr7eZ9zY2yEBjIb2iBAOHt/+bG/kGZkpgPmJCrgPyRi1ESP+x4+nNr0fQdfgfYDL0qDYlT6971Tln3pvQwUrl3t5QQjBSKlDMa/KNl/uJEM123UodEsT27Rpl6+mLEFGbhcKGkuLfkdxMlytB+jGSdtN/CMF4o6IawvJfIuUavb4YHq/lVDdiEP7Bxi0fuTC/vE7+FR5wlnvF2ZQCk/WowGwTzw/LvBgTk3lO52mhp+lZiz3r1+dZAVwnbUNkcQjBBQqbHF3pk91SL7FXaUZTauNJZxZn+eeNMjR+VtwOpNSnKHeTabGbJczgCVOKU16hO0WqYfshg2GaxqKohOiz9XYkEkGpNQPrG9eqSlwjVOdT8CB7TE3HO5cj7Hd7XeWrY+IxiJ7J6Y1ZKmg78Ru8H0IiOAkuxKWRQamORgckWmj7T5ZJkum4pbcfhsPYrXS2qv9DcfaWmlGB6jbyo8ezLCp+wz2cbwQyXwmS3zmbcS/MftsNej72tdNLtwJHhyCEIyXgAG73AvTxu7qDPf7vKBik94ETVG9mzecJM382GcavV8JvYHGIjZEqunJxQv/MUApL3//ObYzVfYlb206YcjQnTTOFYYEvk05jaCOydOtQdCaWMOBq6jZER3VirFS22digpCpcq80eT25el7yj0b7Leigk/t7oM3hcSQP2K9FYXik6Jr80tkA3K9Zrqd5XqY417OeADFfP9itgq47tvu509/lJi8irloo6IZSkkCrrlOiKU2GJdfFXYQvh/kVkd3vFKpnYllKAjX3CQ9R0Afr200Vc/fnBAhdwe6RXePBGK2rvE5faiiVowm2aUj5cMsdLtM9RiGm05EcM5eIC6kdOJdhq1KCzRZLERCtH5zIM0ttRlE5f5SHNmk74GCui7HjyNhe+r2pa4dkev4/SuOU8gJ+8w6NJsNY01h5uvKjp8IhVU+9UMHZftsXy2aRBPtKBDb1cz1A8ouwpyuJeyy47GOmn7EIQ4OGnpBkrcp+ewLMIkCT+GF1RxUbTmiRMUTkOiY21VXGS/Azh4aRbMdAbXH7AAh3pwnO26cbfAzDYmihBWCxRuZoOibtt4WUAAAAAMABVguNTA5AAAD9DCCA/AwggLYoAMCAQICCQDoW62bU8ygFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEPMA0GA1UEAwwGU1NMIENBMB4XDTIxMDQyMTEzMzEwNVoXDTIyMDQyMTEzMzEwNVowQzELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxDTALBgNVBAMMBHJlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCujb+Wkb9MLlmBzQm5SgXAy5k6dO639lyYIIw+W5MHLFTCgb7yRAHNccwkDlhohTRicKXsD7pps4Bm+hl6UmkAnd4x72z8/6usd0CgOXeO0dm8Jaqud+Umury7cE5TKShIF/kZra30YDzdUJ8E51OGoMbOefVQ2S0BUSxtQNaKmZbth5dPmBDrG0jarp8Cd4YcPittcI3b4WWEvuXzBkhf7mSEJRvpQRB7a8/vWLMZ/AhnZEFxtP1/HvirBXkFT5wz0HncsWpkpwbVl2aaTROBs12TPbI9ti2u62rFDrebiFFDFUUXUcF+kap0EKRaSGDvij/BfGdTvT0Wt7YFzA9pAgMBAAGjgeQwgeEwgacGA1UdEQSBnzCBnIIEcmVzdIIOcmVzdC5jb25mbHVlbnSCEnJlc3QuY29uZmx1ZW50LnN2Y4IgcmVzdC5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCECoucmVzdC5jb25mbHVlbnSCIioucmVzdC5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCGCoucmVzdC5zdmMuY2x1c3Rlci5sb2NhbDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAHGKR7zEIgFLos6RAIXfwO+EYne3Q8pHB890YSchc+yW0rgDONPPGcl/k6XmsL9+Zs6AIIcO5VVBkFqusrS/h1Zt5yvY+r3elrXa5/xNa3SFLVDRqVDzowpibS7RkCc3bkdYtrOZ7kKYMmV2degBd4sih3lTLd7Qb4y5jKwFkOyvcKiWJ0dVUhRNeCL4DZcR/POA6JtrG7a6TYcz/TNUyudLfO+RFKXuC5GsmeQxVW6qLCcD7QLUBuRQshJW6nLDswnYUgNFM/84Iy8wcAC4/W4guRqj0vnIl8WC3VrFdGSbHLwfvlJqe73l77Q6e4nzxoD73UwZPMycno4KAF2MZBUABVguNTA5AAAELzCCBCswggIToAMCAQICCQCU4on800qmnDANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yMjA0MTkyMTE1NTJaMEUxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMQ8wDQYDVQQDDAZTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWuUSwQ2cXcKxH165cnuaVq07De/UGa2vFbjdkhR5A6TOU074uOqfZTiLPHhKSZ4YYH1+L4K9Q+lbat3gqhvpnUtP+n307YR1eoTyKdd6EYb8vEue4TG6DSPzgatMxsiliqpee5Q0IJQU2ng6Bb7UUR8ooudtYc7nJVi1GvxmuFejF44g/0db7hUSUvmNyDuxaipGtVj9yZqJf5Kc7JCHqih80/7WcWxIalzYMdqvVti5BVvs2bbLIqS/DSRoFy+jO/m6y0YaXi/0bWbjd6pm6noE7t0tTY2jXxmGDMyuOa9acTFWu/hS5TOTnA27p3xAWga+/w30TKvHM7l6jyaSxAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgKEMA0GCSqGSIb3DQEBCwUAA4ICAQAcfOCVH7IEzAauOklzSeDYqIYkvNKFbWtBhUqm3P5jsZoa6+RMkCe6imbNR7wYlzzF+lXuLWkCIQI10WC/dc7RjKDB3Ra6p0fsARa26C+5OaD/prPraOBnZpIP27iXeCOORETZCuePTIodzximX/mxfDp8jE3utuW1qXmxjc6gLChX/IUbHfgWiJz4fU9crSaynqzBBZCaMMpZPEgJXy00kX6tsWKIlVbVULW9KYw1AD+8lNxUzWuceIngm/XYyOM+vmZMDZ0pv+Th9YbtwRlVCAzRyBM5muC2uxg9//VsFs19mqhPr6AISj4IKoxBOCaVUn6L8STM6XhNeO9boW6NPXuaWyCeRaLKOyeMfpBdPfo+CujVacPSQ2YNKMU/a4QE3j/BSuG/P1dlFprbb8ZzGBOvfxqv01zgETfvqS9RgNkqa1D4KRKkOZLYGsuU6jdpq/UB9PXWZETAKu2QA1ckWtNLz9FMPrviGYj1HsazaCYcx7FhEzFejoIsmlarmtpZQH9taLf2cn/ZJrDDncdJBOvyZsmtefS/+k/hKLrgUKEm6QdwVR0BbFc/5GatihCwi3hgoEj0r4F0PYnbp96MLlhKO3kdO02lrXnPzgEG+j6S7dNhTreBBybtMpLl0BAdCnzeOXqQMoeGKQZXoLwn7xReGmzJYcECVzGNqezAcgAFWC41MDkAAAUMMIIFCDCCAvACCQDAKTWpEAiIxTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yNDAyMDcyMTE1NTJaMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuslCZXjSmVZQcJnC1ZGXSZGpjxGJ8trpiuF6Y2HgaWktPsP3uE3GVzjvtAJnz70cpb4pOZEK3u3W+NuQLw+XlDi5XHyDuScLIyGv1J1YmeSRVAQ4jCXhBiqNQqy+1YaAJpl2InsK1FwlWiC4ZoHwfyBsV65PH8viA2HcrPBahLSscBgYJ4kMpBFjXc6eEyZWFO6eYN/3Gb8KmT3VhgBdDxfrlXrpJwDjAuWWWaZ1gxsNbe4d2BMXRcjAGwTzObtBqECrqbKNtzKVLNkCo5VO2SdIWmi9x9oD+eppuPOvMornNd32b8KWxPLucP1ZchhrcwGOWSYEkhNrLDhpX+tKUFM4d6EGdEv4yA4gIx4JN4MvBa6onM5HUmXGmvr0OkBnbsi/Zk77c/jmDkL53n/jG1V5BR3kLnt04h4xhyiK6ITNmNR5HNSdlzhKT/qdneqIYoAVIQvHC/wUA3B+B3uurhtr9a6cLYvya9WBANJgQDLcSXDa6zBlvaPz7XtROaMKkY4U6FCn0r7a12r154CYWwjxkYN4r7ebxw9wgVa0GkRFsMGVEZ/vCiB4q3LHvtAu4mRYBb1srMZ15fUTn0DQn5RL65FwTpt1BRfiUHhXuNWRDzdqyoRcihP25YTWPcyW4AZGFstTCZHoK/sSS6+/E7zVlvt3ZKrpyXhNNI3QG3sCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAeOoVwAXAko+XDdRePouvNdHRGFNEq67H/0F9yCCms5d7iMW1X5da37ukYe3TCWMYFP6J2HGBdbL8IZpnro4s2IPH2Ez0VgaY95N6iBkZEdClPshGKcrlEkgeCA5gA+IK28pl9OXJtf2U4DGL0LAGDun87+wPLuDRVkp4SdEzVYGRxy5Y0IiuoYipzpj1AJ7E9g3ulwGkWnt2Np/7paNwAmED3g/IHIdyw3fyVbHJgPjsFsRnuLJghwKs95WP92fagJYnuoj6RTo4bo6z6z1wYvQzyzxT1mpgThm0FyqSOeyuJ+f+tctJbnc6afMteloDKJBfAPNDN7cuQ8agaj7RcqkKKndOPOqxZ/G6TyqR1MDQg5mBlbWV7ejoBAQwhno6r8fNRejVVmkEZ7F+BLGSWJ2xPGwGcEHuoDvtAjSoVlrELSRVjOKUMFwiT9g7WArldkXWYZw7nzfifvo3KhLjYmOWZKhzk4+8NnyaslI5jCTev0wBEBJ5Xwj8me8/xK3Mu/VQjzIGO5bHTcTfXOCZcdQTQI65fA8yDidW7ZP2Dn4yMk4mrIjGxu3qj9daxKhvvCAOhbxyTZfCbci1bWEU5ochTu7csBX4MlYlhYpzitsfyndyFaL9WjX8up4y90PxOO3SClt0lltfy/NXHCZZj56cmKp6FctclPoiptTIRqJD+Ym0Ks9Ms0nrQbI6SbeWkhpv4w== - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ4RENDQXRpZ0F3SUJBZ0lKQU9oYnJadFR6S0FYTUEwR0NTcUdTSWIzRFFFQkN3VUFNRVV4Q3pBSkJnTlYKQkFZVEFrTklNUTR3REFZRFZRUUtEQVZFZFdaeWVURVZNQk1HQTFVRUN3d01TVzV6YVdkb2RITWdVRTlETVE4dwpEUVlEVlFRRERBWlRVMHdnUTBFd0hoY05NakV3TkRJeE1UTXpNVEExV2hjTk1qSXdOREl4TVRNek1UQTFXakJECk1Rc3dDUVlEVlFRR0V3SkRTREVPTUF3R0ExVUVDZ3dGUkhWbWNua3hGVEFUQmdOVkJBc01ERWx1YzJsbmFIUnoKSUZCUFF6RU5NQXNHQTFVRUF3d0VjbVZ6ZERDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQwpnZ0VCQUs2TnY1YVJ2MHd1V1lITkNibEtCY0RMbVRwMDdyZjJYSmdnakQ1Ymt3Y3NWTUtCdnZKRUFjMXh6Q1FPCldHaUZOR0p3cGV3UHVtbXpnR2I2R1hwU2FRQ2Qzakh2YlB6L3E2eDNRS0E1ZDQ3UjJid2xxcTUzNVNhNnZMdHcKVGxNcEtFZ1grUm10cmZSZ1BOMVFud1RuVTRhZ3hzNTU5VkRaTFFGUkxHMUExb3FabHUySGwwK1lFT3NiU05xdQpud0ozaGh3K0syMXdqZHZoWllTKzVmTUdTRi91WklRbEcrbEJFSHRyeis5WXN4bjhDR2RrUVhHMC9YOGUrS3NGCmVRVlBuRFBRZWR5eGFtU25CdFdYWnBwTkU0R3pYWk05c2oyMkxhN3Jhc1VPdDV1SVVVTVZSUmRSd1g2UnFuUVEKcEZwSVlPK0tQOEY4WjFPOVBSYTN0Z1hNRDJrQ0F3RUFBYU9CNURDQjRUQ0Jwd1lEVlIwUkJJR2ZNSUdjZ2dSeQpaWE4wZ2c1eVpYTjBMbU52Ym1ac2RXVnVkSUlTY21WemRDNWpiMjVtYkhWbGJuUXVjM1pqZ2lCeVpYTjBMbU52CmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJUUtpNXlaWE4wTG1OdmJtWnNkV1Z1ZElJaUtpNXkKWlhOMExtTnZibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSVlLaTV5WlhOMExuTjJZeTVqYkhWegpkR1Z5TG14dlkyRnNNQWtHQTFVZEV3UUNNQUF3Q3dZRFZSMFBCQVFEQWdXZ01CMEdBMVVkSlFRV01CUUdDQ3NHCkFRVUZCd01CQmdnckJnRUZCUWNEQWpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWNZcEh2TVFpQVV1aXpwRUEKaGQvQTc0UmlkN2REeWtjSHozUmhKeUZ6N0piU3VBTTQwODhaeVgrVHBlYXd2MzVtem9BZ2h3N2xWVUdRV3E2eQp0TCtIVm0zbks5ajZ2ZDZXdGRybi9FMXJkSVV0VU5HcFVQT2pDbUp0THRHUUp6ZHVSMWkyczVudVFwZ3laWFoxCjZBRjNpeUtIZVZNdDN0QnZqTG1NckFXUTdLOXdxSlluUjFWU0ZFMTRJdmdObHhIODg0RG9tMnNidHJwTmh6UDkKTTFUSzUwdDg3NUVVcGU0TGtheVo1REZWYnFvc0p3UHRBdFFHNUZDeUVsYnFjc096Q2RoU0EwVXovemdqTHpCdwpBTGo5YmlDNUdxUFMrY2lYeFlMZFdzVjBaSnNjdkIrK1VtcDd2ZVh2dERwN2lmUEdnUHZkVEJrOHpKeWVqZ29BClhZeGtGUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcm8yL2xwRy9UQzVaZ2MwSnVVb0Z3TXVaT25UdXQvWmNtQ0NNUGx1VEJ5eFV3b0crCjhrUUJ6WEhNSkE1WWFJVTBZbkNsN0ErNmFiT0Fadm9aZWxKcEFKM2VNZTlzL1ArcnJIZEFvRGwzanRIWnZDV3EKcm5mbEpycTh1M0JPVXlrb1NCZjVHYTJ0OUdBODNWQ2ZCT2RUaHFER3pubjFVTmt0QVZFc2JVRFdpcG1XN1llWApUNWdRNnh0STJxNmZBbmVHSEQ0cmJYQ04yK0ZsaEw3bDh3WklYKzVraENVYjZVRVFlMnZQNzFpekdmd0laMlJCCmNiVDlmeDc0cXdWNUJVK2NNOUI1M0xGcVpLY0cxWmRtbWswVGdiTmRrejJ5UGJZdHJ1dHF4UTYzbTRoUlF4VkYKRjFIQmZwR3FkQkNrV2toZzc0by93WHhuVTcwOUZyZTJCY3dQYVFJREFRQUJBb0lCQVFDTmFaejdlTnhIOVl6aQpFYUI5RWpFUy9sOEc4dENyRE5YN0VQTk5XWmNGeXE1b1hnQzUrTXFWREVwY001c0FJbHBNSGdMdCtkZ0Y1anh5Ck1OQVBQMUIrQldlTGdQTUZESVNpVm9KdXk5L0dQdEJ0RXY3eUZZUDZHbkxvVDVYRTNhVWFzd0ZHQW1UWmhGWUsKM2xQVi95cTErTzdYUEFxNEV4blk1VkJldXBhVTlYNlFpUG0xYlNNSnloT0RGMVdxL2c2U3FJWW5MOVVYYUw2MgpUalRpdDFRN043VTUveFBtTW9zWDYxUDdzUm5rdE9PQTZPSVIxYWJIUnJLY083UWlPTkJaTXpIU1VKRlc1STJvCjNJbVdTYnl1dEFuVGZYdFo0dm9aRDlsMmc3V2VpZTQ1VENsSmJyN01UVVF1Zzc4MjhUckdXRVd5ZmVRR3dCbkkKSThFb2dsTjVBb0dCQU5xckdFcEhuaFhSaVB2UVF6VS9kYVorZVVnRzlxa1FqMDhtcVFYZjJTWllSdVpVeVBuUwpMOWlNUlFYNWQ1Zmt6dWEzdis2aWFaWEtsM2hYT2gyNWdqa2x5OGxaY2tKcUJjZU5EZjhoSDNmWnYxUk9ScVFuCmVRQncwYVJkL0p6MFY1aUZ2ZkZTeGdTaVo2cG9kZXVoTnFKT1VFZERXRTdoWTF0dVMwRTlIZVFuQW9HQkFNeGEKbjFCSGJOYnowb1RVd0N5QmowdFJqWklQaUU4ZjV4RFR4SDF0N1prMVg1SThHMW1qakdCTWQ2cmlpaEZ1TElYbQpaUUJDaGZ3ckoxdSs4dXZVY1dNcEtCMHM2eEdJTm9ORmNMY2FnUFcyWlRuMTV6ZDZsZFpKKzBCalpvOHI3Q24zCkMyd1VsYm9nUEZIdjQ5UWJRNzhUVDV3bm1xK2NqeUVLdjZ2ZjZkbnZBb0dBY1pZc3NQRVF5aTZrNUlGalYvYVYKNjUySTdJUkpmcnJPWm9RamlweWoxUXBJRWY5NndtS1BYZ0pISEhwZ3lETWYwck1pYlJoS2xuZTlSTkt5cXB3aApiQVFaSG9kckZkcXpFOXhPcC9lUnZCVU5FUUwwS1BNa0pMbDEvTmFoa1BwUHdqZSsyZXR3VnhueGxaQmJxTUYrCmVzTUphbXN1SlJOcEpDWmZ5d3l2U1VNQ2dZQkVMTmVKaU1xZXk2a245M0pGWnRQUFpOMitKTUJzNVUvSkpWMGcKRzFSeEVJVlozQU9qM0JRdzdGSGdDTVBYSE5KdHVYZG9wc2pjWCtrNWluS3dpcWRwVlltMGNnL2FRWDh1UERSbQpZY2swTUMyRk1LeDZyY0xmUXI4M3MvRzdRZ1AvM0JOTGMzS2dMYkR5QlA0VS9TT1UwM1J6dkNLM0E1d2NnZUdBCkRhdU9zUUtCZ0g1WEtuYzU0bWRaMzBnN0hhUlF4T1BvZWRKK21zVjlCQnpYR2hpVUFtcWhva2dpc2dVRmQ5Y24KczNCcVYxektSY1V1UEVhc3RsRTdtaVpUSFhESklOeGp5cDdLd0xtK2M0YVJzemhXTUF1NzRsbDZ5QWMwak91WAo0cnVBdVBrY0pIbzhhRSsvY3I5NXo1MlZRRDVVdTgwWDU5R21HMnFsZ015ZFRLKys5RGlkCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF47AJ+MgAFWC41MDkAAAUMMIIFCDCCAvACCQDAKTWpEAiIxTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yNDAyMDcyMTE1NTJaMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuslCZXjSmVZQcJnC1ZGXSZGpjxGJ8trpiuF6Y2HgaWktPsP3uE3GVzjvtAJnz70cpb4pOZEK3u3W+NuQLw+XlDi5XHyDuScLIyGv1J1YmeSRVAQ4jCXhBiqNQqy+1YaAJpl2InsK1FwlWiC4ZoHwfyBsV65PH8viA2HcrPBahLSscBgYJ4kMpBFjXc6eEyZWFO6eYN/3Gb8KmT3VhgBdDxfrlXrpJwDjAuWWWaZ1gxsNbe4d2BMXRcjAGwTzObtBqECrqbKNtzKVLNkCo5VO2SdIWmi9x9oD+eppuPOvMornNd32b8KWxPLucP1ZchhrcwGOWSYEkhNrLDhpX+tKUFM4d6EGdEv4yA4gIx4JN4MvBa6onM5HUmXGmvr0OkBnbsi/Zk77c/jmDkL53n/jG1V5BR3kLnt04h4xhyiK6ITNmNR5HNSdlzhKT/qdneqIYoAVIQvHC/wUA3B+B3uurhtr9a6cLYvya9WBANJgQDLcSXDa6zBlvaPz7XtROaMKkY4U6FCn0r7a12r154CYWwjxkYN4r7ebxw9wgVa0GkRFsMGVEZ/vCiB4q3LHvtAu4mRYBb1srMZ15fUTn0DQn5RL65FwTpt1BRfiUHhXuNWRDzdqyoRcihP25YTWPcyW4AZGFstTCZHoK/sSS6+/E7zVlvt3ZKrpyXhNNI3QG3sCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAeOoVwAXAko+XDdRePouvNdHRGFNEq67H/0F9yCCms5d7iMW1X5da37ukYe3TCWMYFP6J2HGBdbL8IZpnro4s2IPH2Ez0VgaY95N6iBkZEdClPshGKcrlEkgeCA5gA+IK28pl9OXJtf2U4DGL0LAGDun87+wPLuDRVkp4SdEzVYGRxy5Y0IiuoYipzpj1AJ7E9g3ulwGkWnt2Np/7paNwAmED3g/IHIdyw3fyVbHJgPjsFsRnuLJghwKs95WP92fagJYnuoj6RTo4bo6z6z1wYvQzyzxT1mpgThm0FyqSOeyuJ+f+tctJbnc6afMteloDKJBfAPNDN7cuQ8agaj7RcqkKKndOPOqxZ/G6TyqR1MDQg5mBlbWV7ejoBAQwhno6r8fNRejVVmkEZ7F+BLGSWJ2xPGwGcEHuoDvtAjSoVlrELSRVjOKUMFwiT9g7WArldkXWYZw7nzfifvo3KhLjYmOWZKhzk4+8NnyaslI5jCTev0wBEBJ5Xwj8me8/xK3Mu/VQjzIGO5bHTcTfXOCZcdQTQI65fA8yDidW7ZP2Dn4yMk4mrIjGxu3qj9daxKhvvCAOhbxyTZfCbci1bWEU5ochTu7csBX4MlYlhYpzitsfyndyFaL9WjX8up4y90PxOO3SClt0lltfy/NXHCZZj56cmKp6FctclPoiptTIRqJdoke9keGfFxrWEUmg0Pk60kFs3A== ---- -apiVersion: v1 -kind: Secret -metadata: - name: zookeeper-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRGJ6Q0NBbGNDQVFBd1NERUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhFakFRQmdOVkJBTVRDWHB2YjJ0bFpYQmxjakNDQVNJd0RRWUpLb1pJCmh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTWp2RlhTSDQ1YmRRb1NsUjNxekhkSjliWjJZZU5PZXhYYjcKSmdiOXpIKzlJT1BIaTFFOEJrbFZHRVFJOS82RUlNckVDaSsrWmRqS01Kc01jS25KazBBc2VjU3BlRVdhS0dhMQo0TEwyVTg2YzNqRHB3bG45SUxFWmd3OTNEWXBpYmNOcEFsbW5BUmVOZDdoaFczdStpKzVsS0JGT2dXbVR3WHhsCktNOUZhL1BlbGFZc1ZXTVlpa1ZGbmNRNjg3WnpWejZqenlsb2p1QjJwK3JudHZ0Vkg2RFpGQ2xUekdsY2xJSnIKRXRFNHVNMm1DbW9BSmVRUHhDVWxWZmJGbS9GYUlSbFJ5cUE4WUZQT1gxUmlYdlJ0dXBxblh0eHhaTWhIWkRyTQpmOXBpaTRKL2lmQUx0RTIvZFB2ekViclQ5UzM2dkVKekphRVFML2lhVjQ0RFR5YTlycFVDQXdFQUFhQ0I0VENCCjNnWUpLb1pJaHZjTkFRa09NWUhRTUlITk1JSEtCZ05WSFJFRWdjSXdnYitDQ1hwdmIydGxaWEJsY29JVGVtOXYKYTJWbGNHVnlMbU52Ym1ac2RXVnVkSUlYZW05dmEyVmxjR1Z5TG1OdmJtWnNkV1Z1ZEM1emRtT0NKWHB2YjJ0bApaWEJsY2k1amIyNW1iSFZsYm5RdWMzWmpMbU5zZFhOMFpYSXViRzlqWVd5Q0ZTb3VlbTl2YTJWbGNHVnlMbU52CmJtWnNkV1Z1ZElJbktpNTZiMjlyWldWd1pYSXVZMjl1Wm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnMKZ2gwcUxtTnZibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQwpBUUVBSEJqN2x0Uk9Nc1FVTWlVOUZZUFRQSTJ5NW1iQlk3WGNZNk9tVUE0ampLZ1hZVFlrSU5Cc1htcFBZTGw1CmtRTVR0VTNFSUZrdklwUEVLUE0vTFFLSjNlcHkwUTMybmh6TWFTaTdUdWg2WmpyUzRaMGxvVmpRZU9TTzJ6QVcKaGgvdU15TFBrWUlTbndZbVpqeSsrMDBYeDhRYnlNMjZtVE5FNUt4d2dNaU9HbG1ON2tvU1JGWTdob3BmcWJWeApGUVBGMUpyNm5DTFV0bTRFMVZvN0tMQVJpbGo3QXVmSGNoYVpmZ3RiS2U5Q25mQTc5cTJpYkdtbDNncDEycTZVClZkUWVLUzU1eGJvUDdBc0VycmtwR3UzQm9xMjk0RGJtTW1lV3ovYW9IdDl4N29vRFBGNW9TYlF4eVRkcUNmWXcKSnpNY3Q1Z2l0cjluRGRwNFc5WkxSbEdMWlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EqeFjgAABQEwggT9MA4GCisGAQQBKgIRAQEFAASCBOkcB/nfvwtr736A0LeqwWYJXKcMrOGsloCjEpUx2PIsz3f+CGcsbMp1mYGxsgXflHxRpfDgqhFdpwjbVIfQ0zvb4p5S/oWePL5vcynIAxAcqO6rsK08cHmN+AE2R+u5kBh0tqFW/cyl0aUA7GcNlojgoazZavgWHPhh9yqHSA/5lUOlGky6sYFhty2o7NJHDhWd++WRnEssifDmmHHEkv36EaVKpsWtgwYz5EwFWTi2CUl4K5Z0/ZmvMJqSGyMq3Dehl1y1jrwogdwEWQk7kgjcwP00NIEkAWj1OUm0P43wLahMFoxQfpLCEuZABPSePPh52AFQ9EA6x9k4+j/DZ4d9e3i6rWpFiJeCekvJt+8nvxFVa0H+d7V6cBP84NHZWfNtv5vfUdB4yIaonvkCpgvmX0QYrco1S45dc7A54HKW14FcbZmARQl+NBsyhkDR4ykqlG/fr+as2mfIGh3CQBgvNNEsRGvDEaa9yPvLTzDk7b7h6VgGYv/vLNHuwXV3KBgFvN5XMvI66iByU7f/Gep8rj1VpHr7D9uTTkusdxz8b8+DGJUQ1lq+yb1OgjKkEdpQhc/Dm4HEvXUP2A+044MH+Z6WfsYV80w5r76wG2lDsVAOXnkvyjNa0GaertgzagKMyzreT6XXtBpl7xkzsTx1Kresoz5lq0JBuEc97MRThRaQLy2sMK0/3K6K2XT6WcAPdsU7mAZb8Z4RktV0Zoj+ey1esLUTyV81uniZ8tV4pO60m9aNkm1c3FMx2xA/ruPGr9+WceQQ+bjPcmpuLM7bicrhnYTaPRmMfHsK2Bq1C9qMwvLXnQ/6jubL+CjkdR9T8WiY8SauC6FDJ2Z+a8NAZqK5E7eDFKEcKMiDt7Y7YUuF8DAkFYdvp/Pf+/k+aPI1CkZclMzIcngXwokh7aRX5PHJh+WjZa8JbG4zjupspl9m2E1WNgSGyAzeCFBtJk/S7rbK8N/vTuaaN0jXJ5kpGdTjGX6wOdGQhkfWp1FPssciLZxmvfMkU4dxanOlIDIGk7Cba+vXAIMdTbn3Ztj6BQOZI6hCi/PuRbJT6F0kc9XoWXoLvPKCg2mJVXwx1/iExMTYF0awaEQR9s30Q9f85BGy9YERk4kiKjsy4m+CcwkdjC/2aDPrB2oVdGFDvKWamPAfQuoMcfLoXdznpR2+WmLvT/zLEA37a0sfF5hX2AFDtUS/ntwCQxVpEb0nl/8nxf/g+EN28fkxEAK8tjPupU9O+9Ze4sT9Hw/2V9ddvUDLpWSqeEmvQxcB6M9wBzUlbSQ8GTftWuLS9XIRLS1mldVrNoG9BYqDeeDqeI7zomwpOSaCND4Ey12JbeFdUgWENn9lmvDJoQBkoOtMutTSrLmyDjS16j+7/ZH5dmrcijBnBAkT4nDa53fmuq8NGWVkxv5XjrF37Wj59wwPNJ1GaYOSRGRKoNRb8rEciPuFh8voGBgewZmcwuAC3XQpgq+bdXbLUghdFRA0ON1/Al1Nd0ZRTdxiqaJ8wsPnFu6y+ygcC8OIzuSj3ezmjq+ds+ci+fQOIj04jVBIMgAii2fAohm+RlGjA8xnytmkq7l+V+hYMlB42gj+f8WbefK019SYEjAOgWn9Z/pHbzgzIGAd9JYFLpyrTW3cwjHEDzDtB3EHJCEpDJdKDAE5IF8QhrklgKfyP+MxngwAAAABAARYNTA5AAAFLDCCBSgwggMQoAMCAQICEGdpJ7rgx1Lwc4iZOyigcn4wDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDI3MDkyNzE5WhcNMjIwNDIyMDkyNzE5WjBIMQswCQYDVQQGEwJDSDEOMAwGA1UEChMFRHVmcnkxFTATBgNVBAsTDEluc2lnaHRzIFBPQzESMBAGA1UEAxMJem9va2VlcGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyO8VdIfjlt1ChKVHerMd0n1tnZh4057FdvsmBv3Mf70g48eLUTwGSVUYRAj3/oQgysQKL75l2MowmwxwqcmTQCx5xKl4RZooZrXgsvZTzpzeMOnCWf0gsRmDD3cNimJtw2kCWacBF413uGFbe76L7mUoEU6BaZPBfGUoz0Vr896VpixVYxiKRUWdxDrztnNXPqPPKWiO4Han6ue2+1UfoNkUKVPMaVyUgmsS0Ti4zaYKagAl5A/EJSVV9sWb8VohGVHKoDxgU85fVGJe9G26mqde3HFkyEdkOsx/2mKLgn+J8Au0Tb90+/MRutP1Lfq8QnMloRAv+JpXjgNPJr2ulQIDAQABo4IBDjCCAQowDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMIHKBgNVHREEgcIwgb+CCXpvb2tlZXBlcoITem9va2VlcGVyLmNvbmZsdWVudIIXem9va2VlcGVyLmNvbmZsdWVudC5zdmOCJXpvb2tlZXBlci5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCFSouem9va2VlcGVyLmNvbmZsdWVudIInKi56b29rZWVwZXIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2Fsgh0qLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAc/mIXN8mtOfOY+/yEVKUEi01ZC0qyEg0frpdHQJjeaenynKyvVEbQUHQ4UT6Of4IS4Q1FunsLCvqWMLe0hkFmuj59sK+CtwKfq5cc2jTlq1BACyTJB/peTsJHUL/CQKenMlRJMJS64tRDzYIdndQSG4M0LRrfnuiw6nkPIBNhb0Ud4hv3Fu4W2TKADGGGdfxd5gGCwB6o4hMp0/0Xaj9Mks5fqQq1Gc8AeLDTnw8GgZmUzBuH071rJxM5nENAlzP2mb/FqbbwmYkZArAslTFh+ngfYa/p7YzYxsKrS6Al22IncYwk26bs8f0fMnrlClj/4BJw6PishPY2p7HuChtLEkeUG+8ITBYLUeEvHlqZ3D7cYYbtbwYkqTNRx16sNe3cYGBSpDtbT/+89CUPGdWEKckaKCKXx+LYSy8nJrmJ4yEnuixRZgdqv8fptFabZqCKjQDGJF1gr/xgobyg12k75rE6oSIrZpfG/fAagRXADRQwWU/krtKMvh6kJh3HK8JxsuYBshsK43fdBgm3Y+aCteS80SdiZGkYelM3LLMxba7tA2JlPiMTMRK2eFgzjhy9Zu4sStFLentbNAUUJtT+xRP+Y1g0e1qgu9zprH91hdX6b2StyV3MIilbmrZ23XNYFEZH3cHiqMXuCyFICh7IllqYLxVd/r5FlURFHSuqYEAAAACAAJjYQAAAXkSp4WPAARYNTA5AAAFDDCCBQgwggLwAgkAwCk1qRAIiMUwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDE5MjExNTUyWhcNMjQwMjA3MjExNTUyWjBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALrJQmV40plWUHCZwtWRl0mRqY8RifLa6YrhemNh4GlpLT7D97hNxlc477QCZ8+9HKW+KTmRCt7t1vjbkC8Pl5Q4uVx8g7knCyMhr9SdWJnkkVQEOIwl4QYqjUKsvtWGgCaZdiJ7CtRcJVoguGaB8H8gbFeuTx/L4gNh3KzwWoS0rHAYGCeJDKQRY13OnhMmVhTunmDf9xm/Cpk91YYAXQ8X65V66ScA4wLlllmmdYMbDW3uHdgTF0XIwBsE8zm7QahAq6myjbcylSzZAqOVTtknSFpovcfaA/nqabjzrzKK5zXd9m/ClsTy7nD9WXIYa3MBjlkmBJITayw4aV/rSlBTOHehBnRL+MgOICMeCTeDLwWuqJzOR1Jlxpr69DpAZ27Iv2ZO+3P45g5C+d5/4xtVeQUd5C57dOIeMYcoiuiEzZjUeRzUnZc4Sk/6nZ3qiGKAFSELxwv8FANwfgd7rq4ba/WunC2L8mvVgQDSYEAy3Elw2uswZb2j8+17UTmjCpGOFOhQp9K+2tdq9eeAmFsI8ZGDeK+3m8cPcIFWtBpERbDBlRGf7wogeKtyx77QLuJkWAW9bKzGdeX1E59A0J+US+uRcE6bdQUX4lB4V7jVkQ83asqEXIoT9uWE1j3MluAGRhbLUwmR6Cv7EkuvvxO81Zb7d2Sq6cl4TTSN0Bt7AgMBAAEwDQYJKoZIhvcNAQELBQADggIBAHjqFcAFwJKPlw3UXj6LrzXR0RhTRKuux/9BfcggprOXe4jFtV+XWt+7pGHt0wljGBT+idhxgXWy/CGaZ66OLNiDx9hM9FYGmPeTeogZGRHQpT7IRinK5RJIHggOYAPiCtvKZfTlybX9lOAxi9CwBg7p/O/sDy7g0VZKeEnRM1WBkccuWNCIrqGIqc6Y9QCexPYN7pcBpFp7djaf+6WjcAJhA94PyByHcsN38lWxyYD47BbEZ7iyYIcCrPeVj/dn2oCWJ7qI+kU6OG6Os+s9cGL0M8s8U9ZqYE4ZtBcqkjnsrifn/rXLSW53OmnzLXpaAyiQXwDzQze3LkPGoGo+0XKpCip3TjzqsWfxuk8qkdTA0IOZgZW1le3o6AQEMIZ6Oq/HzUXo1VZpBGexfgSxklidsTxsBnBB7qA77QI0qFZaxC0kVYzilDBcIk/YO1gK5XZF1mGcO5834n76NyoS42JjlmSoc5OPvDZ8mrJSOYwk3r9MARASeV8I/JnvP8StzLv1UI8yBjuWx03E31zgmXHUE0COuXwPMg4nVu2T9g5+MjJOJqyIxsbt6o/XWsSob7wgDoW8ck2Xwm3ItW1hFOaHIU7u3LAV+DJWJYWKc4rbH8p3chWi/Vo1/LqeMvdD8Tjt0gpbdJZbX8vzVxwmWY+enJiqehXLXJT6IqbUyEaieC/K8+LUymGYeLMd7VgAaaZu7jQ= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZLRENDQXhDZ0F3SUJBZ0lRWjJrbnV1REhVdkJ6aUprN0tLQnlmakFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjd09USTNNVGxhRncweU1qQTBNakl3Ck9USTNNVGxhTUVneEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1SSXdFQVlEVlFRREV3bDZiMjlyWldWd1pYSXdnZ0VpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREk3eFYwaCtPVzNVS0VwVWQ2c3gzU2ZXMmRtSGpUbnNWMit5WUcvY3gvCnZTRGp4NHRSUEFaSlZSaEVDUGYraENES3hBb3Z2bVhZeWpDYkRIQ3B5Wk5BTEhuRXFYaEZtaWhtdGVDeTlsUE8Kbk40dzZjSlovU0N4R1lNUGR3MktZbTNEYVFKWnB3RVhqWGU0WVZ0N3ZvdnVaU2dSVG9GcGs4RjhaU2pQUld2egozcFdtTEZWakdJcEZSWjNFT3ZPMmMxYytvODhwYUk3Z2RxZnE1N2I3VlIrZzJSUXBVOHhwWEpTQ2F4TFJPTGpOCnBncHFBQ1hrRDhRbEpWWDJ4WnZ4V2lFWlVjcWdQR0JUemw5VVlsNzBiYnFhcDE3Y2NXVElSMlE2ekgvYVlvdUMKZjRud0M3Uk52M1Q3OHhHNjAvVXQrcnhDY3lXaEVDLzRtbGVPQTA4bXZhNlZBZ01CQUFHamdnRU9NSUlCQ2pBTwpCZ05WSFE4QkFmOEVCQU1DQXFRd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHCkExVWRFd0VCL3dRQ01BQXdnY29HQTFVZEVRU0J3akNCdjRJSmVtOXZhMlZsY0dWeWdoTjZiMjlyWldWd1pYSXUKWTI5dVpteDFaVzUwZ2hkNmIyOXJaV1Z3WlhJdVkyOXVabXgxWlc1MExuTjJZNElsZW05dmEyVmxjR1Z5TG1OdgpibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSVZLaTU2YjI5clpXVndaWEl1WTI5dVpteDFaVzUwCmdpY3FMbnB2YjJ0bFpYQmxjaTVqYjI1bWJIVmxiblF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDSFNvdVkyOXUKWm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUJ6K1loYwozeWEwNTg1ajcvSVJVcFFTTFRWa0xTcklTRFIrdWwwZEFtTjVwNmZLY3JLOVVSdEJRZERoUlBvNS9naExoRFVXCjZld3NLK3BZd3Q3U0dRV2E2UG4yd3I0SzNBcCtybHh6YU5PV3JVRUFMSk1rSCtsNU93a2RRdjhKQXA2Y3lWRWsKd2xMcmkxRVBOZ2gyZDFCSWJnelF0R3QrZTZMRHFlUThnRTJGdlJSM2lHL2NXN2hiWk1vQU1ZWVoxL0YzbUFZTApBSHFqaUV5blQvUmRxUDB5U3psK3BDclVaendCNHNOT2ZEd2FCbVpUTUc0ZlR2V3NuRXptY1EwQ1hNL2FadjhXCnB0dkNaaVJrQ3NDeVZNV0g2ZUI5aHIrbnRqTmpHd3F0TG9DWGJZaWR4akNUYnB1engvUjh5ZXVVS1dQL2dFbkQKbytLeUU5amFuc2U0S0cwc1NSNVFiN3doTUZndFI0UzhlV3BuY1B0eGhodTF2QmlTcE0xSEhYcXcxN2R4Z1lGSwprTzF0UC83ejBKUThaMVlRcHlSb29JcGZINHRoTEx5Y211WW5qSVNlNkxGRm1CMnEveCttMFZwdG1vSXFOQU1ZCmtYV0N2L0dDaHZLRFhhVHZtc1RxaElpdG1sOGI5OEJxQkZjQU5GREJaVCtTdTBveStIcVFtSGNjcnduR3k1Z0cKeUd3cmpkOTBHQ2JkajVvSzE1THpSSjJKa2FSaDZVemNzc3pGdHJ1MERZbVUrSXhNeEVyWjRXRE9PSEwxbTdpeApLMFV0NmUxczBCUlFtMVA3RkUvNWpXRFI3V3FDNzNPbXNmM1dGMWZwdlpLM0pYY3dpS1Z1YXRuYmRjMWdVUmtmCmR3ZUtveGU0TElVZ0tIc2lXV3BndkZWMyt2a1dWUkVVZEs2cGdRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRREk3eFYwaCtPVzNVS0UKcFVkNnN4M1NmVzJkbUhqVG5zVjIreVlHL2N4L3ZTRGp4NHRSUEFaSlZSaEVDUGYraENES3hBb3Z2bVhZeWpDYgpESENweVpOQUxIbkVxWGhGbWlobXRlQ3k5bFBPbk40dzZjSlovU0N4R1lNUGR3MktZbTNEYVFKWnB3RVhqWGU0CllWdDd2b3Z1WlNnUlRvRnBrOEY4WlNqUFJXdnozcFdtTEZWakdJcEZSWjNFT3ZPMmMxYytvODhwYUk3Z2RxZnEKNTdiN1ZSK2cyUlFwVTh4cFhKU0NheExST0xqTnBncHFBQ1hrRDhRbEpWWDJ4WnZ4V2lFWlVjcWdQR0JUemw5VQpZbDcwYmJxYXAxN2NjV1RJUjJRNnpIL2FZb3VDZjRud0M3Uk52M1Q3OHhHNjAvVXQrcnhDY3lXaEVDLzRtbGVPCkEwOG12YTZWQWdNQkFBRUNnZ0VBYWh3ZjkyNy9tQjcyVHJnOW5DVlUzV0NSYjRVaVlaYlo3ckJJYjY2OXZNTnkKeC9jTHNuV0JXRjZRdHZVSmlhWGE3MWxCaTk3L1I5SFdnenE1a0dBNzI4cmc3eU1UdWFYa0tnRm9UUG5hWGlUbgpEV3VVMEJMbG5jQzhQb0YvYkJINHB4WWdRSm41OEtjcmp2b1M1ckZFa2p0blFtUno0UDQvVW1MVmYwZkk3M292ClkrUll3UCtXVjhXcHBlbjdETk00VE41T2dsVTZQUVNpcDhhRXdHWUxjZS9BTVV4TnhrWjZsVmtFZ2NLaStWdXYKTTI4YUZiV1A0bk5zWjEwQnIvZTVYSHluakV6MkxtZ1J3RGdYMTloUy9VYWc3KzFqTGwrNjMzZGhNTkR1U0lQZApOdm9rNlVSWGZPbVh2dnpBd1dvWnU1b3krSUtGL3pJSVNQNVdCT0xGb1FLQmdRRGNFT3JMUWw5UUIyZkxJYldCCjRhUU90Y0w3U3hRRGpPRGxPeHFCbjJIUzlFbFV2T1NjNklPVmp3WUlscmRBemh2VFM3d2FERExpbFQ5QzhKSngKRUdxV3IxNCt2bkZSbGdZYkgrU09kOGxOczFETklTMHFyZ1FPNlo2NjcvUW5JMjUwLzhsWitNVGFNMEk5YThhaQp5T2JtSjBRZzQwUDVpT3RCYjlVaFlRMVUyUUtCZ1FEcHZtb1hrNXBDOEJLelJJUTlQWm1RNUFUQ1VYai8yeE5ICi81VmZZYmJQQSt6U2ZoS0NUcnRNWGtMTStlMzMvcHBmbWNiL1c4M2wzOW1Kb01Vd2tTdnk2bjZ5YjJHYWdOL0wKZkRTc1ZxNFlLdUhiN1FmVWp6ZGtqNHBVVTJabkZTMkVmaDFhc3VHR0F2TEN0dklMUGh5UVNmS1BLMlRyRmY3OQo1STNFNDhCaUhRS0JnUUNmS2YwbmxaR3FLREVCMGhlZElMMnZoZmJJR2IwWDlFU1VodkxjM1pHN0tjUC83YjdMClhjQU40NnZSZW5DQUJwSkplSFZMd1pic0dsWHU3R0IrTmdsaGd1VC9MRzU1TzdDZTNhcEpBSW93RUlsWVU2NS8KTit6bmZFQzVvK05LaTIzUVlWQVlLcnoxdEMwc2owN1RYY3JpbTNQQzlaeXNWa01ReVBtMWNxUlp3UUtCZ0VWUgpGWTgyVTNua1RmZGhxMEdxQWQ5bzcweGM4dUFWTEt1ZVRNTERiSDRKc1BKZk5zZno1ekZuaHJIWXNFeHA4WWZHClI3QTBubU84Tlh2TjlJeEprTm54MW02OS94amRmUUNRTGVLcHRla3UxbG5zK2ZSOElEWXZKeHVJdkFaM3prN0wKUTVOQkZ3WXgyNklJdE5ER3M1dktnaWNZL0UyRzhWNkRwOU1xbzBPMUFvR0FKUEU1M0t0NnFDazhJT1BhYkN2ZwpHVHJXbGMvOVN4b3prb1NyMzZIc3JaZHcva2wvRHhMc0tnL0JsK0swb3NVMy9oZTl0N2tRUWFxTVNqWUp5WG1oCndvOUFjMnpWcHR4SzZtWStaNklmQ3ord21kVW1VVSt3cnNIbFoyWlNxaVdUMHZ4Ujl0a1d0eHVUWTZTZHk3NGsKMlJ5UmdNVHo0UC9FV2pzRkVubnJDMDg9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EqeFjwAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGonq6PS2Q0EZUlgvokUMUzxA3ONO3 ---- \ No newline at end of file diff --git a/kustomize/base/confluent-suite/zookeeper/kustomization.yaml b/kustomize/base/confluent-suite/zookeeper/kustomization.yaml deleted file mode 100644 index 672d237..0000000 --- a/kustomize/base/confluent-suite/zookeeper/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - certificates.yaml - - zookeeper.yaml \ No newline at end of file diff --git a/kustomize/base/confluent-suite/zookeeper/zookeeper.yaml b/kustomize/base/confluent-suite/zookeeper/zookeeper.yaml deleted file mode 100644 index fbe052f..0000000 --- a/kustomize/base/confluent-suite/zookeeper/zookeeper.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Zookeeper -metadata: - name: zookeeper -spec: - replicas: 3 - image: - application: confluentinc/cp-zookeeper-operator:6.1.1.0 - init: confluentinc/cp-init-container-operator:6.1.1.0 - dataVolumeCapacity: 10Gi - logVolumeCapacity: 10Gi - authentication: - type: digest - jaasConfig: - secretRef: credential - tls: - autoGeneratedCerts: true \ No newline at end of file diff --git a/kustomize/base/confluent/control-centre.yaml b/kustomize/base/confluent/control-centre.yaml index 019eebc..d708c6a 100644 --- a/kustomize/base/confluent/control-centre.yaml +++ b/kustomize/base/confluent/control-centre.yaml @@ -1,4 +1,3 @@ ---- apiVersion: platform.confluent.io/v1beta1 kind: ControlCenter metadata: @@ -42,4 +41,3 @@ spec: secretRef: c3-mds-client tls: enabled: true ---- diff --git a/kustomize/base/confluent/kafka-connect.yaml b/kustomize/base/confluent/kafka-connect.yaml index 4461f2a..1d9ee05 100644 --- a/kustomize/base/confluent/kafka-connect.yaml +++ b/kustomize/base/confluent/kafka-connect.yaml @@ -1,4 +1,3 @@ ---- apiVersion: platform.confluent.io/v1beta1 kind: Connect metadata: diff --git a/kustomize/base/confluent/kafka.yaml b/kustomize/base/confluent/kafka.yaml index 013f0e5..acc4591 100644 --- a/kustomize/base/confluent/kafka.yaml +++ b/kustomize/base/confluent/kafka.yaml @@ -1,4 +1,3 @@ ---- apiVersion: platform.confluent.io/v1beta1 kind: Kafka metadata: diff --git a/kustomize/base/confluent/ksqldb.yaml b/kustomize/base/confluent/ksqldb.yaml index 4b8cf30..a7cd82a 100644 --- a/kustomize/base/confluent/ksqldb.yaml +++ b/kustomize/base/confluent/ksqldb.yaml @@ -1,4 +1,3 @@ ---- apiVersion: platform.confluent.io/v1beta1 kind: KsqlDB metadata: diff --git a/kustomize/base/confluent/kustomization.yaml b/kustomize/base/confluent/kustomization.yaml index 58aea4c..a89f32d 100644 --- a/kustomize/base/confluent/kustomization.yaml +++ b/kustomize/base/confluent/kustomization.yaml @@ -1,11 +1,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - certificates.yaml - zookeeper.yaml - kafka.yaml - kafka-connect.yaml - schema-registry.yaml - control-centre.yaml - - rest-proxy.yaml - - ksqldb.yaml \ No newline at end of file + - ksqldb.yaml +# - rest-proxy.yaml \ No newline at end of file diff --git a/kustomize/base/confluent/rest-proxy.yaml b/kustomize/base/confluent/rest-proxy.yaml index 2ac0205..b348776 100644 --- a/kustomize/base/confluent/rest-proxy.yaml +++ b/kustomize/base/confluent/rest-proxy.yaml @@ -1,4 +1,3 @@ ---- apiVersion: apps/v1 kind: StatefulSet metadata: diff --git a/kustomize/base/confluent/schema-registry.yaml b/kustomize/base/confluent/schema-registry.yaml index 89f7ab2..d542db7 100644 --- a/kustomize/base/confluent/schema-registry.yaml +++ b/kustomize/base/confluent/schema-registry.yaml @@ -31,11 +31,3 @@ spec: secretRef: sr-mds-client tls: enabled: true -# configOverrides: -# server: -# - leader.eligibility=true -# - inter.instance.protocol=https -# # operator changes the defaults -# - schema.registry.group.id=schema-registry -# - kafkastore.topic=_schemas ---- \ No newline at end of file diff --git a/kustomize/base/confluent/zookeeper.yaml b/kustomize/base/confluent/zookeeper.yaml index fbe052f..8257410 100644 --- a/kustomize/base/confluent/zookeeper.yaml +++ b/kustomize/base/confluent/zookeeper.yaml @@ -15,4 +15,4 @@ spec: jaasConfig: secretRef: credential tls: - autoGeneratedCerts: true \ No newline at end of file + autoGeneratedCerts: true diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index f984546..731dc8c 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -4,3 +4,4 @@ resources: - secrets - confluent - rolebindings + - topics diff --git a/kustomize/base/confluent-suite/rolebindings/ldap/kustomization.yaml b/kustomize/base/topics/kustomization.yaml similarity index 78% rename from kustomize/base/confluent-suite/rolebindings/ldap/kustomization.yaml rename to kustomize/base/topics/kustomization.yaml index c860fd8..e52d7e8 100644 --- a/kustomize/base/confluent-suite/rolebindings/ldap/kustomization.yaml +++ b/kustomize/base/topics/kustomization.yaml @@ -1,5 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - groups - - users \ No newline at end of file + - foobar.yaml diff --git a/kustomize/base/topics/topic2.yaml b/kustomize/base/topics/topic2.yaml deleted file mode 100644 index 782dd6d..0000000 --- a/kustomize/base/topics/topic2.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: KafkaTopic -metadata: - name: topic-rbac -spec: - replicas: 1 - partitionCount: 12 \ No newline at end of file diff --git a/kustomize/environments/dev/kustomization.yaml b/kustomize/environments/dev/kustomization.yaml index 21fdde4..370dc91 100644 --- a/kustomize/environments/dev/kustomization.yaml +++ b/kustomize/environments/dev/kustomization.yaml @@ -1,6 +1,5 @@ namespace: dev resources: -- namespace.yaml - ../../base patchesStrategicMerge: - control-centre.yaml diff --git a/kustomize/environments/dev/namespace.yaml b/kustomize/environments/dev/namespace.yaml deleted file mode 100644 index e3472ba..0000000 --- a/kustomize/environments/dev/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: dev \ No newline at end of file diff --git a/kustomize/environments/kustomization.yaml b/kustomize/environments/kustomization.yaml index 88bc450..f847377 100644 --- a/kustomize/environments/kustomization.yaml +++ b/kustomize/environments/kustomization.yaml @@ -1,4 +1,3 @@ resources: - dev -- staging - production diff --git a/kustomize/environments/production/control-centre.yaml b/kustomize/environments/production/control-centre.yaml index 3bb0125..a67a214 100644 --- a/kustomize/environments/production/control-centre.yaml +++ b/kustomize/environments/production/control-centre.yaml @@ -4,6 +4,8 @@ kind: ControlCenter metadata: name: controlcenter spec: + tls: + secretRef: tls-group1 dependencies: kafka: bootstrapEndpoint: kafka.production.svc.cluster.local:9071 diff --git a/kustomize/environments/production/kafka-connect.yaml b/kustomize/environments/production/kafka-connect.yaml index 610d3a5..40bc5ac 100644 --- a/kustomize/environments/production/kafka-connect.yaml +++ b/kustomize/environments/production/kafka-connect.yaml @@ -4,6 +4,8 @@ kind: Connect metadata: name: connect spec: + tls: + secretRef: tls-group1 dependencies: kafka: bootstrapEndpoint: kafka.production.svc.cluster.local:9071 diff --git a/kustomize/environments/production/kafka.yaml b/kustomize/environments/production/kafka.yaml index 9b4e762..94684b0 100644 --- a/kustomize/environments/production/kafka.yaml +++ b/kustomize/environments/production/kafka.yaml @@ -4,6 +4,8 @@ kind: Kafka metadata: name: kafka spec: + tls: + secretRef: tls-group1 dependencies: zookeeper: endpoint: zookeeper.production.svc.cluster.local:2182 diff --git a/kustomize/environments/production/ksqldb.yaml b/kustomize/environments/production/ksqldb.yaml index cbad49d..d80f4cb 100644 --- a/kustomize/environments/production/ksqldb.yaml +++ b/kustomize/environments/production/ksqldb.yaml @@ -4,6 +4,8 @@ kind: KsqlDB metadata: name: ksqldb spec: + tls: + secretRef: tls-group1 dependencies: kafka: bootstrapEndpoint: kafka.production.svc.cluster.local:9071 diff --git a/kustomize/environments/production/kustomization.yaml b/kustomize/environments/production/kustomization.yaml index 3e21d5c..f934a76 100644 --- a/kustomize/environments/production/kustomization.yaml +++ b/kustomize/environments/production/kustomization.yaml @@ -1,6 +1,5 @@ namespace: production resources: -- namespace.yaml - ../../base patchesStrategicMerge: - control-centre.yaml diff --git a/kustomize/environments/production/namespace.yaml b/kustomize/environments/production/namespace.yaml deleted file mode 100644 index 9b8854c..0000000 --- a/kustomize/environments/production/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: production \ No newline at end of file diff --git a/kustomize/environments/production/schema-registry.yaml b/kustomize/environments/production/schema-registry.yaml index 4435b13..0264051 100644 --- a/kustomize/environments/production/schema-registry.yaml +++ b/kustomize/environments/production/schema-registry.yaml @@ -4,6 +4,8 @@ kind: SchemaRegistry metadata: name: registry spec: + tls: + secretRef: tls-group1 dependencies: kafka: bootstrapEndpoint: kafka.production.svc.cluster.local:9071 diff --git a/kustomize/environments/staging/control-centre.yaml b/kustomize/environments/staging/control-centre.yaml deleted file mode 100644 index 1a071ef..0000000 --- a/kustomize/environments/staging/control-centre.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ControlCenter -metadata: - name: controlcenter -spec: - dependencies: - kafka: - bootstrapEndpoint: kafka.staging.svc.cluster.local:9071 - mds: - endpoint: https://kafka.staging.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/staging/kafka-connect.yaml b/kustomize/environments/staging/kafka-connect.yaml deleted file mode 100644 index 703ffb3..0000000 --- a/kustomize/environments/staging/kafka-connect.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Connect -metadata: - name: connect -spec: - dependencies: - kafka: - bootstrapEndpoint: kafka.staging.svc.cluster.local:9071 - mds: - endpoint: https://kafka.staging.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/staging/kafka.yaml b/kustomize/environments/staging/kafka.yaml deleted file mode 100644 index 2c2c250..0000000 --- a/kustomize/environments/staging/kafka.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Kafka -metadata: - name: kafka -spec: - dependencies: - zookeeper: - endpoint: zookeeper.staging.svc.cluster.local:2182 - metricReporter: - bootstrapEndpoint: kafka.staging.svc.cluster.local:9071 diff --git a/kustomize/environments/staging/ksqldb.yaml b/kustomize/environments/staging/ksqldb.yaml deleted file mode 100644 index 4277f5d..0000000 --- a/kustomize/environments/staging/ksqldb.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: KsqlDB -metadata: - name: ksqldb -spec: - dependencies: - kafka: - bootstrapEndpoint: kafka.staging.svc.cluster.local:9071 - mds: - endpoint: https://kafka.staging.svc.cluster.local:8090 diff --git a/kustomize/environments/staging/kustomization.yaml b/kustomize/environments/staging/kustomization.yaml deleted file mode 100644 index 1ccf259..0000000 --- a/kustomize/environments/staging/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -namespace: staging -resources: -- namespace.yaml -- ../../base -patchesStrategicMerge: - - control-centre.yaml - - kafka.yaml - - kafka-connect.yaml - - ksqldb.yaml - - schema-registry.yaml - - diff --git a/kustomize/environments/staging/namespace.yaml b/kustomize/environments/staging/namespace.yaml deleted file mode 100644 index c6212de..0000000 --- a/kustomize/environments/staging/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: staging \ No newline at end of file diff --git a/kustomize/environments/staging/schema-registry.yaml b/kustomize/environments/staging/schema-registry.yaml deleted file mode 100644 index 090e01e..0000000 --- a/kustomize/environments/staging/schema-registry.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: SchemaRegistry -metadata: - name: registry -spec: - dependencies: - kafka: - bootstrapEndpoint: kafka.staging.svc.cluster.local:9071 - mds: - endpoint: https://kafka.staging.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/infrastructure/confluent-operator-helm-release-staging.yaml b/kustomize/infrastructure/confluent-operator-helm-release-staging.yaml deleted file mode 100644 index 9f3302c..0000000 --- a/kustomize/infrastructure/confluent-operator-helm-release-staging.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: confluent - namespace: staging -spec: - interval: 1m - chart: - spec: - chart: confluent-for-kubernetes - sourceRef: - kind: HelmRepository - name: confluent-private - namespace: flux-system - values: - image: - registry: docker.io \ No newline at end of file diff --git a/kustomize/infrastructure/kustomization.yaml b/kustomize/infrastructure/kustomization.yaml index 4f8b62d..1224293 100644 --- a/kustomize/infrastructure/kustomization.yaml +++ b/kustomize/infrastructure/kustomization.yaml @@ -6,5 +6,4 @@ resources: - ldap.yaml - confluent-operator-credentials.yaml - confluent-operator-helm-release-dev.yaml - - confluent-operator-helm-release-staging.yaml - - confluent-operator-helm-release-production.yaml + - confluent-operator-helm-release-production.yaml \ No newline at end of file diff --git a/kustomize/infrastructure/namespaces.yaml b/kustomize/infrastructure/namespaces.yaml index acdfcd1..b2edc54 100644 --- a/kustomize/infrastructure/namespaces.yaml +++ b/kustomize/infrastructure/namespaces.yaml @@ -16,4 +16,9 @@ metadata: apiVersion: v1 kind: Namespace metadata: - name: production \ No newline at end of file + name: production +--- +apiVersion: v1 +kind: Namespace +metadata: + name: confluent \ No newline at end of file diff --git a/resources/certificates/base-ca-config.json b/resources/certificates/base-ca-config.json new file mode 100644 index 0000000..9c9f5ac --- /dev/null +++ b/resources/certificates/base-ca-config.json @@ -0,0 +1,26 @@ +{ + "signing": { + "default": { + "expiry": "43800h" + }, + "profiles": { + "server": { + "expiry": "43800h", + "usages": [ + "signing", + "key encipherment", + "server auth", + "client auth" + ] + }, + "client": { + "expiry": "43800h", + "usages": [ + "signing", + "key encipherment", + "client auth" + ] + } + } + } +} diff --git a/resources/certificates/base-ca-csr.json b/resources/certificates/base-ca-csr.json new file mode 100644 index 0000000..d1eec56 --- /dev/null +++ b/resources/certificates/base-ca-csr.json @@ -0,0 +1,16 @@ +{ + "CN": "TestCA", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "Universe", + "L": "Earth", + "O": "Acme", + "ST": "Pangea", + "OU": "MyOrg" + } + ] +} diff --git a/resources/certificates/base-server-domain.json b/resources/certificates/base-server-domain.json new file mode 100644 index 0000000..b804d2f --- /dev/null +++ b/resources/certificates/base-server-domain.json @@ -0,0 +1,19 @@ +{ + "CN": "*.svc.cluster.local", + "hosts": [ + "*.production.svc.cluster.local", + "*.zookeeper.production.svc.cluster.local", + "*.kafka.production.svc.cluster.local" + ], + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "Universe", + "ST": "Pangea", + "L": "Earth" + } + ] +} diff --git a/resources/certificates/generate_certificate.sh b/resources/certificates/generate_certificate.sh new file mode 100755 index 0000000..ef5ccaf --- /dev/null +++ b/resources/certificates/generate_certificate.sh @@ -0,0 +1,26 @@ +#!/bin/bash +cfssl gencert -initca base-ca-csr.json | cfssljson -bare ./sensitive-ca - +# Verify with this: +#openssl x509 -in sensitive-ca.pem -text -noout +cfssl gencert -ca=./sensitive-ca.pem -ca-key=./sensitive-ca-key.pem -config=./base-ca-config.json -profile=server base-server-domain.json | cfssljson -bare sensitive-server +# Verify with this: +#openssl x509 -in sensitive-server.pem -text -noout + +kubectl create namespace production +kubectl create namespace dev +kubectl create secret -n production generic tls-group1 \ + --dry-run=client \ + --from-file=fullchain.pem=./sensitive-server.pem \ + --from-file=cacerts.pem=./sensitive-ca.pem \ + --from-file=privkey.pem=./sensitive-server-key.pem -o yaml | kubectl apply -f - +kubectl create secret -n production tls ca-pair-sslcerts \ +--dry-run=client \ +--cert=sensitive-ca.pem \ +--key=sensitive-ca-key.pem -o yaml | kubectl apply -f - +kubectl create secret -n dev tls ca-pair-sslcerts \ +--dry-run=client \ +--cert=./sensitive-ca.pem \ +--key=./sensitive-ca-key.pem -o yaml | kubectl apply -f - + +md5sum sensitive-ca.pem +md5sum sensitive-server.pem \ No newline at end of file diff --git a/resources/certificates/replace_certificate.sh b/resources/certificates/replace_certificate.sh new file mode 100755 index 0000000..8e1a0fd --- /dev/null +++ b/resources/certificates/replace_certificate.sh @@ -0,0 +1,25 @@ +#!/bin/bash +cfssl gencert -initca base-ca-csr.json | cfssljson -bare ./sensitive-ca - +# Verify with this: +#openssl x509 -in sensitive-ca.pem -text -noout +cfssl gencert -ca=./sensitive-ca.pem -ca-key=./sensitive-ca-key.pem -config=./base-ca-config.json -profile=server base-server-domain.json | cfssljson -bare sensitive-server +# Verify with this: +#openssl x509 -in sensitive-server.pem -text -noout + +kubectl create secret -n production generic tls-group1 \ + --dry-run=client \ + --from-file=fullchain.pem=./sensitive-server.pem \ + --from-file=cacerts.pem=./sensitive-ca.pem \ + --from-file=privkey.pem=./sensitive-server-key.pem -o yaml | kubectl replace -f - +kubectl create secret -n production tls ca-pair-sslcerts \ +--dry-run=client \ +--cert=sensitive-ca.pem \ +--key=sensitive-ca-key.pem -o yaml | kubectl replace -f - + +kubectl create secret -n dev tls ca-pair-sslcerts \ +--dry-run=client \ +--cert=./sensitive-ca.pem \ +--key=./sensitive-ca-key.pem -o yaml | kubectl replace -f - + +md5sum sensitive-ca.pem +md5sum sensitive-server.pem \ No newline at end of file From ab0b54b03092d14db324557e03bdf7db4607c4af Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Fri, 21 May 2021 10:16:12 +0100 Subject: [PATCH 06/11] Commiting working topic creation --- .../topics/{foobar.yaml => example-topic.yaml} | 0 .../environments/production/example-topic.yaml | 14 ++++++++++++++ .../environments/production/kustomization.yaml | 1 + 3 files changed, 15 insertions(+) rename kustomize/base/topics/{foobar.yaml => example-topic.yaml} (100%) create mode 100644 kustomize/environments/production/example-topic.yaml diff --git a/kustomize/base/topics/foobar.yaml b/kustomize/base/topics/example-topic.yaml similarity index 100% rename from kustomize/base/topics/foobar.yaml rename to kustomize/base/topics/example-topic.yaml diff --git a/kustomize/environments/production/example-topic.yaml b/kustomize/environments/production/example-topic.yaml new file mode 100644 index 0000000..e7460c7 --- /dev/null +++ b/kustomize/environments/production/example-topic.yaml @@ -0,0 +1,14 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaTopic +metadata: + name: foobar +spec: + kafkaClusterRef: + name: kafka + namespace: production + kafkaRest: + authentication: + type: bearer + bearer: + secretRef: mds-client + endpoint: https://kafka.production.svc.cluster.local:8090 diff --git a/kustomize/environments/production/kustomization.yaml b/kustomize/environments/production/kustomization.yaml index f934a76..c91af77 100644 --- a/kustomize/environments/production/kustomization.yaml +++ b/kustomize/environments/production/kustomization.yaml @@ -7,3 +7,4 @@ patchesStrategicMerge: - kafka-connect.yaml - ksqldb.yaml - schema-registry.yaml + - example-topic.yaml From c17af48ebcc4fb4b970e31b674b5c99b0868fa98 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Fri, 21 May 2021 11:27:25 +0100 Subject: [PATCH 07/11] adding ca-pair secret to base as it's required --- kustomize/base/secrets/ca-pair.yaml | 8 ++++++++ kustomize/base/secrets/kustomization.yaml | 1 + kustomize/base/topics/example-topic.yaml | 2 +- kustomize/base/topics/kustomization.yaml | 2 +- 4 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 kustomize/base/secrets/ca-pair.yaml diff --git a/kustomize/base/secrets/ca-pair.yaml b/kustomize/base/secrets/ca-pair.yaml new file mode 100644 index 0000000..f13fa06 --- /dev/null +++ b/kustomize/base/secrets/ca-pair.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVSkp6bXBNdTJ4dzh3N2p5SUpGOTVaWDhPbHE0d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05NakV3TlRJeE1UQXlNVEF3V2hjTk1qWXdOVEl3TVRBeU1UQXdXakJrTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTgpNQXNHQTFVRUNoTUVRV050WlRFT01Bd0dBMVVFQ3hNRlRYbFBjbWN4RHpBTkJnTlZCQU1UQmxSbGMzUkRRVENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVlGTHZrQ2pUOFFoMHp5Nm9EaFdVUWkKMUtnZUViMEVrT1V5eFJEelJZa0Faa1pTMTFRZ0tNQmJBdVRvcHBNa2Z1Y3lDUGhPSmhDZEh3ZUlzM2dlWlhQVgpnUDY4WHAzdXdEYlRNTGJ0bTR1c2M0Wkl4b3g2aVlzczNoQjhOV0wwelRHZXUweXdleWhXbFd5VG11bndSU3NtClRTcGlVNVZCMTJPbWM3UWtsWkl3Wk5YNk1GVE5zLzFWQ2FPcC9HdG9NMDQ0RG95eGpNalJNQllaNDAxMjh2UnEKZFp1MFpLdTUvazUreHM2TDE4NTBkeTRNc2JrS3MzTDNTMHdKS0o0SkoxaDFZbDNhakk4Q0NvMG1ZWTBmeGl5MQovc0YxQ2NxNnVXTEJnR1gzWE02NnMycWZwN3k1OTdrKzNpUWhHdnd6bEpnYi9MUFQ3ZDk4dTlJc0dtYk0yR2tDCkF3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME8KQkJZRUZFeWMycVlqaGN2bUJMRFEvWFJxSlBSNi9zaFlNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFFMVJMQQpyako5Y1o1dDZIUTZ1L0lpK1Z1M04vbGVyKzA5YWpGZmhPZlhuNlRUYXBHcU15ZmIzVjJGUWsyNDJEZjNKTWtsCmowdXdyY2w2Qy9XMURZbmZkcmxHM1ZpaTlrQmhoVEZTbVRsQnM1NXFlVzhrME9ZcGlGbnYrLzFuMjl6L0ZuMUwKWXdTQUt0N0xDYk5NTnRVaUIvZW5KdkU3NSsxNHUwb0lwTXRzV2Jna0U0Ykc4amcyVkNWL3JmZ1hjTzRGcDh0bQorWHlON0dLVGpMcGtOU0JUd2lYMTk0eVZrQUd6VTZ1bFQ2QS8zL2pMZ2o0L3R6ZXBJbkpGK1dYL1lJZWphTTR4CjBZSzdCblA1Z2RyNEh1V1djc2JLRnBwRStVdmxQb0dOcUpVa1JqQVZ0NklyWjgweWlUQlA5eXYwblZIaFBrVlgKcElmS2hyQ294QXRiTDl6eAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeGdVdStRS05QeENIVFBMcWdPRlpSQ0xVcUI0UnZRU1E1VExGRVBORmlRQm1SbExYClZDQW93RnNDNU9pbWt5Uis1eklJK0U0bUVKMGZCNGl6ZUI1bGM5V0EvcnhlbmU3QU50TXd0dTJiaTZ4emhrakcKakhxSml5emVFSHcxWXZUTk1aNjdUTEI3S0ZhVmJKT2E2ZkJGS3laTkttSlRsVUhYWTZaenRDU1ZrakJrMWZvdwpWTTJ6L1ZVSm82bjhhMmd6VGpnT2pMR015TkV3RmhualRYYnk5R3AxbTdSa3E3bitUbjdHem92WHpuUjNMZ3l4CnVRcXpjdmRMVEFrb25na25XSFZpWGRxTWp3SUtqU1poalIvR0xMWCt3WFVKeXJxNVlzR0FaZmRjenJxemFwK24KdkxuM3VUN2VKQ0VhL0RPVW1CdjhzOVB0MzN5NzBpd2Fac3pZYVFJREFRQUJBb0lCQUQ0QkY0RS9MRTBuOXNYQQpkbTllb0ozMkxoSnFQL0dvd1ZvVE9LT2pHUTNhQXl4WCtqYk1UeFpVS1NiV05ucHlmZzRVbTd4c2MvelZ4Z2FNCjVtMWhUekVqRkY0dlM0MDJXaGVRcjN0SUVXRjk0VHFXQlIydHJPM1lZYnhWdUQzQkc1TkMrYkQ4dmNPV3dQa2IKaXZGZm03ajBLRXR5T0d2UER3dVQ3anpsQzdTWFIzZm0xRHlXYjAxY2g3ZXpLQXI0eXJ3NTdPekpEdlEybzZEKwpHb2paS1J0WmNBU1NicjBDMWoxcU5POGlLQkQyT05JL1N1Si9kaDZlcldIUGZuWGVEMG9ielNtai9qRnQwcWpoCjJhV2R4UlFnWFBPdXFGOUloYWl3ZW14ZHBVaDdqNEduYTBPRGdmdWUyTTlkdFlDKzIzbHhOenJXWkd1NHpnWisKVHZhSzZ0RUNnWUVBN1lDREdhdU03YWhONXUyNi9Od1ZSb3FNS2Z6M2pvUTBlQkRQYmMwSjJVWllaVDFnbm1xaQpFTnh5YmVzNWVnK002bzVlNlJyVkhjaFpqWEVPS1dSTFMwRlNTdG0zM2NKREwvYWxwMUpydDB3bFJKMkZZcWxsCmFMaUNwY3dwOHhUWERjNXRUdVBSV2Fjb3QxaTl6SFBJU3YrVVMxTFFqWndodGhUZEdLTjBHcVVDZ1lFQTFYRjAKbDM5OW9SakRXNWdMaFBkWHZtNk8vNitNNzhzcEVKa1N4c0NLQkpwd3lFQU9wWDFFREc0cHRZWDFJQmU1RzRUeApoWHJqWVFWV1RCQ0ppN1BLY2ZBempqWGo0cmN3UURBdEkyQWZpL2N3aE12dUFXWjFiVEZaTE1BekhTQzhQUXF6CmpVc0xwMU5WUWVBSEVXeXV2K3J1ZENuUTM3Z1JyMVZ2K1FIcEQzVUNnWUVBcXMydGV4eWc4Wm9Fekh0VDZ0M3MKZnhyTXlyV2U0K080U0ZEdW5LekUxSGwrd1BCdk4vN0FKeGdqUTJIVHFERGV5eUV3cUx3ZllKZmhyNU1LK0VHawoxSzVabkhNUGhIQmRHWFZzbFBUMWVwRk1qQmd0QVZPS0Z0SDdRM21kQWJDUEtPSzRRZkFkY3ppQVU3dUNaRE13CmJKOTU2dUhZRXIraWp1eGFSWW5ueWZFQ2dZQUZJU2ZqS0M0MXUrbWQvdVp2K0ozRU50WDY4UlliQVMvb2RUVk4KVDMxQnBSQ0d6M3RLb05zTXpXejFMdFg0UW5teFhwMkxUcXUrUGltWHhHSDUySVZKL2JMUGZSNFA2Y1VnRmNoUAo3RlIxd2FnSjJQak1VZEVLb2IvNTRsaVlINXhHZjBaWFkvRlF3U0R3WjFqa0kwK0R6enFSMGh0eDlQTi8yamJKCnJqRVNyUUtCZ1FDZnpJRk5UNmdiMnlJWU9LR2FPcFBwUUFtVE5MbUh6V0x4ZFRmc2ZGTUlqZStGall2QjJyL0QKOEdhQXFpOFdYNW9ML1BpUHpUMEUxbHhWUlB4LzBya2taOVRWZkdaL2ZOTXhaWEZBZlNibnhkME04MTN0cU1GdQo3RHZ2bzBhc29WSFU4b2NGSDVtTFFvNWQ0Snk2SHVZd0xQSG5abStHOEtqZjVZcE9TS3pXSHc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= +kind: Secret +metadata: + name: ca-pair-sslcerts +type: kubernetes.io/tls diff --git a/kustomize/base/secrets/kustomization.yaml b/kustomize/base/secrets/kustomization.yaml index 5471250..43da054 100644 --- a/kustomize/base/secrets/kustomization.yaml +++ b/kustomize/base/secrets/kustomization.yaml @@ -1,6 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: + - ca-pair.yaml - c3-mds-client.yaml - connect-mds-client.yaml - credential.yaml diff --git a/kustomize/base/topics/example-topic.yaml b/kustomize/base/topics/example-topic.yaml index b1a752d..6e62221 100644 --- a/kustomize/base/topics/example-topic.yaml +++ b/kustomize/base/topics/example-topic.yaml @@ -4,4 +4,4 @@ metadata: name: foobar spec: replicas: 1 - partitionCount: 12 + partitionCount: 6 diff --git a/kustomize/base/topics/kustomization.yaml b/kustomize/base/topics/kustomization.yaml index e52d7e8..dc31c2e 100644 --- a/kustomize/base/topics/kustomization.yaml +++ b/kustomize/base/topics/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - foobar.yaml + - example-topic.yaml From 57235ed19ba7525395d2168f82242b3a3a9fbfe0 Mon Sep 17 00:00:00 2001 From: BoySherman Date: Wed, 30 Jun 2021 14:20:52 +0100 Subject: [PATCH 08/11] removing helm dependency from deployment (#5) --- kustom.yaml | 32 - kustomization.yaml | 4 - kustomize/base/confluent/control-centre.yaml | 26 + kustomize/base/confluent/kafka.yaml | 43 +- kustomize/base/kustomization.yaml | 1 + .../base/operator/crds/kustomization.yaml | 13 + ...rm.confluent.io_confluentrolebindings.yaml | 249 + .../crds/platform.confluent.io_connects.yaml | 3103 ++++++++++ .../platform.confluent.io_controlcenters.yaml | 3032 ++++++++++ ...latform.confluent.io_kafkarestclasses.yaml | 361 ++ .../crds/platform.confluent.io_kafkas.yaml | 4981 +++++++++++++++++ .../platform.confluent.io_kafkatopics.yaml | 287 + .../crds/platform.confluent.io_ksqldbs.yaml | 2719 +++++++++ .../platform.confluent.io_migrationjobs.yaml | 669 +++ ...latform.confluent.io_schemaregistries.yaml | 2333 ++++++++ .../platform.confluent.io_zookeepers.yaml | 1551 +++++ kustomize/base/operator/kustomization.yaml | 5 + .../base/operator/resources/clusterrole.yaml | 116 + .../resources/clusterrolebinding.yaml | 19 + .../base/operator/resources/deployment.yaml | 95 + .../operator/resources/kustomization.yaml | 8 + .../base/operator/resources/service.yaml | 22 + .../operator/resources/serviceaccount.yaml | 14 + kustomize/base/secrets/c3-mds-client.yaml | 1 + kustomize/base/secrets/confluent-license.yaml | 7 + .../base/secrets/connect-mds-client.yaml | 1 - kustomize/base/secrets/kustomization.yaml | 1 + .../production/control-centre.yaml | 10 +- .../production/schema-registry.yaml | 4 + ...luent-operator-helm-release-confluent.yaml | 19 + ...uent-operator-helm-release-production.yaml | 6 +- kustomize/infrastructure/kustomization.yaml | 7 +- .../licensing/license-key.txt | 1 + .../licensing/license-pem.txt | 9 + .../application-secrets/populate_secrets.sh | 9 +- 35 files changed, 19692 insertions(+), 66 deletions(-) delete mode 100644 kustom.yaml delete mode 100644 kustomization.yaml create mode 100644 kustomize/base/operator/crds/kustomization.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_connects.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_controlcenters.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_kafkarestclasses.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_kafkas.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_kafkatopics.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_ksqldbs.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_migrationjobs.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_schemaregistries.yaml create mode 100644 kustomize/base/operator/crds/platform.confluent.io_zookeepers.yaml create mode 100644 kustomize/base/operator/kustomization.yaml create mode 100644 kustomize/base/operator/resources/clusterrole.yaml create mode 100644 kustomize/base/operator/resources/clusterrolebinding.yaml create mode 100644 kustomize/base/operator/resources/deployment.yaml create mode 100644 kustomize/base/operator/resources/kustomization.yaml create mode 100644 kustomize/base/operator/resources/service.yaml create mode 100644 kustomize/base/operator/resources/serviceaccount.yaml create mode 100644 kustomize/base/secrets/confluent-license.yaml create mode 100644 kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml create mode 100644 resources/application-secrets/licensing/license-key.txt create mode 100644 resources/application-secrets/licensing/license-pem.txt diff --git a/kustom.yaml b/kustom.yaml deleted file mode 100644 index 283e1ef..0000000 --- a/kustom.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -kind: Kustomization -metadata: - name: shared - namespace: flux-system -spec: - interval: 5m - path: "./shared" - prune: true - sourceRef: - kind: GitRepository - name: flux-system - healthChecks: - - apiVersion: apps/v1 - kind: Deployment - name: cert-manager - namespace: cert-manager ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 -kind: Kustomization -metadata: - name: certs - namespace: flux-system -spec: - dependsOn: - - name: shared - interval: 5m - path: "./environments" - prune: true - sourceRef: - kind: GitRepository - name: flux-system \ No newline at end of file diff --git a/kustomization.yaml b/kustomization.yaml deleted file mode 100644 index 609d5bb..0000000 --- a/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -resources: -- shared -#- environments - diff --git a/kustomize/base/confluent/control-centre.yaml b/kustomize/base/confluent/control-centre.yaml index d708c6a..1f21341 100644 --- a/kustomize/base/confluent/control-centre.yaml +++ b/kustomize/base/confluent/control-centre.yaml @@ -41,3 +41,29 @@ spec: secretRef: c3-mds-client tls: enabled: true + connect: + - name: connect + url: https://connect.confluent.svc.cluster.local:8083 + authentication: + type: basic + basic: + secretRef: c3-mds-client + tls: + enabled: true + ksqldb: + - name: ksqldb + url: https://ksqldb.confluent.svc.cluster.local:8088 + authentication: + type: basic + basic: + secretRef: c3-mds-client + tls: + enabled: true + schemaRegistry: + url: https://schemaregistry.confluent.svc.cluster.local:8081 + authentication: + type: basic + basic: + secretRef: c3-mds-client + tls: + enabled: true diff --git a/kustomize/base/confluent/kafka.yaml b/kustomize/base/confluent/kafka.yaml index acc4591..c929437 100644 --- a/kustomize/base/confluent/kafka.yaml +++ b/kustomize/base/confluent/kafka.yaml @@ -59,30 +59,27 @@ spec: configOverrides: server: # the LDAP lookup is set by default to ONE_LEVEL - - ldap.user.search.scope=2 - - ldap.search.mode=GROUPS - +# - ldap.user.search.scope=2 +# - ldap.search.mode=GROUPS + - confluent.schema.registry.url=registry.production.svc.cluster.local:8081 # Overwrite the default settings on the INTERNAL listener - - listener.name.internal.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER - - listener.name.internal.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; - - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.internal.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; - - listener.name.internal.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler - - listener.name.internal.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler - - # Overwrite the default settings on the EXTERNAL listener - - listener.name.external.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER - - listener.name.external.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; - - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - - listener.name.external.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; - - listener.name.external.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler - - listener.name.external.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler - - # Overwrite the default settings on the REPLICATION listener - - listener.name.replication.sasl.enabled.mechanisms=PLAIN - - listener.name.replication.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="${file:/mnt/secrets/credential/plain.txt:username}" password="${file:/mnt/secrets/credential/plain.txt:password}"; - - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - +# - listener.name.internal.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER +# - listener.name.internal.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; +# - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler +# - listener.name.internal.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; +# - listener.name.internal.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler +# - listener.name.internal.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler +# # Overwrite the default settings on the EXTERNAL listener +# - listener.name.external.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER +# - listener.name.external.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; +# - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler +# - listener.name.external.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; +# - listener.name.external.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler +# - listener.name.external.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler +# # Overwrite the default settings on the REPLICATION listener +# - listener.name.replication.sasl.enabled.mechanisms=PLAIN +# - listener.name.replication.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="${file:/mnt/secrets/credential/plain.txt:username}" password="${file:/mnt/secrets/credential/plain.txt:password}"; +# - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler # log4j: # - log4j.logger.io.confluent.security.auth.provider.ldap.LdapGroupManager=DEBUG dependencies: diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index 731dc8c..7a392bb 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - secrets + - operator - confluent - rolebindings - topics diff --git a/kustomize/base/operator/crds/kustomization.yaml b/kustomize/base/operator/crds/kustomization.yaml new file mode 100644 index 0000000..2ad3673 --- /dev/null +++ b/kustomize/base/operator/crds/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - platform.confluent.io_confluentrolebindings.yaml + - platform.confluent.io_connects.yaml + - platform.confluent.io_controlcenters.yaml + - platform.confluent.io_kafkarestclasses.yaml + - platform.confluent.io_kafkas.yaml + - platform.confluent.io_kafkatopics.yaml + - platform.confluent.io_ksqldbs.yaml + - platform.confluent.io_migrationjobs.yaml + - platform.confluent.io_schemaregistries.yaml + - platform.confluent.io_zookeepers.yaml diff --git a/kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml b/kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml new file mode 100644 index 0000000..6ccc8de --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml @@ -0,0 +1,249 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: confluentrolebindings.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .status.kafkaClusterId + name: KafkaClusterId + type: string + - JSONPath: .status.principal + name: Principal + type: string + - JSONPath: .status.role + name: Role + type: string + - JSONPath: .status.kafkaRestClass + name: KafkaRestClass + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.clusterRegistryName + name: ClusterRegistryName + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ConfluentRolebinding + listKind: ConfluentRolebindingList + plural: confluentrolebindings + shortNames: + - cfrb + - confluentrolebinding + singular: confluentrolebinding + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ConfluentRolebinding is the Schema for the confluentrolebinding + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfluentRolebindingSpec defines the desired state of rolebinding + for cp component when rbac is enabled + properties: + clustersScopeByIds: + description: ClusterScope defines the scope of clustersId + properties: + connectClusterId: + minLength: 1 + type: string + kafkaClusterId: + minLength: 1 + type: string + ksqlClusterId: + minLength: 1 + type: string + schemaRegistryClusterId: + minLength: 1 + type: string + type: object + clustersScopeByRegistryName: + description: ClusterRegistryName defines the unique cluster name customer + registered in cluster registry + minLength: 1 + type: string + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + principal: + description: Principal defines the confluent rolebinding principal name + and the binding details. + properties: + name: + description: Name defines the name of the principal(user/group) + minLength: 1 + type: string + type: + enum: + - user + - group + type: string + required: + - name + - type + type: object + resourcePatterns: + description: ResourcePatterns define the qualified resources associated + with this rolebinding + items: + description: ResourcePattern define the qualified resource info associated + with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + description: Role defines the name of the Role + minLength: 1 + type: string + required: + - principal + - role + type: object + status: + description: ConfluentRolebindingStatus defines the observed state of ConfluentRolebinding + properties: + clusterRegistryName: + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaClusterId: + type: string + kafkaRestClass: + type: string + mdsEndpoint: + type: string + principal: + type: string + resourcePatterns: + items: + description: ResourcePattern define the qualified resource info associated + with this rolebinding + properties: + name: + description: Name defines the name of resource associated with + this rolebinding + minLength: 1 + type: string + patternType: + description: PatternType defines whether the pattern of resource + is PREFIXED or LITERAL, default is LITERAL if not set + enum: + - PREFIXED + - LITERAL + type: string + resourceType: + description: ResourceType defines the type of resource + minLength: 1 + type: string + required: + - name + - resourceType + type: object + type: array + role: + type: string + state: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_connects.yaml b/kustomize/base/operator/crds/platform.confluent.io_connects.yaml new file mode 100644 index 0000000..b94a2ea --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_connects.yaml @@ -0,0 +1,3103 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: connects.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Connect + listKind: ConnectList + plural: connects + shortNames: + - connect + singular: connect + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Connect is the Schema for the Connects API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConnectSpec defines the desired state of Connect + properties: + authentication: + description: Rest server security fields + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + connectorOverridePolicy: + description: ConnectorOverridePolicy allows policy to permit per-connector + override configuration for producer/consumer/admin prefix. More information + can be found here, https://docs.confluent.io/platform/current/connect/security.html#separate-principals + enum: + - All + - Principal + type: string + dependencies: + description: ConnectDependencies holds dependencies a connect requires + or can enable + properties: + admin: + description: configure admin client If bootstrapEndpoint is not + configured, the security is configured based on the kafka dependencies + configuration. Configure if different bootstrapEndpoint is required + for admin client + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + consumer: + description: Consumer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for sink connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if different + bootstrapEndpoint is required for consumer + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + interceptor: + description: configure confluent monitoring interceptor + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: Connect dependency for connecting to kafka. Uses discovery + if that specified + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: Mds configurations for when RBAC is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + producer: + description: Producer security configuration to connect to Kafka + Cluster pointed by bootstrapEndpoint, used for source connectors. + If bootstrapEndpoint is not configured, the security is configured + based on the kafka dependencies configuration. Configure if different + bootstrapEndpoint/security is required for producer + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + schemaRegistry: + description: configure connect dependency for schemaregistry + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + enableSchemas: + description: EnableSchemas defines whether to enable scheme or not + type: boolean + externalAccess: + description: CPExternalAccess holds all external access policies for + non-kafka components + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: ' InternalTopicReplicationFactor defines internal topic + replication factor If not configured, it will be configured as 3' + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + keyConverterType: + description: KeyConverter defines the supported converters package for + CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage class used for creating pvc's of created connect + pods + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS allows configuring CP Component's server configuration + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + valueConverterType: + description: ValueConverter defines the supported converters package + for CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters + By default, it is configured as org.apache.kafka.connect.json.JsonConverter + minLength: 1 + type: string + required: + - image + - replicas + type: object + status: + description: ConnectStatus defines the observed state of Connect + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_controlcenters.yaml b/kustomize/base/operator/crds/platform.confluent.io_controlcenters.yaml new file mode 100644 index 0000000..b2c2a1d --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_controlcenters.yaml @@ -0,0 +1,3032 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: controlcenters.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: ControlCenter + listKind: ControlCenterList + plural: controlcenters + shortNames: + - controlcenter + - c3 + singular: controlcenter + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: ControlCenter is the Schema for the controlcenter API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControlCenterSpec defines the desired state of ControlCenter + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + ldap: + description: C3LdapAuthentication defines ldap authentication + properties: + property: + additionalProperties: + type: string + description: Property defines all the properties for LDAP configuration + Make sure to use secret object to pass username/password + type: object + restrictedRoles: + description: RestrictedRoles defines restricted access roles + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. + items: + type: string + minItems: 1 + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - ldap + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data size for PV + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + connect: + description: Connect defines connect worker dependencies configuration + items: + description: ControlCenterConnectDependency + properties: + authentication: + description: Authentication defines the authentication for + the connect cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for connect cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + ksqldb: + description: KsqlDB defines ksqldb dependencies configuration + items: + description: ControlCenterKSQLDependency + properties: + advertisedUrl: + description: AdvertisedURL defines the advertised url to use + in browser. + minLength: 1 + pattern: ^https?://.* + type: string + authentication: + description: Authentication defines the authentication for + the ksqldb cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + type: string + tls: + description: TLSDependencyConfig defines the client side TLS + setting for ksqldb cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistry defines schema registry dependencies + configuration + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + clusters: + items: + description: ControlCenterMultiSchemaRegistryDependency + properties: + authentication: + description: Authentication defines the authentication + for the schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to + pass basic credential through directory path + in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted + roles on the server side only. Changes will + be only reflected in ControlCenter (C3). This + configuration is ignored on the client side + configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration + is ignored on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication + scheme for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side + TLS setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - name + - url + type: object + type: array + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + id: + description: ControlCenterID identifier used as a prefix so that multiple + instances of Control Center can co-exist. + format: int32 + type: integer + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + mail: + description: ControlCenterSMTPServer, these settings control the SMTP + server and account used when an alerts triggers the email action. + properties: + authentication: + description: Authentication SMTP supports basic authentication support + only For other types of authentication use config overrides capability. + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for + Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + checkServerIdentity: + description: CheckServerIdentity forces validation of server’s certificate + when using STARTTLS or SSL. + type: boolean + hostname: + description: Hostname of outgoing SMTP server + minLength: 1 + type: string + mailBounceAddress: + description: MailBounceAddress override for MailFrom config to send + message + minLength: 1 + type: string + mailFrom: + description: MailFrom the originating address for emails sent from + Control Center. + minLength: 1 + type: string + port: + description: Port SMTP port open on for hostname + format: int32 + type: integer + startTLSRequired: + description: StartTLSRequired forces using STARTTLS. + type: boolean + required: + - hostname + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + monitoringKafkaClusters: + description: MonitoringKafkaClusters defines configuring monitoring + clusters + items: + description: MonitoringKafkaClusters kafka cluster configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + name: + description: Name defines the cluster name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + tls: + description: TLSDependencyConfig defines the client side TLS setting + for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + type: object + type: array + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + name: + description: ControlCenterName name of the cluster + type: string + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines user provided storage class reference + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: ControlCenterStatus defines the observed state of ControlCenter + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + controlCenterName: + type: string + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + id: + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + required: + - id + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_kafkarestclasses.yaml b/kustomize/base/operator/crds/platform.confluent.io_kafkarestclasses.yaml new file mode 100644 index 0000000..2158aca --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_kafkarestclasses.yaml @@ -0,0 +1,361 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkarestclasses.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaRestClass + listKind: KafkaRestClassList + plural: kafkarestclasses + shortNames: + - krc + - kafkarestclass + singular: kafkarestclass + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KafkaRestClass is the Schema for the kafkarestclasses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaRestClassSpec defines the desired state of KafkaRestClass + properties: + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestApiInfo defines Kafka Rest API configuration + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: BearerAuthentication used by MDS clients + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + secondaryKafkaClusterRef: + description: SecondaryKafkaClusterRef defines the name of the secondary + kafka cluster when using centralized RBAC + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + secondaryKafkaRest: + description: SeconaryKafkaRestApiInfo defines secondary Kafka Rest API + configuration when using centralized RBAC + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: BearerAuthentication used by MDS clients + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + status: + description: KafkaRestClassStatus defines the observed state of KafkaRestClass + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + endpoint: + description: Endpoint defines the kafkarest/mds endpoint + type: string + kafkaClusterId: + description: KafkaClusterId defines the cluster id of kafka cluster + If using centralized RBAC and kafkarestclass is for secondary kafka + cluster, it will be clusterId of secondary kafka cluster + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_kafkas.yaml b/kustomize/base/operator/crds/platform.confluent.io_kafkas.yaml new file mode 100644 index 0000000..00cfcb9 --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_kafkas.yaml @@ -0,0 +1,4981 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkas.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.zookeeperConnect + name: Zookeeper + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Kafka + listKind: KafkaList + plural: kafkas + shortNames: + - kafka + - broker + singular: kafka + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Kafka is the Schema for the kafkas API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authorization: + description: Authorization defines authorization support + properties: + superUsers: + description: SuperUsers defines list of supers user to give admin + privilege on the Kafka Cluster This list takes the format as User: + items: + type: string + type: array + type: + enum: + - rbac + - simple + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the PV capacity. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines all the kafka dependencies like zookeeper + and centralized MDS settings + properties: + kafkaRest: + description: KafkaRestApiClientDep provides rest client auth for + MDS when RBAC is enabled + properties: + authentication: + description: Authentication defines authentication of Kafka + Rest API + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API + is running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls + configuration to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: KafkaPrimaryMetaDataServerDep configure a secondary + Kafka cluster managed by the MDS of the primary Kafka cluster + properties: + endpoint: + description: URLEndpoint defines the URL endpoint in format + http|s://:port + minLength: 1 + pattern: ^https?://.* + type: string + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef or + directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - endpoint + - kafka + - tokenKeyPair + type: object + zookeeper: + description: KafkaZookeeperDependencies + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + discovery: + description: Discovery discover structure used by Confluent + platform (CP) + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + endpoint: + description: Endpoint defines the endpoint for service is format + endpoint:port + minLength: 1 + pattern: .+:[0-9]+ + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + listeners: + description: Listeners defines listeners configurations + properties: + custom: + items: + description: KafkaCustomListener ... + properties: + authentication: + description: KafkaZkAuthentication defines authentication + structure for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to + pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the + user wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least + one of 'backend' or 'rules' must be specified. + This field is optional to allow the loadbalancer + controller or defaulting logic to specify a + global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of + the Ingress object. If resource is specified, + serviceName and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is the group for + the resource being referenced. If APIGroup + is not specified, the specified Kind + must be in the core API group. For any + other third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used + to set a default value for this field. For more + information, refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then + routed to the backend associated with the + matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to + \ the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected + because ports are not allowed. \t Currently + the port of an Ingress is implicitly :80 + for http and \t :443 for https. Both + these may change in the future. Incoming + requests are matched against the host + before the IngressRuleValue. If the host + is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a + domain name without the terminating dot + of a network host (e.g. \"foo.bar.com\") + or \"wildcard\", which is a domain name + prefixed with a single wildcard label + (e.g. \"*.foo.com\"). The wildcard character + '*' must appear by itself as the first + DNS label and matches only a single label. + You cannot have a wildcard label by itself + (e.g. Host == \"*\"). Requests will be + matched against the Host field in the + following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a + list of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource + will be used to match against everything + after the last ''/'' and before the first + ''?'' or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming + urls matching the path are forwarded + to the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint + to which the traffic will be + forwarded to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not + be specified. + properties: + apiGroup: + description: APIGroup + is the group for the + resource being referenced. + If APIGroup is not specified, + the specified Kind must + be in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the + name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the + port of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a + URL path prefix split by ''/''. + Matching is done on a path + element by element basis. A + path element refers is the list + of labels in the path split + by the ''/'' separator. A request + is a match for path p if every + p is an element-wise prefix + of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request + path, it is not a match (e.g. + /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). + * ImplementationSpecific: Interpretation + of the Path matching is up to the + IngressClass. Implementations + can treat this as a separate + PathType or treat it identically + to Prefix or Exact path types. + Implementations are required + to support all path types. Defaults + to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the + Ingress only supports a single TLS port, 443. + If multiple members of this list specify different + hosts, they will be multiplexed on the same + port according to the hostname specified through + the SNI TLS extension, if the ingress controller + fulfilling the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in + this list must match the name/s used in + the tlsSecret. Defaults to the wildcard + host setting for the loadbalancer controller + fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for + termination and value of the Host header + is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing + order with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on + service's port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed + names such as mycompany.com/my-custom-protocol. + Field can be enabled with ServiceAppProtocol + feature gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which + this service is exposed when type=NodePort + or LoadBalancer. Usually assigned by the system. + If specified, it will be allocated to the + service if unused or else creation of the + service will fail. Default is to auto-allocate + a port if the ServiceType of this Service + requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. + Supports "TCP", "UDP", and "SCTP". Default + is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to + access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name + must be an IANA_SVC_NAME. If this is a string, + it will be looked up as a named port in the + target Pod''s container ports. If this is + not specified, the value of the ''port'' field + is used (an identity map). This field is ignored + for services with clusterIP=None, and should + be omitted or set equal to the ''port'' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations + for the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added + as bootstrapPrefix.domain If not configured it will + be the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for + broker advertised endpoint and will be added as + brokerPrefix.domain If not configured, it will add + b as a prefix, like b#.domain where # will start + from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used + in the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to + be used and will go in the increasing order with + respect to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + name: + description: Name defines the name of the custom listener + internal/external/token can't be used as they are reserved + by the Operator + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: Port will bind given port to the custom listener. + Port < 9093 is reserved by the Operator + format: int32 + minimum: 9093 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for + CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - name + - port + type: object + type: array + external: + description: KafkaExternalAccessListener is the kafka specific external + listener + properties: + authentication: + description: KafkaZkAuthentication defines authentication structure + for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + externalAccess: + description: KafkaExternalAccess allows to configure external + access for Kafka cluster + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added as + bootstrapPrefix.domain If not configured it will be + the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + bootstrapPrefix: + description: BootstrapPrefix defines the prefix for + bootstrap advertised endpoint and will be added as + bootstrapPrefix.domain If not configured it will be + the cluster name of CR + minLength: 1 + type: string + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + staticForHostBasedRouting: + description: StaticForHostBasedRouting allows to integrate + with external ingress controllers by doing host based + routing through SNI capability. With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + brokerPrefix: + description: 'BrokerPrefix defines the prefix for broker + advertised endpoint and will be added as brokerPrefix.domain + If not configured, it will add b as a prefix, like + b#.domain where # will start from 0 to replicas count' + minLength: 1 + type: string + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + port: + description: Port defines the port to be used in the + advertised listener for a broker + format: int32 + type: integer + required: + - domain + - port + type: object + staticForPortBasedRouting: + description: StaticForPortBasedRouting allows to enable + external access by port routing With this schema, operator + configures kafka advertised listeners only and no kubernetes + external service will be created. + properties: + host: + description: Host defines the host name to be used in + the advertised listener for a broker + minLength: 1 + type: string + portOffset: + description: PortOffset defines the portOffset to be + used and will go in the increasing order with respect + to the replicas count + format: int32 + type: integer + required: + - host + - portOffset + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + - staticForPortBasedRouting + - staticForHostBasedRouting + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + internal: + description: Listener is the base fields for component listener + configuration + properties: + authentication: + description: KafkaZkAuthentication defines authentication structure + for Kafka/ZK cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication + types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + type: object + metricReporter: + description: MetricsReporter defines the metric reporter configuration + which will be enabled by default, and piggyback internal listener's + authentication and TLS if it is not set + properties: + authentication: + description: KafkaClientAuthentication defines the authentication + structure for all dependent CP Component for Kafka Cluster. + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + type: string + enabled: + type: boolean + replicationFactor: + format: int32 + type: integer + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - enabled + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + rackAssignment: + description: RackAssignment defines the rack awareness capability for + kafka + properties: + availabilityZoneCount: + description: AvailabilityZoneCount if configured will configure + broker.rack with formula (pod_id % azCount) this is mainly for + backwards compatibility with Operator 1.0 + format: int32 + type: integer + nodeLabels: + description: NodeLabels if configured uses the kubernetes node APIs + to to retrieve the value to be used in the broker.rack. This feature + requires Confluent Operaotr to run in cluster-level access + items: + type: string + minItems: 1 + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + services: + description: KafkaServices defines services supported part of kafka + properties: + kafkaRest: + description: RestApiServer embedded rest api server + properties: + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MetaDataServer + properties: + authentication: + description: MDSAuthentication supported MDS server configuration + properties: + type: + enum: + - bearer + type: string + required: + - type + type: object + externalAccess: + description: CPExternalAccess holds all external access policies + for non-kafka components + properties: + ingress: + description: Ingress allows to create a ingress service + Not implemented yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user + wishes to exist. + properties: + backend: + description: A default backend capable of servicing + requests that don't match any rule. At least one + of 'backend' or 'rules' must be specified. This + field is optional to allow the loadbalancer controller + or defaulting logic to specify a global default. + properties: + resource: + description: Resource is an ObjectRef to another + Kubernetes resource in the namespace of the + Ingress object. If resource is specified, + serviceName and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup + is not specified, the specified Kind must + be in the core API group. For any other + third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced + service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced + service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the + IngressClass cluster resource. The associated + IngressClass defines which controller will implement + the resource. This replaces the deprecated `kubernetes.io/ingress.class` + annotation. For backwards compatibility, when + that annotation is set, it must be given precedence + over this field. The controller may emit a warning + if the field and annotation have different values. + Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource + may be marked as default, which can be used to + set a default value for this field. For more information, + refer to the IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure + the Ingress. If unspecified, or no rule matches, + all traffic is sent to the default backend. + items: + description: IngressRule represents the rules + mapping the paths under a specified host to + the related backend services. Incoming requests + are first evaluated for a host match, then routed + to the backend associated with the matching + IngressRuleValue. + properties: + host: + description: "Host is the fully qualified + domain name of a network host, as defined + by RFC 3986. Note the following deviations + from the \"host\" part of the URI as defined + in RFC 3986: 1. IPs are not allowed. Currently + an IngressRuleValue can only apply to the + IP in the Spec of the parent Ingress. 2. + The `:` delimiter is not respected because + ports are not allowed. \t Currently the + port of an Ingress is implicitly :80 for + http and \t :443 for https. Both these + may change in the future. Incoming requests + are matched against the host before the + IngressRuleValue. If the host is unspecified, + the Ingress routes all traffic based on + the specified IngressRuleValue. \n Host + can be \"precise\" which is a domain name + without the terminating dot of a network + host (e.g. \"foo.bar.com\") or \"wildcard\", + which is a domain name prefixed with a single + wildcard label (e.g. \"*.foo.com\"). The + wildcard character '*' must appear by itself + as the first DNS label and matches only + a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests + will be matched against the Host field in + the following way: 1. If Host is precise, + the request matches this rule if the http + host header is equal to Host. 2. If Host + is a wildcard, then the request matches + this rule if the http host header is to + equal to the suffix (removing the first + label) of the wildcard rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list + of http selectors pointing to backends. + In the example: http:///? + -> backend where where parts of the url + correspond to RFC 3986, this resource will + be used to match against everything after + the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that + map requests to backends. + items: + description: HTTPIngressPath associates + a path with a backend. Incoming urls + matching the path are forwarded to + the backend. + properties: + backend: + description: Backend defines the + referenced service endpoint to + which the traffic will be forwarded + to. + properties: + resource: + description: Resource is an + ObjectRef to another Kubernetes + resource in the namespace + of the Ingress object. If + resource is specified, serviceName + and servicePort must not be + specified. + properties: + apiGroup: + description: APIGroup is + the group for the resource + being referenced. If APIGroup + is not specified, the + specified Kind must be + in the core API group. + For any other third-party + types, APIGroup is required. + type: string + kind: + description: Kind is the + type of resource being + referenced + type: string + name: + description: Name is the + name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name + of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port + of the referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against + the path of an incoming request. + Currently it can contain characters + disallowed from the conventional + "path" part of a URL as defined + by RFC 3986. Paths must begin + with a '/'. When unspecified, + all paths from incoming requests + are matched. + type: string + pathType: + description: 'PathType determines + the interpretation of the Path + matching. PathType can be one + of the following values: * Exact: + Matches the URL path exactly. + * Prefix: Matches based on a URL + path prefix split by ''/''. Matching + is done on a path element by + element basis. A path element + refers is the list of labels + in the path split by the ''/'' + separator. A request is a match + for path p if every p is an element-wise + prefix of p of the request path. + Note that if the last element + of the path is a substring of + the last element in request path, + it is not a match (e.g. /foo/bar matches + /foo/bar/baz, but does not match + /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching + is up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix + or Exact path types. Implementations + are required to support all path + types. Defaults to ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress + only supports a single TLS port, 443. If multiple + members of this list specify different hosts, + they will be multiplexed on the same port according + to the hostname specified through the SNI TLS + extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport + layer security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included + in the TLS certificate. The values in this + list must match the name/s used in the tlsSecret. + Defaults to the wildcard host setting for + the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the + secret used to terminate TLS traffic on + port 443. Field is left optional to allow + TLS routing based on SNI hostname alone. + If the SNI host in a listener conflicts + with the "Host" header field used by an + IngressRule, the SNI host is used for termination + and value of the Host header is used for + routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes + load balancer service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type load balancer + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring + source range + items: + type: string + type: array + port: + description: Port allows to configure external port + for client consumption If not configured, same internal/external + port will be configured per component Information + about the port can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node + port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the kubernetes service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure + Service External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port + offset to be used and will go in the increasing order + with respect to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided + service port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this + port. This field follows standard Kubernetes + label syntax. Un-prefixed names are reserved + for IANA standard service names (as per RFC-6335 + and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. Field + can be enabled with ServiceAppProtocol feature + gate. + type: string + name: + description: The name of this port within the + service. This must be a DNS_LABEL. All ports + within a ServiceSpec must have unique names. + When considering the endpoints for a Service, + this must match the 'name' field in the EndpointPort. + Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type=NodePort or LoadBalancer. + Usually assigned by the system. If specified, + it will be allocated to the service if unused + or else creation of the service will fail. Default + is to auto-allocate a port if the ServiceType + of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by + this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access + on the pods targeted by the service. Number + must be in the range 1 to 65535. Name must be + an IANA_SVC_NAME. If this is a string, it will + be looked up as a named port in the target Pod''s + container ports. If this is not specified, the + value of the ''port'' field is used (an identity + map). This field is ignored for services with + clusterIP=None, and should be omitted or set + equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for + OpenShift Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for + the OpenShift service type route + type: object + domain: + description: Domain allows to configure domain name + for the cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured + for the given domain If prefix is not configured, + the name of the cluster will be used as a default + value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. + It defaults to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external + services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + provider: + properties: + ldap: + description: LdapService LDAP configuration for RBAC + properties: + address: + type: string + authentication: + description: LdapAuthentication supported ldap configuration + for RBAC + properties: + simple: + description: LdapSimpleAuthentication load credential + either for secret or directory path in container + for RBAC + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - simple + - mtls + type: string + required: + - type + type: object + configurations: + description: LdapSettings ldap configurations for CP + RBAC. Anything missing can be passed through configOverride + capability + properties: + groupMemberAttribute: + minLength: 1 + type: string + groupMemberAttributePattern: + minLength: 1 + type: string + groupNameAttribute: + minLength: 1 + type: string + groupObjectClass: + minLength: 1 + type: string + groupSearchBase: + minLength: 1 + type: string + groupSearchFilter: + minLength: 1 + type: string + groupSearchScope: + format: int32 + type: integer + userMemberOfAttributePattern: + minLength: 1 + type: string + userNameAttribute: + minLength: 1 + type: string + userObjectClass: + minLength: 1 + type: string + userSearchBase: + minLength: 1 + type: string + userSearchFilter: + minLength: 1 + type: string + userSearchScope: + format: int32 + type: integer + type: object + tls: + description: ClientTLSConfig defines TLS configuration + for CP component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the + directory path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration + for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure + ignores the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name + referenced for jks password + properties: + secretRef: + description: SecretRef defines the secret name + referenced for jks password More information + about jks password key/value format can be + found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + required: + - address + - authentication + - configurations + type: object + type: + enum: + - ldap + type: string + required: + - ldap + - type + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: MDSTokenKeyPair load either through secretRef or + directory path + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - provider + - tokenKeyPair + type: object + type: object + storageClass: + description: StorageClass defines the user provided storage class. If + not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines the global level TLS configuration which can + be used by listeners and services if they all want to share same certificate. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KafkaStatus defines the observed state of KafkaServer + properties: + authorizationType: + type: string + brokerIdOffset: + format: int32 + type: integer + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + externalClient: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + listeners: + additionalProperties: + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + client: + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + minISR: + format: int32 + type: integer + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + replicationFactor: + format: int32 + type: integer + services: + additionalProperties: + description: ListenerStatus describes general information about a + listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to + connect to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to + connect to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + zookeeperConnect: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_kafkatopics.yaml b/kustomize/base/operator/crds/platform.confluent.io_kafkatopics.yaml new file mode 100644 index 0000000..e6afabd --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_kafkatopics.yaml @@ -0,0 +1,287 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: kafkatopics.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.partitionCount + name: Partition + type: string + - JSONPath: .status.state + name: Status + type: string + - JSONPath: .status.kafkaClusterId + name: ClusterId + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KafkaTopic + listKind: KafkaTopicList + plural: kafkatopics + shortNames: + - kt + - topic + singular: kafkatopic + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: KafkaTopic is the Schema for the kafkatopics API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaTopicSpec defines the desired state of KafkaTopic + properties: + configs: + additionalProperties: + type: string + description: Configs allows passing configs for topic More information + about topic configs is available here https://docs.confluent.io/current/installation/configuration/topic-configs.html + type: object + kafkaClusterRef: + description: KafkaClusterRef defines the name of the kafka cluster + properties: + name: + description: Name defines name of the Kafka cluster + minLength: 1 + type: string + namespace: + description: Namespace defines namespace where kafka cluster is + running + minLength: 1 + type: string + required: + - name + type: object + kafkaRest: + description: KafkaRestRef defines the Kafka Rest API configuration + properties: + authentication: + description: Authentication defines authentication of Kafka Rest + API + properties: + basic: + description: BasicAuthentication defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic + credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on + the server side only. Changes will be only reflected in + ControlCenter (C3). This configuration is ignored on the + client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on + the server side only. This configuration is ignored on + the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + bearer: + description: BearerAuthentication used by MDS clients + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - basic + - bearer + type: string + required: + - type + type: object + endpoint: + description: Endpoint defines where confluent Kafka Rest API is + running + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: TLSDependencyConfig defines the client side tls configuration + to connect to Kafka Rest API + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + name: + description: Name defines the topic name. If not configured uses the + CR name as topic name. + maxLength: 255 + minLength: 1 + pattern: ^[a-zA-Z0-9\._\-]*$ + type: string + partitionCount: + description: PartitionCount defines the partition count + format: int32 + minimum: 1 + type: integer + replicas: + description: Replicas defines the replication factor for a topic + format: int32 + minimum: 1 + type: integer + type: object + status: + description: KafkaTopicStatus defines the observed state of KafkaTopic + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + kafkaClusterId: + type: string + kafkaRestEndpoint: + type: string + partitionCount: + format: int32 + type: integer + replicas: + format: int32 + type: integer + state: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_ksqldbs.yaml b/kustomize/base/operator/crds/platform.confluent.io_ksqldbs.yaml new file mode 100644 index 0000000..5f99859 --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_ksqldbs.yaml @@ -0,0 +1,2719 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: ksqldbs.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: KsqlDB + listKind: KsqlDBList + plural: ksqldbs + shortNames: + - ksqldb + - ksql + singular: ksqldb + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: KsqlDB is the Schema for the ksql API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KafkaSpec defines the desired state of CP component, Kafka + Server + properties: + authentication: + description: Authentication specifies whether auth is needed when accessing + the ksqlDB rest server. + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization configuration defines RBAC configuration + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: Data volume + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + dependencies: + description: Dependencies defines dependencies Kafka, interceptor, schemaregistry, + mds dependencies + properties: + interceptor: + description: InterceptorDependency defines interceptor settings + for CP component + properties: + configs: + description: Configs defines configs for the CP interceptor + Config override feature can be used to pass config + items: + type: string + type: array + consumer: + description: Consumer defines the consumer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + enabled: + description: Enabled defines to enable the CP interceptor configuration + type: boolean + producer: + description: Producer defines the producer configuration for + interceptor. If not configured it will use the kafka dependency + configuration + properties: + authentication: + description: Authentication defines the authentication for + the kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's + JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference + to pass required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete + JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap + endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability + to discover kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is + running Uses the same namespace where Operator is + running if not configured + type: string + secretRef: + description: SecretRef defines the name of the secret + reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side + TLS setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for + CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + publishMs: + type: integer + required: + - enabled + type: object + kafka: + description: KafkaClientDependency allows configuring CP component + dependency to configure kafka settings + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines MDS configure when CP RBAC + is enabled + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + schemaRegistry: + description: SchemaRegistryClientDependency allows configuring CP + component dependency to configure schemaRegistry settings + properties: + authentication: + description: Authentication defines the authentication for the + schemaregistry cluster + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass + basic credential through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles + on the server side only. Changes will be only reflected + in ControlCenter (C3). This configuration is ignored + on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration + on the server side only. This configuration is ignored + on the client side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme + for Rest client + enum: + - basic + - mtls + type: string + required: + - type + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for schemaregistry cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + url: + description: URL defines the URL endpoint + minLength: 1 + pattern: ^https?://.* + type: string + required: + - url + type: object + type: object + externalAccess: + description: Provides configuring endpoints and services to make ksqlDB + accessible from outside the cluster + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicationFactor: + description: Replication factor for internal topics + format: int32 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage class used for creating pvc's of created ksqlDB + pods + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: Specifies TLS configurations for the ksqlDB rest server. + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - replicas + type: object + status: + description: KsqlDBStatus defines the observed state of KSQLServer + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + serviceId: + type: string + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_migrationjobs.yaml b/kustomize/base/operator/crds/platform.confluent.io_migrationjobs.yaml new file mode 100644 index 0000000..ead0c24 --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_migrationjobs.yaml @@ -0,0 +1,669 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: migrationjobs.platform.confluent.io +spec: + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: MigrationJob + listKind: MigrationJobList + plural: migrationjobs + shortNames: + - migrationjob + - migration + singular: migrationjob + preserveUnknownFields: false + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: MigrationJob is the Schema for the migrationjobs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MigrationJobSpec defines the desired state of MigrationJob + properties: + blockReconcile: + type: boolean + connect: + description: ConnectMigrationJobSpec defines the desired state of Connect + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + controlcenter: + description: ControlCenterMigrationJobSpec defines the desired state + of ControlCenter after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + initContainerImage: + minLength: 1 + type: string + kafka: + description: KafkaMigrationJobSpec defines the descired state of Kafka + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + ksqldb: + description: KsqlDBMigrationJobSpec defines the desired state of KsqlDB + after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + pullSecretRef: + items: + type: string + type: array + replicator: + description: ReplicatorMigrationJobSpec defines the desired state of + Replicator after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + schemaRegistry: + description: SchemaRegistryMigrationJobSpec defines the desired state + of SchemaRegistry after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + skipCleanup: + type: boolean + skipRollback: + type: boolean + zookeeper: + description: ZookeeperMigrationJobSpec defines the desired state of + Zookeeper after migration + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations for the new resource created. Annotations + is an unstructured key value map stored with a resource that may + be set by external tools to store and retrieve arbitrary metadata. + They are not queryable and should be preserved when modifying + objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + configOverrides: + description: ConfigurationOverrides for the new resource created. + Takes precedence over configuration already present in old CR + properties: + jvm: + description: JVM defines a list of jvm configuration supported + by application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + enabled: + description: Indicates if Migration of this component is enabled + type: boolean + labels: + additionalProperties: + type: string + description: 'Labels for the new resource created. Map of string + keys and values that can be used to organize and categorize (scope + and select) objects. May match selectors of replication controllers + and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: Name of the V1 resource to migrate. It must be unique + within a namespace Note that the resource will be deleted once + the migration is complete Required if this component is enabled + type: string + namespace: + description: Namespace defines the space within each name must be + unique. An empty namespace is equivalent to the "default" namespace, + but "default" is the canonical representation. Not all objects + are required to be scoped to a namespace - the value of this field + for those objects will be empty. + type: string + release: + description: ReleaseName for the helm release for the component. + It is optional for kafka and zookeeper release. + minLength: 1 + type: string + required: + - enabled + type: object + required: + - initContainerImage + type: object + status: + description: MigrationJobStatus defines the observed state of MigrationJob + properties: + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + connect: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + controlcenter: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + kafka: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + ksqldb: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + phase: + type: string + replicator: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + schemaRegistry: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + zookeeper: + description: CommonMigrationStatus defines spec common to different + migration resources + properties: + message: + type: string + phase: + type: string + required: + - message + - phase + type: object + required: + - phase + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_schemaregistries.yaml b/kustomize/base/operator/crds/platform.confluent.io_schemaregistries.yaml new file mode 100644 index 0000000..5d5723a --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_schemaregistries.yaml @@ -0,0 +1,2333 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: schemaregistries.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.kafka.bootstrapEndpoint + name: Kafka + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: SchemaRegistry + listKind: SchemaRegistryList + plural: schemaregistries + shortNames: + - schemaregistry + - sr + singular: schemaregistry + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: SchemaRegistry is the Schema for the schemaregistries API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SchemaRegistrySpec defines the desired state of SchemaRegistry + properties: + authentication: + description: Authentication defines the rest-endpoint configuration + properties: + basic: + description: Basic defines basic authentication + properties: + directoryPathInContainer: + description: DirectoryPathInContainer allows to pass basic credential + through directory path in a container + minLength: 1 + type: string + restrictedRoles: + description: RestrictedRoles defines restricted roles on the + server side only. Changes will be only reflected in ControlCenter + (C3). This configuration is ignored on the client side configuration + items: + type: string + minItems: 1 + type: array + roles: + description: Role defines list of roles configuration on the + server side only. This configuration is ignored on the client + side configuration + items: + type: string + type: array + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines supported authentication scheme for Rest + Server + enum: + - basic + - mtls + type: string + required: + - type + type: object + authorization: + description: Authorization defines authorization configurations + properties: + kafkaRestClassRef: + description: KafkaRestClassRef defines the reference for KafkaRestClass + which defines Kafka Rest API + properties: + name: + description: Name defines the name of KafkaRestClass + minLength: 1 + type: string + namespace: + description: Namespace defines the namespace of the KafkaRestClass + type: string + required: + - name + type: object + type: + enum: + - rbac + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dependencies: + description: Dependencies defines all the dependencies service configuration + properties: + kafka: + description: Kafka defines kafka dependencies configuration + properties: + authentication: + description: Authentication defines the authentication for the + kafka cluster + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS + configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass + required credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS + configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced + for authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + minLength: 1 + pattern: .+:[0-9]+ + type: string + discovery: + description: Discovery defines the discovery capability to discover + kafka cluster + properties: + name: + description: Name is the name of the CP component + type: string + namespace: + description: Namespace defines where CP component is running + Uses the same namespace where Operator is running if not + configured + type: string + secretRef: + description: SecretRef defines the name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLSDependencyConfig defines the client side TLS + setting for kafka cluster + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mds: + description: MDSDependencies defines the RBAC dependencies configurations + properties: + authentication: + description: Authentication defines MDS authentication configuration + properties: + bearer: + description: BearerAuthentication defines bearer authentication + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + type: + description: Type defines the authentication type support + for MDS + enum: + - bearer + type: string + required: + - bearer + - type + type: object + endpoint: + description: Endpoint defines the mds endpoint + minLength: 1 + pattern: ^https?://.* + type: string + tls: + description: ClientTLSConfig defines TLS configuration for CP + component (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks + can be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP + component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores + the truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password + key/value format can be found in Confluent Operator + document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced + for certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + tokenKeyPair: + description: TokenKeyPair defines the token keypair to configure + MDS + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: Name of the secret reference + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - authentication + - endpoint + - tokenKeyPair + type: object + type: object + externalAccess: + description: ExternalAccess defines the external access configuration + properties: + ingress: + description: Ingress allows to create a ingress service Not implemented + yet! + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type ingress service + type: object + spec: + description: IngressSpec describes the Ingress the user wishes + to exist. + properties: + backend: + description: A default backend capable of servicing requests + that don't match any rule. At least one of 'backend' or + 'rules' must be specified. This field is optional to allow + the loadbalancer controller or defaulting logic to specify + a global default. + properties: + resource: + description: Resource is an ObjectRef to another Kubernetes + resource in the namespace of the Ingress object. If + resource is specified, serviceName and servicePort + must not be specified. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the referenced service. + x-kubernetes-int-or-string: true + type: object + ingressClassName: + description: IngressClassName is the name of the IngressClass + cluster resource. The associated IngressClass defines + which controller will implement the resource. This replaces + the deprecated `kubernetes.io/ingress.class` annotation. + For backwards compatibility, when that annotation is set, + it must be given precedence over this field. The controller + may emit a warning if the field and annotation have different + values. Implementations of this API should ignore Ingresses + without a class specified. An IngressClass resource may + be marked as default, which can be used to set a default + value for this field. For more information, refer to the + IngressClass documentation. + type: string + rules: + description: A list of host rules used to configure the + Ingress. If unspecified, or no rule matches, all traffic + is sent to the default backend. + items: + description: IngressRule represents the rules mapping + the paths under a specified host to the related backend + services. Incoming requests are first evaluated for + a host match, then routed to the backend associated + with the matching IngressRuleValue. + properties: + host: + description: "Host is the fully qualified domain name + of a network host, as defined by RFC 3986. Note + the following deviations from the \"host\" part + of the URI as defined in RFC 3986: 1. IPs are not + allowed. Currently an IngressRuleValue can only + apply to the IP in the Spec of the parent Ingress. + 2. The `:` delimiter is not respected because ports + are not allowed. \t Currently the port of an Ingress + is implicitly :80 for http and \t :443 for https. + Both these may change in the future. Incoming requests + are matched against the host before the IngressRuleValue. + If the host is unspecified, the Ingress routes all + traffic based on the specified IngressRuleValue. + \n Host can be \"precise\" which is a domain name + without the terminating dot of a network host (e.g. + \"foo.bar.com\") or \"wildcard\", which is a domain + name prefixed with a single wildcard label (e.g. + \"*.foo.com\"). The wildcard character '*' must + appear by itself as the first DNS label and matches + only a single label. You cannot have a wildcard + label by itself (e.g. Host == \"*\"). Requests will + be matched against the Host field in the following + way: 1. If Host is precise, the request matches + this rule if the http host header is equal to Host. + 2. If Host is a wildcard, then the request matches + this rule if the http host header is to equal to + the suffix (removing the first label) of the wildcard + rule." + type: string + http: + description: 'HTTPIngressRuleValue is a list of http + selectors pointing to backends. In the example: + http:///? -> backend where + where parts of the url correspond to RFC 3986, this + resource will be used to match against everything + after the last ''/'' and before the first ''?'' + or ''#''.' + properties: + paths: + description: A collection of paths that map requests + to backends. + items: + description: HTTPIngressPath associates a path + with a backend. Incoming urls matching the + path are forwarded to the backend. + properties: + backend: + description: Backend defines the referenced + service endpoint to which the traffic + will be forwarded to. + properties: + resource: + description: Resource is an ObjectRef + to another Kubernetes resource in + the namespace of the Ingress object. + If resource is specified, serviceName + and servicePort must not be specified. + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any other + third-party types, APIGroup is + required. + type: string + kind: + description: Kind is the type of + resource being referenced + type: string + name: + description: Name is the name of + resource being referenced + type: string + required: + - kind + - name + type: object + serviceName: + description: Specifies the name of the + referenced service. + type: string + servicePort: + anyOf: + - type: integer + - type: string + description: Specifies the port of the + referenced service. + x-kubernetes-int-or-string: true + type: object + path: + description: Path is matched against the + path of an incoming request. Currently + it can contain characters disallowed from + the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin + with a '/'. When unspecified, all paths + from incoming requests are matched. + type: string + pathType: + description: 'PathType determines the interpretation + of the Path matching. PathType can be + one of the following values: * Exact: + Matches the URL path exactly. * Prefix: + Matches based on a URL path prefix split + by ''/''. Matching is done on a path + element by element basis. A path element + refers is the list of labels in the + path split by the ''/'' separator. A request + is a match for path p if every p is + an element-wise prefix of p of the request + path. Note that if the last element of + the path is a substring of the last + element in request path, it is not a match + (e.g. /foo/bar matches /foo/bar/baz, + but does not match /foo/barbaz). * ImplementationSpecific: + Interpretation of the Path matching is + up to the IngressClass. Implementations + can treat this as a separate PathType or + treat it identically to Prefix or Exact + path types. Implementations are required + to support all path types. Defaults to + ImplementationSpecific.' + type: string + required: + - backend + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: TLS configuration. Currently the Ingress only + supports a single TLS port, 443. If multiple members of + this list specify different hosts, they will be multiplexed + on the same port according to the hostname specified through + the SNI TLS extension, if the ingress controller fulfilling + the ingress supports SNI. + items: + description: IngressTLS describes the transport layer + security associated with an Ingress. + properties: + hosts: + description: Hosts are a list of hosts included in + the TLS certificate. The values in this list must + match the name/s used in the tlsSecret. Defaults + to the wildcard host setting for the loadbalancer + controller fulfilling this Ingress, if left unspecified. + items: + type: string + type: array + secretName: + description: SecretName is the name of the secret + used to terminate TLS traffic on port 443. Field + is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts + with the "Host" header field used by an IngressRule, + the SNI host is used for termination and value of + the Host header is used for routing. + type: string + type: object + type: array + type: object + required: + - spec + type: object + loadBalancer: + description: LoadBalancer allows to create a kubernetes load balancer + service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type load balancer + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + loadBalancerSourceRanges: + description: LoadBalancerSourceRanges allows configuring source + range + items: + type: string + type: array + port: + description: Port allows to configure external port for client + consumption If not configured, same internal/external port + will be configured per component Information about the port + can be retrieved through status API + format: int32 + type: integer + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - domain + type: object + nodePort: + description: NodePort allows to create a kubernetes node port service + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the kubernetes + service type node port + type: object + externalTrafficPolicy: + description: ExternalTrafficPolicy allows to configure Service + External Traffic Policy + enum: + - Local + - Cluster + type: string + host: + minLength: 1 + type: string + nodePortOffset: + description: NodePortOffset configures the node port offset + to be used and will go in the increasing order with respect + to the replicas count + format: int32 + maximum: 32767 + minimum: 30000 + type: integer + servicePorts: + description: ServicePorts allows to specify user-provided service + port(s) + items: + description: ServicePort contains information on service's + port. + properties: + appProtocol: + description: The application protocol for this port. This + field follows standard Kubernetes label syntax. Un-prefixed + names are reserved for IANA standard service names (as + per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such + as mycompany.com/my-custom-protocol. Field can be enabled + with ServiceAppProtocol feature gate. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field in the + EndpointPort. Optional if only one ServicePort is defined + on this service. + type: string + nodePort: + description: 'The port on each node on which this service + is exposed when type=NodePort or LoadBalancer. Usually + assigned by the system. If specified, it will be allocated + to the service if unused or else creation of the service + will fail. Default is to auto-allocate a port if the + ServiceType of this Service requires one. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports "TCP", + "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: 'Number or name of the port to access on + the pods targeted by the service. Number must be in + the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named + port in the target Pod''s container ports. If this is + not specified, the value of the ''port'' field is used + (an identity map). This field is ignored for services + with clusterIP=None, and should be omitted or set equal + to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + required: + - host + - nodePortOffset + type: object + route: + description: Route allows to create a route service for OpenShift + Platform + properties: + annotations: + additionalProperties: + type: string + description: Annotations allows to add annotations for the OpenShift + service type route + type: object + domain: + description: Domain allows to configure domain name for the + cluster. + minLength: 1 + type: string + prefix: + description: Prefix will add prefix when configured for the + given domain If prefix is not configured, the name of the + cluster will be used as a default value + minLength: 1 + type: string + wildcardPolicy: + description: WildcardPolicy allows wild card polices. It defaults + to None if not configured + enum: + - Subdomain + - None + type: string + required: + - domain + type: object + type: + description: Type defines supported kubernetes external services + enum: + - loadBalancer + - nodePort + - route + minLength: 1 + type: string + required: + - type + type: object + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + internalTopicReplicatorFactor: + format: int32 + minimum: 1 + type: integer + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: Storage defines + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + telemetry: + description: ConfluentTelemetry defines the confluent telemetry reporter + configuration + properties: + global: + description: Global will allow disabling telemetry configuration. + If Operator is deployed with telemetry, this field is only is + used to disabled. By default the value is true if telemetry is + enabled in global level. + type: boolean + type: object + tls: + description: TLS defines tls configuration for rest-endpoint + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - image + - replicas + type: object + status: + description: SchemaRegistryStatus defines the observed state of SchemaRegistry + properties: + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + groupId: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + kafka: + description: KafkaClientInfoStatus defines the kafka client side status + for all CP component + properties: + authenticationType: + description: AuthenticationType defines the authentication type + for kafka + type: string + bootstrapEndpoint: + description: BootstrapEndpoint defines the kafka bootstrap endpoint + type: string + tls: + description: TLS defines if tls is enabled for kafka dependency + type: boolean + type: object + metricPrefix: + type: string + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + rbac: + description: RBACInfoStatus defines RBAC related status when RBAC is + enabled + properties: + clusterId: + description: ClusterId defines the id of cluster + type: string + internalRolebindings: + description: RolebindingState defines the state of internal rolebindings + items: + type: string + type: array + type: object + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + restConfig: + description: ListenerStatus describes general information about a listeners + properties: + advertisedExternalEndpoints: + description: AdvertisedExternalEndpoints defines other advertised + endpoints, especially use for kafka + items: + type: string + type: array + authenticationType: + description: AuthenticationType defines authentication type configured + by a listener + type: string + externalEndpoint: + description: ExternalEndpoint defines the external endpoint to connect + to the service + type: string + internalEndpoint: + description: InternalEndpoint defines the internal endpoint to connect + to the service + type: string + tls: + description: TLS defines whether tls is configured by a listener + type: boolean + type: object + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_zookeepers.yaml b/kustomize/base/operator/crds/platform.confluent.io_zookeepers.yaml new file mode 100644 index 0000000..e8c7c7b --- /dev/null +++ b/kustomize/base/operator/crds/platform.confluent.io_zookeepers.yaml @@ -0,0 +1,1551 @@ + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: zookeepers.platform.confluent.io +spec: + additionalPrinterColumns: + - JSONPath: .status.replicas + name: Replicas + type: string + - JSONPath: .status.readyReplicas + name: Ready + type: string + - JSONPath: .status.phase + name: Status + type: string + - JSONPath: .metadata.creationTimestamp + name: Age + type: date + - JSONPath: .status.endpoint + name: Endpoint + priority: 1 + type: string + group: platform.confluent.io + names: + categories: + - all + - confluent-platform + - confluent + kind: Zookeeper + listKind: ZookeeperList + plural: zookeepers + shortNames: + - zookeeper + - zk + singular: zookeeper + preserveUnknownFields: false + scope: Namespaced + subresources: + scale: + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} + validation: + openAPIV3Schema: + description: Zookeeper is the Schema for the zookeepers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ZookeeperSpec defines the desired state of Confluent Platform + (CP) component, Zookeeper + properties: + authentication: + description: Authentication defines support authentication configuration + properties: + jaasConfig: + description: JaaS defines opinionated CP component's JaaS configuration. + properties: + secretRef: + description: SecretRef defines secret reference to pass required + credentials + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + jaasConfigPassThrough: + description: JaaSPassThrough user provided complete JaaS configuration. + properties: + directoryPathInContainer: + minLength: 1 + type: string + secretRef: + description: SecretRef defines the secret name referenced for + authentication + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + principalMappingRules: + items: + type: string + type: array + type: + description: Type defines supported kafka authentication types + enum: + - plain + - oauthbearer + - scram + - digest + - kerberos + - mtls + type: string + required: + - type + type: object + configOverrides: + description: ConfigurationOverrides defines capability to override server/jvm/log4j + properties for each Confluent platform component. Change will roll + the cluster + properties: + jvm: + description: JVM defines a list of jvm configuration supported by + application. This will either add or update existing configuration + items: + type: string + type: array + log4j: + description: Log4j defines a list of log4J configuration supported + by application. This will either add or update existing configuration. + items: + type: string + type: array + server: + description: server is list of server configuration supported by + application. This will either add or update existing configuration. + items: + type: string + type: array + type: object + dataVolumeCapacity: + anyOf: + - type: integer + - type: string + description: DataVolumeCapacity defines the data volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + image: + description: Image defines application and init docker image configuration. + Change will roll the cluster + properties: + application: + description: Application defines application docker image name + pattern: .+:.+ + type: string + init: + description: Init defines init-container name + pattern: .+:.+ + type: string + pullSecretRef: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods that + reference this ServiceAccount. ImagePullSecrets are distinct from + Secrets because Secrets can be mounted in the pod, but ImagePullSecrets + are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + type: string + type: array + required: + - application + - init + type: object + injectAnnotations: + additionalProperties: + type: string + description: InjectAnnotations annotations are injected to all the internal + resources created by Operator. All the internal annotations is preserved + and forbidden to override. For pod annotations, use podTemplate.annotations + type: object + injectLabels: + additionalProperties: + type: string + description: InjectLabels labels are injected to all the internal resources + created by Operator. All the internal labels is preserved and forbidden + to override. For pod labels, use podTemplate.labels + type: object + k8sClusterDomain: + description: K8SClusterDomain defines configuring kubernetes cluster + domain if required. If this setting is not configured it will default + to cluster.local domain. + type: string + license: + description: License defines license configuration for Confluent platform + component + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where license key is mounted. More information about + the usage be found in Confluent Operator document. + minLength: 1 + type: string + globalLicense: + description: GlobalLicense specifies whether operator pod license + will be used for this component If enabled then Confluent platform + component shares Confluent Operator license. + type: boolean + secretRef: + description: SecretRef is secret reference which provides license + for CP component More information about the license key struct + can be found in Confluent Operator document. + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + logVolumeCapacity: + anyOf: + - type: integer + - type: string + description: LogVolumeCapacity defines the log volume size + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + metrics: + description: Metrics specifies the security settings for metric services + properties: + authentication: + description: Metrics security authentication + properties: + type: + enum: + - mtls + type: string + required: + - type + type: object + prometheus: + description: Override for jmx-prometheus exporter configs + properties: + blacklist: + items: + type: string + type: array + rules: + items: + description: Prometheus exporter rule override + properties: + attrNameSnakeCase: + minLength: 1 + type: string + cache: + minLength: 1 + type: string + help: + minLength: 1 + type: string + labels: + additionalProperties: + type: string + type: object + name: + minLength: 1 + type: string + pattern: + minLength: 1 + type: string + type: + minLength: 1 + type: string + value: + minLength: 1 + type: string + valueFactor: + minLength: 1 + type: string + type: object + type: array + whitelist: + items: + type: string + type: array + type: object + tls: + description: ClientTLSConfig defines TLS configuration for CP component + (dependencies, listeners). + properties: + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory + path in container where keystore/truststore.jks/jksPassword.txt + keys are mounted. CP will not configure truststore.jks can + be ignored with IgnoreTrustStoreConfig field + minLength: 1 + type: string + enabled: + description: Enabled enables the TLS configuration for CP component + type: boolean + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the + truststore configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced + for jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced + for jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for + certificates More information about certificates key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - enabled + type: object + type: object + mountedSecrets: + description: MountedSecrets defines list of secrets reference injected + to the the underlying statefulset configuration. The secret reference + is mounted secret mounted in default path /mnt/secrets/. + The underlying resources will follow the secret as a file configuration + as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod + Change will roll the cluster + items: + description: MountedSecrets allows provides a way to inject custom + secret to underlying statefulset. + properties: + keyItems: + description: keyItems is list of key and path names + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must + be a value between 0 and 0777. If not specified, the volume + defaultMode will be used. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key + to. May not be an absolute path. May not contain the path + element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + secretRef: + description: SecretRef defines the secret name referenced + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + type: array + oneReplicaPerNode: + description: OneReplicaPerNode enforces to run 1 pod per node through + pod anti-affinity capability. Enabling this configuration in existing + cluster will roll. Change will roll the cluster + type: boolean + podTemplate: + description: PodTemplate defines some statefulset pod template configuration + properties: + affinity: + description: 'Affinity is a group of affinity scheduling rules. + More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + annotations: + additionalProperties: + type: string + description: 'Annotations defines an unstructured key value map + stored with a resource that may be set by external tools to store + and retrieve arbitrary metadata. They are not queryable and should + be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + envVars: + description: 'EnvVars defines the collection of EnvVar to inject + into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the + container and any service environment variables. If a variable + cannot be resolved, the reference in the input string will + be unchanged. The $(VAR_NAME) syntax can be escaped with + a double $$, ie: $$(VAR_NAME). Escaped references will never + be expanded, regardless of whether the variable exists or + not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, metadata.labels, metadata.annotations, + spec.nodeName, spec.serviceAccountName, status.hostIP, + status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Labels defines map of string keys and values that + can be used to organize and categorize (scope and select) objects. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + podSecurityContext: + description: PodSecurityContext holds pod-level security attributes + and common container settings. Some fields are also present in + container.securityContext. Field values of container.securityContext + take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified defaults to "Always".' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to + the container. + type: string + role: + description: Role is a SELinux role label that applies to + the container. + type: string + type: + description: Type is a SELinux type label that applies to + the container. + type: string + user: + description: User is a SELinux user label that applies to + the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + priorityClassName: + description: PriorityClassName defines priority class for the pod + (if any). + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + probe: + description: Probe defines some fields of standard kubernetes readiness/liveness + probe configuration. + properties: + liveness: + description: Liveness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + readiness: + description: Readiness allows to configure some some probe configuration + The changes will override the existing default configuration + properties: + failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. CP component + comes with right configuration, not required to change + most of the time + format: int32 + type: integer + initialDelaySeconds: + description: Number of seconds after the container has started + before probes are initiated. CP component comes with right + configuration, not required to change most of the time + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + CP component comes with right configuration, not required + to change most of the time + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. + format: int32 + type: integer + timeoutSeconds: + description: Number of seconds after which the probe times + out. CP component comes with right configuration, not + required to change most of the time + format: int32 + type: integer + type: object + type: object + resources: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + terminationGracePeriodSeconds: + description: TerminationGracePeriodSeconds defines grace period + for pod deletion + format: int64 + type: integer + tolerations: + description: Tolerations defines The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator . + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: Replicas is the desired number of replicas of the given + Template. Change will roll the cluster + format: int32 + type: integer + storageClass: + description: StorageClass defines the user provided storage class. If + not configured, it will use default storage class. + properties: + name: + description: Name defines name is the storage class reference name + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + tls: + description: TLS defines TLS setting + properties: + autoGeneratedCerts: + description: AutoGenerated if configures generates the certificates + based on the CA key pair provided. + type: boolean + directoryPathInContainer: + description: DirectoryPathInContainer contains the directory path + in container where keystore/truststore.jks/jksPassword.txt keys + are mounted. CP will not configure truststore.jks can be ignored + with IgnoreTrustStoreConfig field + minLength: 1 + type: string + ignoreTrustStoreConfig: + description: IgnoreTrustStoreConfig when configure ignores the truststore + configuration for CP component + type: boolean + jksPassword: + description: JksPassword defines the secret name referenced for + jks password + properties: + secretRef: + description: SecretRef defines the secret name referenced for + jks password More information about jks password key/value + format can be found in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - secretRef + type: object + secretRef: + description: SecretRef defines the secret name referenced for certificates + More information about certificates key/value format can be found + in Confluent Operator document + maxLength: 30 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + required: + - dataVolumeCapacity + - image + - logVolumeCapacity + - replicas + type: object + status: + description: ZookeeperStatus defines the observed state of Zookeeper + properties: + authenticationType: + type: string + authorizationType: + type: string + clusterName: + description: ClusterName defines the name of the cluster + type: string + clusterNamespace: + description: ClusterNamespace provides the namespace where cluster is + running + type: string + conditions: + items: + description: Conditions represents the latest available observations + of a statefulset's current state. + properties: + lastProbeTime: + description: LastProbeTime defines a last time the condition is + evaluated. + format: date-time + type: string + lastTransitionTime: + description: LastTransitionTime defines a last time the condition + transitioned from one status to another. + format: date-time + type: string + message: + description: ' Message defines a human readable message indicating + details about the transition.' + type: string + reason: + description: ' Reason defines reason for the condition''s last + transition.' + type: string + status: + description: Status defines a status of the condition, one of + True, False, Unknown + type: string + type: + description: Type defines type of condition + type: string + type: object + type: array + currentReplicas: + description: CurrentReplicas defines current running replicas + format: int32 + type: integer + endpoint: + type: string + internalSecrets: + description: InternalSecrets defines the list of internal secrets created + by Operator for each CP component. + items: + type: string + type: array + internalTopicNames: + description: InternalTopicNames is a list of topics used by the component + for internal use + items: + type: string + type: array + operatorVersion: + description: OperatorVersion defines the internal version of operator + type: string + phase: + description: Phase defines the state of the CP component + type: string + readyReplicas: + description: ReadyReplicas defines current ready replicas + format: int32 + type: integer + replicas: + description: Replicas defines replicas + format: int32 + type: integer + tls: + type: boolean + type: object + required: + - spec + type: object + version: v1beta1 + versions: + - name: v1beta1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/kustomize/base/operator/kustomization.yaml b/kustomize/base/operator/kustomization.yaml new file mode 100644 index 0000000..ffceabe --- /dev/null +++ b/kustomize/base/operator/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - crds + - resources \ No newline at end of file diff --git a/kustomize/base/operator/resources/clusterrole.yaml b/kustomize/base/operator/resources/clusterrole.yaml new file mode 100644 index 0000000..e933d3a --- /dev/null +++ b/kustomize/base/operator/resources/clusterrole.yaml @@ -0,0 +1,116 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + meta.helm.sh/release-name: confluent + meta.helm.sh/release-namespace: production + labels: + app: confluent-for-kubernetes + app.kubernetes.io/component: confluent-operator + app.kubernetes.io/instance: confluent + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: confluent-for-kubernetes + helm.sh/chart: confluent-for-kubernetes-0.174.6 + helm.toolkit.fluxcd.io/name: confluent + helm.toolkit.fluxcd.io/namespace: production + name: confluent-operator-global +rules: + - apiGroups: + - cluster.confluent.com + resources: + - zookeeperclusters + - zookeeperclusters/status + - zookeeperclusters/scale + - zookeeperclusters/finalizers + - kafkaclusters + - kafkaclusters/status + - kafkaclusters/scale + - kafkaclusters/finalizers + verbs: + - '*' + - apiGroups: + - operator.confluent.cloud + resources: + - physicalstatefulclusters + - physicalstatefulclusters/scale + - physicalstatefulclusters/status + - physicalstatefulclusters/finalizers + verbs: + - '*' + - apiGroups: + - platform.confluent.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - apps + resources: + - statefulsets + - statefulsets/scale + - statefulsets/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps + - events + - persistentvolumeclaims + - secrets + - secrets/finalizers + - pods + - pods/exec + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingresses/status + verbs: + - get + - list + - watch + - create + - update + - patch + - delete diff --git a/kustomize/base/operator/resources/clusterrolebinding.yaml b/kustomize/base/operator/resources/clusterrolebinding.yaml new file mode 100644 index 0000000..23c5f6c --- /dev/null +++ b/kustomize/base/operator/resources/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + app: confluent-for-kubernetes + app.kubernetes.io/name: confluent-for-kubernetes + app.kubernetes.io/instance: confluent + app.kubernetes.io/managed-by: git + app.kubernetes.io/component: confluent-operator + helm.sh/chart: confluent-for-kubernetes-0.174.6 + name: confluent-operator-global +subjects: +- kind: ServiceAccount + name: confluent-for-kubernetes + namespace: production +roleRef: + kind: Role + name: confluent-operator-global + apiGroup: rbac.authorization.k8s.io diff --git a/kustomize/base/operator/resources/deployment.yaml b/kustomize/base/operator/resources/deployment.yaml new file mode 100644 index 0000000..2c731ba --- /dev/null +++ b/kustomize/base/operator/resources/deployment.yaml @@ -0,0 +1,95 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: "confluent-for-kubernetes" + app.kubernetes.io/name: "confluent-for-kubernetes" + app.kubernetes.io/instance: "confluent" + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: "confluent-for-kubernetes-0.174.6" + name: confluent-operator-global +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: confluent + app.kubernetes.io/name: confluent-operator + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + prometheus.io/path: "/metrics" + prometheus.io/port: "7778" + prometheus.io/scrape: "true" + labels: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + app.kubernetes.io/instance: "confluent" + confluent-platform: "true" + version: "0.174.6" + spec: + containers: + - args: + - --debug=false + - --namespaces=production + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: NODEIP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: DD_ENTITY_ID + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.uid + image: docker.io/confluentinc/confluent-operator:0.174.6 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: confluent-operator-global + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 8080 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: + fsGroup: 1001 + runAsNonRoot: true + runAsUser: 1001 + serviceAccount: confluent-for-kubernetes + serviceAccountName: confluent-for-kubernetes + terminationGracePeriodSeconds: 30 \ No newline at end of file diff --git a/kustomize/base/operator/resources/kustomization.yaml b/kustomize/base/operator/resources/kustomization.yaml new file mode 100644 index 0000000..aff33c3 --- /dev/null +++ b/kustomize/base/operator/resources/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - clusterrole.yaml + - clusterrolebinding.yaml + - deployment.yaml + - service.yaml + - serviceaccount.yaml diff --git a/kustomize/base/operator/resources/service.yaml b/kustomize/base/operator/resources/service.yaml new file mode 100644 index 0000000..e527612 --- /dev/null +++ b/kustomize/base/operator/resources/service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: "confluent-for-kubernetes" + app.kubernetes.io/name: "confluent-for-kubernetes" + app.kubernetes.io/instance: "confluent" + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: "confluent-for-kubernetes-0.174.6" + name: "confluent-operator" +spec: + ports: + - name: http-metric + port: 7778 + protocol: TCP + targetPort: 7778 + selector: + app: "confluent-operator" + app.kubernetes.io/name: "confluent-operator" + type: ClusterIP + diff --git a/kustomize/base/operator/resources/serviceaccount.yaml b/kustomize/base/operator/resources/serviceaccount.yaml new file mode 100644 index 0000000..cf95403 --- /dev/null +++ b/kustomize/base/operator/resources/serviceaccount.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +imagePullSecrets: +- name: "confluent-registry" +kind: ServiceAccount +metadata: + labels: + app: "confluent-for-kubernetes" + app.kubernetes.io/name: "confluent-for-kubernetes" + app.kubernetes.io/instance: "confluent" + app.kubernetes.io/managed-by: "Helm" + app.kubernetes.io/component: "confluent-operator" + helm.sh/chart: "confluent-for-kubernetes-0.174.6" + name: confluent-for-kubernetes + diff --git a/kustomize/base/secrets/c3-mds-client.yaml b/kustomize/base/secrets/c3-mds-client.yaml index 3d6d429..d88f450 100644 --- a/kustomize/base/secrets/c3-mds-client.yaml +++ b/kustomize/base/secrets/c3-mds-client.yaml @@ -1,5 +1,6 @@ apiVersion: v1 data: + basic.txt: dXNlcm5hbWU9YzMKcGFzc3dvcmQ9YzMtc2VjcmV0Cg== bearer.txt: dXNlcm5hbWU9YzMKcGFzc3dvcmQ9YzMtc2VjcmV0Cg== kind: Secret metadata: diff --git a/kustomize/base/secrets/confluent-license.yaml b/kustomize/base/secrets/confluent-license.yaml new file mode 100644 index 0000000..42d6e30 --- /dev/null +++ b/kustomize/base/secrets/confluent-license.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +data: + license.txt: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SmhkV1FpT2lKdmNHVnlZWFJ2Y2kxMGNtbGhiQ0lzSW1WNGNDSTZNVFl5TkRRME16VXpOU3dpYVdGMElqb3hOakl4T0RVeE5UTTFMQ0pwYzNNaU9pSkRiMjVtYkhWbGJuUWlMQ0p6ZFdJaU9pSmpiMjUwY205c0xXTmxiblJsY2lKOS5rak1nXzBKb0E5eGpubUNRcWd5VkFEb0ZoeVk2NklKUWZlM2ttT0wxclgydElmck1XY0dBek95aXVXYXlWVjJDa0IwTTdPTFlLdVdyVXR2N0R1OUc2WDJnR0Ntd0hVRTdjeW4wd0lxZm9ObllqTnBGVklNakZ6NlBUTDJobGRZTEJSMW93aXNHQjgyRC1lNU54d083NkRudm1zd2w1MEhXN25yYWRZdjJxOXk1czVBTEFZcE1Vb3RGY2lRd3puVGNabEdvd2Y4SThQZ045SVRfSnlqUHpPMkpwRGJjMG1ocmpaU05kcG15U3IzcFRlbjZXaGxlQUU0Q3VJd0FTQmFhdXJrckZUa1NlMU1EVlJRZnhLVDBqV0ZJdjFBX2p5LVpKR0lyRFZDejNkX3hRNjlIMV9kbWgzRktrVXdEbE5rdkVhNndqaXA5VDVRaEdTbnJNeUgtSHc= + publicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2YUd5OFRPZGJDTXlTTTd6cVpzeApuNjJ5dUUrQmhJUGxjOXo5Y3RyWCt0QldOQ0NKZVBaYktIVFpTOXVLTGVLVWk5dTA3dHMvMzVYUm5FNEFURDZxCmx3am5Tb0pPa2VJWGNZaUorWEdFeE4xb1JFOFJsNW90dmRtSkVzYjlZNkpzZmUybFJDQ3NaTng2azFzMU5tUUYKUjR3blJpS3lsSWlZSjl1V1VHZkgxOEpLWnFNOHo5UXFrWi8relFrekhOWXNYbi9ZeVJ1RElRWGVVU2VjaHI5MwpKanQ3OUFpa3NraWNvVDA0bHF6L0dhSHoyV0pFeXV2TExFMWpOQk9Db21LbDA1UWIreXZKbUdudC83SFg2SFQ3CjNobkNYYnNsd3R6cDBDbWVHT2lKUmJKeGJhaGtURnFoMW9LcVpYVURDWnJLQ05OUnZYcU4vUUhxbmF3bzZrSnkKOHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t +kind: Secret +metadata: + name: confluent-operator-licensing diff --git a/kustomize/base/secrets/connect-mds-client.yaml b/kustomize/base/secrets/connect-mds-client.yaml index 3adbc0b..19f5229 100644 --- a/kustomize/base/secrets/connect-mds-client.yaml +++ b/kustomize/base/secrets/connect-mds-client.yaml @@ -3,5 +3,4 @@ data: bearer.txt: dXNlcm5hbWU9Y29ubmVjdApwYXNzd29yZD1jb25uZWN0LXNlY3JldAo= kind: Secret metadata: - creationTimestamp: null name: connect-mds-client diff --git a/kustomize/base/secrets/kustomization.yaml b/kustomize/base/secrets/kustomization.yaml index 43da054..5f21d00 100644 --- a/kustomize/base/secrets/kustomization.yaml +++ b/kustomize/base/secrets/kustomization.yaml @@ -3,6 +3,7 @@ kind: Kustomization resources: - ca-pair.yaml - c3-mds-client.yaml + - confluent-license.yaml - connect-mds-client.yaml - credential.yaml - ksqldb-mds-client.yaml diff --git a/kustomize/environments/production/control-centre.yaml b/kustomize/environments/production/control-centre.yaml index a67a214..9a3a67e 100644 --- a/kustomize/environments/production/control-centre.yaml +++ b/kustomize/environments/production/control-centre.yaml @@ -10,4 +10,12 @@ spec: kafka: bootstrapEndpoint: kafka.production.svc.cluster.local:9071 mds: - endpoint: https://kafka.production.svc.cluster.local:8090 \ No newline at end of file + endpoint: https://kafka.production.svc.cluster.local:8090 + connect: + - name: connect + url: https://connect.production.svc.cluster.local:8083 + ksqldb: + - name: ksqldb + url: https://ksqldb.production.svc.cluster.local:8088 + schemaRegistry: + url: https://registry.production.svc.cluster.local:8081 diff --git a/kustomize/environments/production/schema-registry.yaml b/kustomize/environments/production/schema-registry.yaml index 0264051..afea6b4 100644 --- a/kustomize/environments/production/schema-registry.yaml +++ b/kustomize/environments/production/schema-registry.yaml @@ -6,6 +6,10 @@ metadata: spec: tls: secretRef: tls-group1 + configOverrides: + server: + - confluent.schema.registry.anonymous.principal=true + - authentication.skip.paths=/* dependencies: kafka: bootstrapEndpoint: kafka.production.svc.cluster.local:9071 diff --git a/kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml b/kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml new file mode 100644 index 0000000..6d2989f --- /dev/null +++ b/kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml @@ -0,0 +1,19 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: confluent + namespace: confluent +spec: + interval: 1m + chart: + spec: + chart: confluent-for-kubernetes + sourceRef: + kind: HelmRepository + name: confluent-private + namespace: flux-system + values: + image: + registry: docker.io + rbac: true + name: confluent-operator-global \ No newline at end of file diff --git a/kustomize/infrastructure/confluent-operator-helm-release-production.yaml b/kustomize/infrastructure/confluent-operator-helm-release-production.yaml index d8336cb..3f16b0c 100644 --- a/kustomize/infrastructure/confluent-operator-helm-release-production.yaml +++ b/kustomize/infrastructure/confluent-operator-helm-release-production.yaml @@ -14,4 +14,8 @@ spec: namespace: flux-system values: image: - registry: docker.io \ No newline at end of file + registry: docker.io + name: confluent-operator-global + rbac: true + namespaced: true + namespaceList: ["dev", "production", "confluent"] diff --git a/kustomize/infrastructure/kustomization.yaml b/kustomize/infrastructure/kustomization.yaml index 1224293..ffd02fd 100644 --- a/kustomize/infrastructure/kustomization.yaml +++ b/kustomize/infrastructure/kustomization.yaml @@ -4,6 +4,7 @@ resources: - namespaces.yaml - proxy.yaml - ldap.yaml - - confluent-operator-credentials.yaml - - confluent-operator-helm-release-dev.yaml - - confluent-operator-helm-release-production.yaml \ No newline at end of file +# - confluent-operator-credentials.yaml +# - confluent-operator-helm-release-dev.yaml +# - confluent-operator-helm-release-production.yaml +# - confluent-operator-helm-release-confluent.yaml \ No newline at end of file diff --git a/resources/application-secrets/licensing/license-key.txt b/resources/application-secrets/licensing/license-key.txt new file mode 100644 index 0000000..122a234 --- /dev/null +++ b/resources/application-secrets/licensing/license-key.txt @@ -0,0 +1 @@ +eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJvcGVyYXRvci10cmlhbCIsImV4cCI6MTYyNDQ0MzUzNSwiaWF0IjoxNjIxODUxNTM1LCJpc3MiOiJDb25mbHVlbnQiLCJzdWIiOiJjb250cm9sLWNlbnRlciJ9.kjMg_0JoA9xjnmCQqgyVADoFhyY66IJQfe3kmOL1rX2tIfrMWcGAzOyiuWayVV2CkB0M7OLYKuWrUtv7Du9G6X2gGCmwHUE7cyn0wIqfoNnYjNpFVIMjFz6PTL2hldYLBR1owisGB82D-e5NxwO76Dnvmswl50HW7nradYv2q9y5s5ALAYpMUotFciQwznTcZlGowf8I8PgN9IT_JyjPzO2JpDbc0mhrjZSNdpmySr3pTen6WhleAE4CuIwASBaaurkrFTkSe1MDVRQfxKT0jWFIv1A_jy-ZJGIrDVCz3d_xQ69H1_dmh3FKkUwDlNkvEa6wjip9T5QhGSnrMyH-Hw \ No newline at end of file diff --git a/resources/application-secrets/licensing/license-pem.txt b/resources/application-secrets/licensing/license-pem.txt new file mode 100644 index 0000000..bdd4a81 --- /dev/null +++ b/resources/application-secrets/licensing/license-pem.txt @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaGy8TOdbCMySM7zqZsx +n62yuE+BhIPlc9z9ctrX+tBWNCCJePZbKHTZS9uKLeKUi9u07ts/35XRnE4ATD6q +lwjnSoJOkeIXcYiJ+XGExN1oRE8Rl5otvdmJEsb9Y6Jsfe2lRCCsZNx6k1s1NmQF +R4wnRiKylIiYJ9uWUGfH18JKZqM8z9QqkZ/+zQkzHNYsXn/YyRuDIQXeUSechr93 +Jjt79AikskicoT04lqz/GaHz2WJEyuvLLE1jNBOComKl05Qb+yvJmGnt/7HX6HT7 +3hnCXbslwtzp0CmeGOiJRbJxbahkTFqh1oKqZXUDCZrKCNNRvXqN/QHqnawo6kJy +8wIDAQAB +-----END PUBLIC KEY----- \ No newline at end of file diff --git a/resources/application-secrets/populate_secrets.sh b/resources/application-secrets/populate_secrets.sh index 2616349..3992946 100755 --- a/resources/application-secrets/populate_secrets.sh +++ b/resources/application-secrets/populate_secrets.sh @@ -22,6 +22,7 @@ kubectl create secret generic mds-client \ # Control Center RBAC credential kubectl create secret generic c3-mds-client \ --from-file=bearer.txt=./users/c3-mds-client.txt \ +--from-file=basic.txt=./users/c3-mds-client.txt \ --dry-run=client --output=yaml > ../../kustomize/base/secrets/c3-mds-client.yaml # Connect RBAC credential kubectl create secret generic connect-mds-client \ @@ -40,4 +41,10 @@ kubectl create secret generic rest-credential \ --from-file=bearer.txt=./users/bearer.txt \ --from-file=basic.txt=./users/bearer.txt \ --from-file=plain.txt=./users/bearer.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/rest-credential.yaml \ No newline at end of file +--dry-run=client --output=yaml > ../../kustomize/base/secrets/rest-credential.yaml + +# Confluent licensing +kubectl create secret generic confluent-operator-licensing \ +--from-file=license.txt=./licensing/license-key.txt \ +--from-file=publicKey.pem=./licensing/license-pem.txt \ +--dry-run=client --output=yaml > ../../kustomize/base/secrets/confluent-license.yaml \ No newline at end of file From 35a9091690cf6a4e97381df6187521bf1a4147e2 Mon Sep 17 00:00:00 2001 From: BoySherman Date: Thu, 1 Jul 2021 16:36:59 +0100 Subject: [PATCH 09/11] Clean up (#6) Striped down kafka-gitops to a more minimal solution (no rbac for example, cleaner code) --- MANUAL_PROCESS.md | 22 - README.md | 213 +- flux-system/gotk-sync.yaml | 12 +- .../base/confluent/ca-pair-sslcerts.yaml | 8 + kustomize/base/confluent/certificates.yaml | 108 - kustomize/base/confluent/control-centre.yaml | 59 +- kustomize/base/confluent/kafka-connect.yaml | 33 +- kustomize/base/confluent/kafka.yaml | 110 +- kustomize/base/confluent/ksqldb.yaml | 27 - kustomize/base/confluent/kustomization.yaml | 2 +- kustomize/base/confluent/rest-class.yaml | 9 + kustomize/base/confluent/rest-proxy.yaml | 192 - kustomize/base/confluent/schema-registry.yaml | 26 +- kustomize/base/confluent/zookeeper.yaml | 7 - kustomize/base/kustomization.yaml | 5 +- .../base/operator/crds/kustomization.yaml | 13 - ...rm.confluent.io_confluentrolebindings.yaml | 249 - .../crds/platform.confluent.io_connects.yaml | 3103 ---------- .../platform.confluent.io_controlcenters.yaml | 3032 ---------- ...latform.confluent.io_kafkarestclasses.yaml | 361 -- .../crds/platform.confluent.io_kafkas.yaml | 4981 ----------------- .../platform.confluent.io_kafkatopics.yaml | 287 - .../crds/platform.confluent.io_ksqldbs.yaml | 2719 --------- .../platform.confluent.io_migrationjobs.yaml | 669 --- ...latform.confluent.io_schemaregistries.yaml | 2333 -------- .../platform.confluent.io_zookeepers.yaml | 1551 ----- .../base/operator/resources/clusterrole.yaml | 116 - .../resources/clusterrolebinding.yaml | 19 - .../base/operator/resources/deployment.yaml | 95 - .../operator/resources/kustomization.yaml | 8 - .../base/operator/resources/service.yaml | 22 - .../operator/resources/serviceaccount.yaml | 14 - .../rolebindings/connect/connect-base.yaml | 44 - .../rolebindings/connect/connect-groups.yaml | 16 - .../rolebindings/connect/connect-topics.yaml | 25 - .../rolebindings/connect/kustomization.yaml | 7 - .../controlcenter/controlcentre-base.yaml | 9 - .../controlcenter/controlcentre-clusters.yaml | 35 - .../controlcenter/kustomization.yaml | 6 - .../base/rolebindings/ksqldb/ksqldb-base.yaml | 29 - .../rolebindings/ksqldb/ksqldb-cluster.yaml | 14 - .../rolebindings/ksqldb/ksqldb-groups.yaml | 13 - .../ksqldb/ksqldb-ksqlcluster.yaml | 16 - .../rolebindings/ksqldb/ksqldb-topics.yaml | 19 - .../ksqldb/ksqldb-transaction.yaml | 13 - .../rolebindings/ksqldb/kustomization.yaml | 10 - .../base/rolebindings/kustomization.yaml | 9 - .../ldap/groups/kustomization.yaml | 5 - .../rolebindings/ldap/groups/ldap-groups.yaml | 77 - .../base/rolebindings/ldap/kustomization.yaml | 5 - .../ldap/users/kustomization.yaml | 5 - .../rolebindings/ldap/users/ldap-users.yaml | 0 .../schemaregistry/kustomization.yaml | 7 - .../schemaregistry/schemaregistry-base.yaml | 33 - .../schemaregistry/schemaregistry-groups.yaml | 17 - .../schemaregistry/schemaregistry-topics.yaml | 14 - kustomize/base/secrets/c3-mds-client.yaml | 8 - kustomize/base/secrets/ca-pair.yaml | 8 - kustomize/base/secrets/confluent-license.yaml | 7 - .../base/secrets/connect-mds-client.yaml | 6 - kustomize/base/secrets/credential.yaml | 14 - kustomize/base/secrets/ksqldb-mds-client.yaml | 7 - kustomize/base/secrets/kustomization.yaml | 13 - kustomize/base/secrets/mds-client.yaml | 7 - kustomize/base/secrets/mds-token.yaml | 8 - kustomize/base/secrets/rest-credential.yaml | 9 - kustomize/base/secrets/sr-mds-client.yaml | 7 - kustomize/base/topics/example-topic.yaml | 7 - kustomize/base/topics/kustomization.yaml | 4 - .../environments/dev/control-centre.yaml | 11 - kustomize/environments/dev/kafka-connect.yaml | 11 - kustomize/environments/dev/kafka.yaml | 11 - kustomize/environments/dev/ksqldb.yaml | 11 - kustomize/environments/dev/kustomization.yaml | 9 - .../environments/dev/schema-registry.yaml | 11 - kustomize/environments/kustomization.yaml | 3 +- .../production/control-centre.yaml | 21 - .../production/example-topic.yaml | 14 - .../production/kafka-connect.yaml | 13 - kustomize/environments/production/kafka.yaml | 13 - kustomize/environments/production/ksqldb.yaml | 13 - .../production/schema-registry.yaml | 17 - .../environments/sandbox/control-centre.yaml | 27 + .../environments/sandbox/kafka-connect.yaml | 12 + kustomize/environments/sandbox/kafka.yaml | 23 + kustomize/environments/sandbox/ksqldb.yaml | 13 + .../kustomization.yaml | 4 +- .../environments/sandbox/schema-registry.yaml | 12 + kustomize/environments/sandbox/zookeeper.yaml | 7 + .../confluent-operator-credentials.yaml | 8 - ...luent-operator-helm-release-confluent.yaml | 19 - .../confluent-operator-helm-release-dev.yaml | 17 - kustomize/infrastructure/kustomization.yaml | 10 - kustomize/infrastructure/ldap.yaml | 149 - kustomize/infrastructure/namespaces.yaml | 24 - kustomize/infrastructure/proxy.yaml | 18 - ...uent-operator-helm-release-confluent.yaml} | 16 +- .../{base => }/operator/kustomization.yaml | 4 +- kustomize/operator/namespaces.yaml | 9 + resources/application-secrets/README.md | 2 - .../certs/mds-publickey.txt | 9 - .../certs/mds-tokenkeypair.txt | 27 - .../licensing/license-key.txt | 1 - .../licensing/license-pem.txt | 9 - .../application-secrets/populate_secrets.sh | 50 - .../application-secrets/users/bearer.txt | 2 - .../users/c3-mds-client.txt | 2 - .../users/connect-mds-client.txt | 2 - .../users/creds-client-kafka-sasl-user.txt | 2 - .../users/creds-control-center-users.txt | 3 - .../users/creds-kafka-sasl-users.json | 5 - .../creds-kafka-zookeeper-credentials.txt | 2 - .../creds-zookeeper-sasl-digest-users.json | 3 - .../users/ksqldb-mds-client.txt | 2 - resources/application-secrets/users/ldap.txt | 2 - .../users/sr-mds-client.txt | 2 - resources/certificates/base-ca-config.json | 26 - resources/certificates/base-ca-csr.json | 16 - .../certificates/base-server-domain.json | 19 - .../certificates/generate_certificate.sh | 26 - resources/certificates/replace_certificate.sh | 25 - resources/git/git_repo.sh | 6 - tldr.sh | 46 - 123 files changed, 213 insertions(+), 21544 deletions(-) delete mode 100644 MANUAL_PROCESS.md create mode 100644 kustomize/base/confluent/ca-pair-sslcerts.yaml delete mode 100644 kustomize/base/confluent/certificates.yaml create mode 100644 kustomize/base/confluent/rest-class.yaml delete mode 100644 kustomize/base/confluent/rest-proxy.yaml delete mode 100644 kustomize/base/operator/crds/kustomization.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_connects.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_controlcenters.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_kafkarestclasses.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_kafkas.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_kafkatopics.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_ksqldbs.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_migrationjobs.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_schemaregistries.yaml delete mode 100644 kustomize/base/operator/crds/platform.confluent.io_zookeepers.yaml delete mode 100644 kustomize/base/operator/resources/clusterrole.yaml delete mode 100644 kustomize/base/operator/resources/clusterrolebinding.yaml delete mode 100644 kustomize/base/operator/resources/deployment.yaml delete mode 100644 kustomize/base/operator/resources/kustomization.yaml delete mode 100644 kustomize/base/operator/resources/service.yaml delete mode 100644 kustomize/base/operator/resources/serviceaccount.yaml delete mode 100644 kustomize/base/rolebindings/connect/connect-base.yaml delete mode 100644 kustomize/base/rolebindings/connect/connect-groups.yaml delete mode 100644 kustomize/base/rolebindings/connect/connect-topics.yaml delete mode 100644 kustomize/base/rolebindings/connect/kustomization.yaml delete mode 100644 kustomize/base/rolebindings/controlcenter/controlcentre-base.yaml delete mode 100644 kustomize/base/rolebindings/controlcenter/controlcentre-clusters.yaml delete mode 100644 kustomize/base/rolebindings/controlcenter/kustomization.yaml delete mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-base.yaml delete mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-cluster.yaml delete mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-groups.yaml delete mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml delete mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-topics.yaml delete mode 100644 kustomize/base/rolebindings/ksqldb/ksqldb-transaction.yaml delete mode 100644 kustomize/base/rolebindings/ksqldb/kustomization.yaml delete mode 100644 kustomize/base/rolebindings/kustomization.yaml delete mode 100644 kustomize/base/rolebindings/ldap/groups/kustomization.yaml delete mode 100644 kustomize/base/rolebindings/ldap/groups/ldap-groups.yaml delete mode 100644 kustomize/base/rolebindings/ldap/kustomization.yaml delete mode 100644 kustomize/base/rolebindings/ldap/users/kustomization.yaml delete mode 100644 kustomize/base/rolebindings/ldap/users/ldap-users.yaml delete mode 100644 kustomize/base/rolebindings/schemaregistry/kustomization.yaml delete mode 100644 kustomize/base/rolebindings/schemaregistry/schemaregistry-base.yaml delete mode 100644 kustomize/base/rolebindings/schemaregistry/schemaregistry-groups.yaml delete mode 100644 kustomize/base/rolebindings/schemaregistry/schemaregistry-topics.yaml delete mode 100644 kustomize/base/secrets/c3-mds-client.yaml delete mode 100644 kustomize/base/secrets/ca-pair.yaml delete mode 100644 kustomize/base/secrets/confluent-license.yaml delete mode 100644 kustomize/base/secrets/connect-mds-client.yaml delete mode 100644 kustomize/base/secrets/credential.yaml delete mode 100644 kustomize/base/secrets/ksqldb-mds-client.yaml delete mode 100644 kustomize/base/secrets/kustomization.yaml delete mode 100644 kustomize/base/secrets/mds-client.yaml delete mode 100644 kustomize/base/secrets/mds-token.yaml delete mode 100644 kustomize/base/secrets/rest-credential.yaml delete mode 100644 kustomize/base/secrets/sr-mds-client.yaml delete mode 100644 kustomize/base/topics/example-topic.yaml delete mode 100644 kustomize/base/topics/kustomization.yaml delete mode 100644 kustomize/environments/dev/control-centre.yaml delete mode 100644 kustomize/environments/dev/kafka-connect.yaml delete mode 100644 kustomize/environments/dev/kafka.yaml delete mode 100644 kustomize/environments/dev/ksqldb.yaml delete mode 100644 kustomize/environments/dev/kustomization.yaml delete mode 100644 kustomize/environments/dev/schema-registry.yaml delete mode 100644 kustomize/environments/production/control-centre.yaml delete mode 100644 kustomize/environments/production/example-topic.yaml delete mode 100644 kustomize/environments/production/kafka-connect.yaml delete mode 100644 kustomize/environments/production/kafka.yaml delete mode 100644 kustomize/environments/production/ksqldb.yaml delete mode 100644 kustomize/environments/production/schema-registry.yaml create mode 100644 kustomize/environments/sandbox/control-centre.yaml create mode 100644 kustomize/environments/sandbox/kafka-connect.yaml create mode 100644 kustomize/environments/sandbox/kafka.yaml create mode 100644 kustomize/environments/sandbox/ksqldb.yaml rename kustomize/environments/{production => sandbox}/kustomization.yaml (76%) create mode 100644 kustomize/environments/sandbox/schema-registry.yaml create mode 100644 kustomize/environments/sandbox/zookeeper.yaml delete mode 100644 kustomize/infrastructure/confluent-operator-credentials.yaml delete mode 100644 kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml delete mode 100644 kustomize/infrastructure/confluent-operator-helm-release-dev.yaml delete mode 100644 kustomize/infrastructure/kustomization.yaml delete mode 100644 kustomize/infrastructure/ldap.yaml delete mode 100644 kustomize/infrastructure/namespaces.yaml delete mode 100644 kustomize/infrastructure/proxy.yaml rename kustomize/{infrastructure/confluent-operator-helm-release-production.yaml => operator/confluent-operator-helm-release-confluent.yaml} (57%) rename kustomize/{base => }/operator/kustomization.yaml (51%) create mode 100644 kustomize/operator/namespaces.yaml delete mode 100644 resources/application-secrets/README.md delete mode 100644 resources/application-secrets/certs/mds-publickey.txt delete mode 100644 resources/application-secrets/certs/mds-tokenkeypair.txt delete mode 100644 resources/application-secrets/licensing/license-key.txt delete mode 100644 resources/application-secrets/licensing/license-pem.txt delete mode 100755 resources/application-secrets/populate_secrets.sh delete mode 100644 resources/application-secrets/users/bearer.txt delete mode 100644 resources/application-secrets/users/c3-mds-client.txt delete mode 100644 resources/application-secrets/users/connect-mds-client.txt delete mode 100644 resources/application-secrets/users/creds-client-kafka-sasl-user.txt delete mode 100644 resources/application-secrets/users/creds-control-center-users.txt delete mode 100644 resources/application-secrets/users/creds-kafka-sasl-users.json delete mode 100644 resources/application-secrets/users/creds-kafka-zookeeper-credentials.txt delete mode 100644 resources/application-secrets/users/creds-zookeeper-sasl-digest-users.json delete mode 100644 resources/application-secrets/users/ksqldb-mds-client.txt delete mode 100644 resources/application-secrets/users/ldap.txt delete mode 100644 resources/application-secrets/users/sr-mds-client.txt delete mode 100644 resources/certificates/base-ca-config.json delete mode 100644 resources/certificates/base-ca-csr.json delete mode 100644 resources/certificates/base-server-domain.json delete mode 100755 resources/certificates/generate_certificate.sh delete mode 100755 resources/certificates/replace_certificate.sh delete mode 100755 resources/git/git_repo.sh delete mode 100755 tldr.sh diff --git a/MANUAL_PROCESS.md b/MANUAL_PROCESS.md deleted file mode 100644 index ba07cab..0000000 --- a/MANUAL_PROCESS.md +++ /dev/null @@ -1,22 +0,0 @@ -## Deploy base Flux components -* Navigate to ./flux-system -* Run `kubectl apply -f gotk-components.yaml` - -## Add GitHub Deploy Key -* Navigate to ./resources/git -* Generate identity, identity.pub, knownhosts file -* Add identity.pub to 'deploy keys' in github -* run git_repo.sh - -[comment]: <> (## Deploy confluent-helm chart secrets) - -[comment]: <> (* Navigate to ./resources/confluent-helm) - -[comment]: <> (* Set ENV Vars) - -[comment]: <> (* run `senstive_secrets.sh`) - -## Deploy Flux Sync -* Navigate to ./flux-system -* run `kubectl apply -f gotk-sync.yaml` - diff --git a/README.md b/README.md index 6d3bfde..0892116 100644 --- a/README.md +++ b/README.md @@ -1,180 +1,95 @@ # GitOps for Apache Kafka Example -For this example we assume a single clusters simulated a production environment. The end goal is to leverage Flux and Kustomize to manage [Confluent Operator for Kubernetes](https://github.com/confluentinc/operator-earlyaccess). You can extend the with another cluster while minimizing duplicated declarations. +For this example we assume a single cluster simulating a production confluent environment. The end goal is to leverage Flux and Kustomize to manage [Confluent Operator for Kubernetes](https://github.com/confluentinc/operator-earlyaccess). You can extend with another cluster while minimizing duplicated declarations. -We will configure [Flux](https://fluxcd.io/) to install, deploy and config the [Confluent Platform](https://www.confluent.io/product/confluent-platform) using their private `HelmRepository` and `HelmRelease` custom resources. -Flux will monitor the Helm repository, and it will automatically upgrade the Helm releases to their latest chart version based on semver ranges. +We will configure [Flux](https://fluxcd.io/) to install, deploy and config the [Confluent Platform](https://www.confluent.io/product/confluent-platform) using their `HelmRepository` and `HelmRelease` custom resources. +Flux will monitor the Helm repository, and can be configured to automatically upgrade the Helm releases to their latest chart version based on semver ranges. You may find this project helpful by simply referencing the documentation, code, and strategies for managing Kafka resources on Kubernetes. Additionally, if you just wish to operate a working example of the new Confluent operator, the following usage instructions will guide you. -## Prerequisites -You will need a Kubernetes cluster version 1.16 or newer and kubectl version 1.18. - -In order to follow the guide you'll need a GitHub account and a -[personal access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) -that can create repositories (check all permissions under `repo`). - -Install the Flux CLI on MacOS and Linux using Homebrew: - -```sh -brew install fluxcd/tap/flux -``` - -Install the Confluent CLI -```she -curl -sL --http1.1 https://cnfl.io/cli | sh -s -- latest -``` - -Get early access by registering interest here: [Confluent Operator Early Access Registration](https://events.confluent.io/confluentoperatorearlyaccess) For this Early Access program, you will have received an API key (associated with your email address) to the Confluent JFrog Artifactory. This is required to pull down the Helm charts and Confluent Docker images. ## Repository structure The Git repository contains the following top directories: -- **apps** dir contains Helm releases with a custom configuration per cluster -- **infrastructure** dir contains common infra tools such as Confluent Operator, example LDAP controller and Helm repository definitions -- **clusters** dir contains the Flux configuration per cluster +- **flux-system** dir contains the required flux +- **kustomize/base** dir contains the base definition of the confluent stack. +- **kustomize/environments** dir containing an example environment, folders could be copied to create additional environments. Files within are 'patches' which are layered on top of the definitions found in kustomize/base +- **kustomize/operator** dir the helm chart definition for confluent-for-kubernetes (CFK). + ``` -├── apps +├── flux-system +├── kustomize │ ├── base -│ │ ├── kafka -│ │ └── rolebindings -│ ├── production -├── infrastructure -│ ├── confluent -│ ├── sources -│ └── tools -└── clusters - └── production -``` -### /apps -The apps configuration contains all the Confluent Platform configuration and is structured into: - -- **apps/base/kakfa/** dir common values for all clusters: namespaces, certificates, secrets, Confluent components via Helm release definitions and Deployments -- **apps/base/rolebings/** dir contains the common RBAC bindings for all deployments -- **apps/production/** dir contains the production values - -### /infrastructure -The infrastructure `sources` folder contains the [Flux Source Controller](https://fluxcd.io/docs/components/source/) configuration and some common tooling which is required for this Confluent LDAP / RBAC example. -```yaml -apiVersion: source.toolkit.fluxcd.io/v1beta1 -kind: HelmRepository -metadata: - name: confluent-private - namespace: flux-system -spec: - url: https://confluent.jfrog.io/confluent/helm-early-access-operator-2 - secretRef: - name: https-credentials - interval: 5m +│ │ ├── confluent +│ ├── environments +│ │ └── sandbox +│ └── operator ``` -Note secretRef: The Confluent helm repository is private and requires a username and password which we must create. -Note that with interval: 5m we configure Flux to pull the Helm repository index every five minutes. If the index contains a new chart version that matches a HelmRelease semver range, Flux will upgrade the release. - -The `confluent` folder contains the Helm release which is performed by the [Helm Controller](https://fluxcd.io/docs/components/helm/helmreleases/) and also requires access to the private Docker registry to pull down the Confluent images. -```yaml -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: confluent - namespace: confluent -spec: - interval: 1m - chart: - spec: - chart: confluent-for-kubernetes - sourceRef: - kind: HelmRepository - name: confluent-private - namespace: flux-system - values: - image: - registry: confluent-docker-internal-early-access-operator-2.jfrog.io -``` -Note: The Helm automatically looks for a secret called `confluent-registry` which we must create in the confluent namespace. -## Setup -Following this example, you'll set up secure Confluent Platform clusters with SASL PLAIN authentication, role-based access control (RBAC) authorization, and inter-component TLS. The clusters dir contains the Kustomization definitions:: -``` -./clusters/ -└── production - ├── apps.yaml - └── infrastructure.yaml -``` -1. Using GitOps will require the FluxCD toolkit to have read and write access to the repository. For your own local version, you must create a fork of this repository and clone it locally; otherwise, the GitOps automation will not be authorized to read and write from the repository. Fork this repository on your personal GitHub account and export your GitHub access token, username and repo name: -```sh -export GITHUB_TOKEN= -export GITHUB_USER= -export GITHUB_REPO= -``` - -2. After forking and cloning the repository, navigate to the project root and verify that your production cluster folder satisfies the prerequisites with: -```sh -flux check --pre -``` +## Forking this repository. +In order to showcase the GitOps behaviour of the FluxCD toolkit you will require the ability to write to a repository. Fork this repository, and update line 11 of the file `./flux-system/gotk-sync.yaml` to the new https git address of your forked repository. Also make note of line 10 'branch'; this is the branch of the repository which Flux will monitor -3. Flux will now need connectivity do your cluster, ensure the correct kubectl context to your cluster and bootstrap Flux: -```sh -flux bootstrap github \ - --owner=${GITHUB_USER} \ - --repository=${GITHUB_REPO} \ - --branch=main \ - --personal \ - --path=clusters/production -``` +## Deploy base Flux components +### Overview +This step will install the base Flux kubernetes components onto your kubernetes cluster. To inspect what is being applied, simply look through the contents of `./flux-system/gotk-components.yaml`. You will see a mix of Custom Resource Definitions, Service Accounts, Deployments, and other various components. After the application of these resource definitions is completed, you should see the following pods running: -```sh -flux bootstrap github \ - --owner=${GITHUB_USER} \ - --repository=${GITHUB_REPO} \ - --branch=develop-andrewmccully \ - --personal \ - --path=kustomize -``` +* Helm-Controller +* Kustomize Controller +* Notification Controller +* Source Controller -4. Deploy the secrets required by the application. The secrets referenced in `./resources/populate_secrets.sh` will match up to the LDAP/LDIFs located at `./infrastructure/tools/ldap.yaml` -```sh -./resources/populate_secrets.sh -``` +For more information on what these controllers do, please review [the documentation here](https://fluxcd.io/docs/components/). -5. The source controller will be unable to pull the Helm chart or connect to the Docker registry. You now should create the following secrets using Confluent early access credentials: -```sh -export USER= -export APIKEY= -export EMAIL= - -kubectl create secret docker-registry confluent-registry -n dev \ - --docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ - --docker-username=$USER \ - --docker-password=$APIKEY \ - --docker-email=$EMAIL && \ -kubectl create secret -n flux-system generic https-credentials \ ---from-literal=username=$USER \ ---from-literal=password=$APIKEY -``` -Watch for the Helm releases being installed in production cluster: +### Deployment Process +* Navigate to `./flux-system` +* Run `kubectl apply -f gotk-components.yaml` + + +## Deploy Flux Sync +### Overview +This next step will tell Flux what repository to monitor, and, within that repository, what kustomization files to start with. The first Kustomize resource that Flux will look for to is located at `./kustomize/operator`. This will install the confluent-for-kubernetes Helm chart. After a successful health check of the operator (which will run as a pod), Flux will then proceed to deploy our first environment located at `./kustomize/environments/sandbox`. +### Deployment Process +* Navigate to `./flux-system` +* run `kubectl apply -f gotk-sync.yaml` + +## Watch Flux in action! +Now that we have flux monitoring the forked Git repository, let's demonstrate the GitOps behaviour! If everything has deployed successfully, you should see a healthy confluent stack looking like this: ```console -$ watch flux get helmreleases --all-namespaces +│ NAME PF READY RESTARTS STATUS IP NODE AGE │ +│ confluent-operator-global-7ffc5b469d-knmfj ● 1/1 0 Running 172.17.0.7 minikube 21m │ +│ connect-0 ● 1/1 0 Running 172.17.0.17 minikube 9m31s │ +│ controlcenter-0 ● 1/1 1 Running 172.17.0.11 minikube 21m │ +│ kafka-0 ● 1/1 3 Running 172.17.0.8 minikube 21m │ +│ kafka-1 ● 1/1 3 Running 172.17.0.10 minikube 21m │ +│ kafka-2 ● 1/1 3 Running 172.17.0.9 minikube 21m │ +│ ksqldb-0 ● 1/1 1 Running 172.17.0.12 minikube 21m │ +│ schemaregistry-0 ● 1/1 1 Running 172.17.0.14 minikube 21m │ +│ zookeeper-0 ● 1/1 0 Running 172.17.0.15 minikube 21m │ +│ zookeeper-1 ● 1/1 0 Running 172.17.0.16 minikube 21m │ +│ zookeeper-2 ● 1/1 0 Running 172.17.0.13 minikube 21m │ +│ ``` +To exhibit Flux, let's change our kafka replicas from the default of 3, to 4: +* In the file `./kustomize/environments/sandbox/kafka.yaml` uncomment the line `# replicas: 4`, commit that change to your repository (git), and push upstream. The next time flux performs a 'sync' (observable in the 'source controller' logs), it will the change to the kafka spec, and in turn increase our kafka cluster from size '3' to '4'. + +## Develop Locally +If you want to test configuration out locally without the need to push up to git (i.e. testing locally with Minikube), the deployment can be replicated very simply: +* Navigate to `./flux-system` +* Run `kubectl apply -f gotk-components.yaml` -## Appendix -### Useful commands +**instead of deploying the gotk-sync.yaml, we'll perform the kubectl kustomize applies ourselves.** -* Force Flux Reconciliation - `flux reconcile source git flux-system` +* Navigate to `./kustomize/operator` +* Run `kubectl apply -k .` -* Decode secrets - `kubectl get secrets -n flux-system https-credentials -o json | jq '.data | map_values(@base64d)'` - `kubectl get secrets -n flux-system flux-system -o json | jq '.data | map_values(@base64d)'` +**monitor the running pods, wait until the 'confluent-operator' pod is in a running state** -* Access Control Centre - `kubectl port-forward -n confluent controlcenter-0 9021:9021`. The web UI credentials will be c3/c3-secret (as defined by the populated secrets) +* Navigate to `./kustomize/environments/` +* Run `kubectl apply -k .` -* LDAP Testing. Exec onto the ldap container by running: `kubectl exec -it -n tools ldap -- bash`. Running - `ldapsearch -LLL -x -H ldap://ldap.tools.svc.cluster.local:389 -b 'dc=test,dc=com' -D "cn=mds,dc=test,dc=com" -w 'Developer!'` will return a list of LDAP users presently configured -* For testing a repeatable deployment process, for example on a local minikube, a `tldr.sh` script which captures the above steps has been included at the root of this project \ No newline at end of file diff --git a/flux-system/gotk-sync.yaml b/flux-system/gotk-sync.yaml index 25060d9..589f197 100644 --- a/flux-system/gotk-sync.yaml +++ b/flux-system/gotk-sync.yaml @@ -7,10 +7,8 @@ metadata: spec: interval: 1m0s ref: - branch: playground - secretRef: - name: flux-system - url: ssh://git@github.com/osodevops/kafka-gitops + branch: develop + url: https://github.com/osodevops/kafka-gitops.git --- apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 kind: Kustomization @@ -19,7 +17,7 @@ metadata: namespace: flux-system spec: interval: 10m0s - path: ./kustomize/infrastructure + path: ./kustomize/operator prune: true sourceRef: kind: GitRepository @@ -28,7 +26,7 @@ spec: - apiVersion: helm.toolkit.fluxcd.io/v1beta1 kind: HelmRelease name: confluent - namespace: dev + namespace: sandbox validation: client --- apiVersion: kustomize.toolkit.fluxcd.io/v1beta1 @@ -40,7 +38,7 @@ spec: dependsOn: - name: confluent-infra interval: 5m - path: ./kustomize/environments/dev + path: ./kustomize/environments/sandbox prune: true sourceRef: kind: GitRepository diff --git a/kustomize/base/confluent/ca-pair-sslcerts.yaml b/kustomize/base/confluent/ca-pair-sslcerts.yaml new file mode 100644 index 0000000..1f134a8 --- /dev/null +++ b/kustomize/base/confluent/ca-pair-sslcerts.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVS3Mxa1FBS0lUSjZmd3N5ZFBBNkNrZ2Raekl3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05NakV3TlRJMU1USXlNekF3V2hjTk1qWXdOVEkwTVRJeU16QXdXakJrTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTgpNQXNHQTFVRUNoTUVRV050WlRFT01Bd0dBMVVFQ3hNRlRYbFBjbWN4RHpBTkJnTlZCQU1UQmxSbGMzUkRRVENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTFhBdlhEVmJoNkNIT1Q0TlBnZkR4aG8KMXpzaUk4Zk4vanhNTjU2WlZrNDlIbmtDZE1IcjFiVjRxOUZkVFpwZisrVGZmRXdoTkJTZkpkRUh6TFV6VW1rUQp6WFk5Mno4YkQ0QXZCeE5sd0E0RGVRY1F2N2tZYVhWY2tZdVRpWitvcDdHaFVIVUFxY3hQSFBhUS9qL3FXU0JzClhzVTdVRDBMeDl5VXVtN3Uwa1NZUEZoc013YW1yWG5lcmRJc1dnL0RqUlRCZ041K201cUIvZkxYTlBqWXhVZEYKRXh6WU5kclVFRDkxSnEzZEFGQVY3dlJOYXczTDV5VkJ2bE9vRGx4UEo2ZjVmZHRMYXhrRWZhSEczUDU0c3A2YwpSTUNRNmMwd3NMT1ZaWjFIeWMvNk1iSWhSVTdITVhkSTllY2UvYnVFWmVSOUZtT2g5R3orSDFTUG5PTWdHVWNDCkF3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME8KQkJZRUZCdjdUUmU0d3FQNktnV09pcjZBUTNCRVJiL1JNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUEwazBONwpHb09xR3FpUzRLbUFxNWpTWHRwMTVBYjRmS0dJL3pZSHdiVWNiTVNxUGNsczhUSkRrcXpmaFgyL2ZKN1hkc2hHCkkrTHNMbXFSM0hFNEtoNFRHcVFXTE1hRWxjSjNwYjlTbFJxY2dBbEVWMStkNDRkOXI1cVlGRlA3VkJwWTBuYWIKMVFLeHFyUWd4bmFjQzJmaTlxdGV6M01ubUJoMVRUOXowOHlaaURPVHpteHlpVTRTcmZzRFEwVEw5YXdZb2dFawpJRTUvN2thRjYrbzNNSng4TGF6UkV6TmhNYTdlQ2NCUUFmKzFXMERFdDQvNWR6bk10MVNYTmNOaENzUDFHVU1rCkZwQkIyZjIrVnloNjVjSjBWVk5rN2gvSDlPRnl5a2NYNWhEeHRaMXpuWDhvQWpZTks1WTVBbDBreVdabzZmTWQKZ3llZm1rY2VzV1dTMTdqcwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBdGNDOWNOVnVIb0ljNVBnMCtCOFBHR2pYT3lJang4MytQRXczbnBsV1RqMGVlUUowCndldlZ0WGlyMFYxTm1sLzc1Tjk4VENFMEZKOGwwUWZNdFROU2FSRE5kajNiUHhzUGdDOEhFMlhBRGdONUJ4Qy8KdVJocGRWeVJpNU9KbjZpbnNhRlFkUUNwekU4YzlwRCtQK3BaSUd4ZXhUdFFQUXZIM0pTNmJ1N1NSSmc4V0d3egpCcWF0ZWQ2dDBpeGFEOE9ORk1HQTNuNmJtb0g5OHRjMCtOakZSMFVUSE5nMTJ0UVFQM1VtcmQwQVVCWHU5RTFyCkRjdm5KVUcrVTZnT1hFOG5wL2w5MjB0ckdRUjlvY2JjL25peW5weEV3SkRwelRDd3M1VmxuVWZKei9veHNpRkYKVHNjeGQwajE1eDc5dTRSbDVIMFdZNkgwYlA0ZlZJK2M0eUFaUndJREFRQUJBb0lCQUd2aU5WQ2xqNURTWUw1VQp5blJCVTErRTA4VUk5YjRpK3ZibHN0b1VZSk5lV2hrd0tRZjJxY3JuRHUzZWVUTGFLSlhwUmttV0oralpzc1BKCjRtdm9ROUdUcExHNzg4a1lrZkhmZUU2K1JlckxpdXB6dWFudjRLRkdTaXBVY0F0eU8rQUhSYys5amd4MUpWY0MKSjdqZXJQcSsrTjRQNEFmc1Z6MEtsME5EeFZIckgwcmFJYWhrbG1jQVNjU21xbGpYc0JLd3RRY1ZaRjhGM0RTQQp6cmp4MHZPSnN6R0NDak9zaVo3NnVOOUhscTJhYmV0VDFZdkFBa091VHZVcUZweFB3RG5qTWxtOGk4dW1zdGx4ClEwcEo4N0xEcDZOZWxPSVkvS2lpb1dVdXBrdTB0REFldzk4Z3NhOFBoZUJPYzVoN1g5UkJNWmE0dTlLdm9PcngKLzF1U3Fka0NnWUVBMTF1RDdPTG5Pd010QVo2cXZrMlk5Vm80MkxpSGZtV1dJSkVuZVNQNCtwdS95bjVRUTM3dwpkVjhhRFQxc3M0NWNRU1NJVzZoOUlJSWJ1NDVhZ2JrQWtLRVhvUUNkTUxFSWFLV0hHM0hUa3ZHUHpXNjNnVGJaCm9YaU1XdWlCd3Q0TnVmV1FaSmQ4S2c1ZEtRYkVtMTFsWm1BUlhXd1JUWkI0Sk9XV2NPT0N6aDBDZ1lFQTJBMnkKNFdxN3dBTzhacUVacHNQS3B0S1JnTmV2RHM0Z3F1eVV0aUNyRjkrbjlhL0NFRkVRdS9ZWENxaWhFRnRZMDJWcwo3L2Z4dDNVWlN1Rk4wR2VKcDk2YTNnMW45OHRBdjlrMytyTTRXWUtOMlVTdnFqR0Y0SUMyQktWK0crSC9oc1N2CjNEd3pzZFA3bnZoRCs5dmVDeUtFbVZqSnE4RTVJd040UlljODk3TUNnWUJMVHo5MUtXdi9JUDh1SDlSSnRFMFgKRDdQdFphcE1NeTRxdVZmNmJ1LzBnMTZ3YXplYVF0dkh6N2dHaFVKc0VBNkc0VVdsOStlNTVJWGFNcy9IcVhCZgpJMVptQVJiM0hoRjR0dG5tYVFtNXl5dWtoV0U2bUhuR2s2ZFJheGxsa2MxdkNFYTBScDB1LzlMb00rdXhBUm9pCmtObkJ0N2JkVHZZVXdReTQ4WGFlcVFLQmdCTnNoOXlFUUFUdlVRelpCdmxiT09qdW5XNDc5ZDBhNHd6NjRCUFAKdEJJZFpYaE5LT0ZXcUc1OW5XeXo1R2NZRDFCU0dnMG8rVzVJOU5FcW1GaFlOcVFFKzE5alRTbVYrR2hIR3lWSwozNUlNanJ3dDFLMDBicGpVZVlqSmFDRVJuR3Q5VzJJdGQyaFJhcG5NTURDQWYrSDRaSHQwNUF5dy9uWUxaZEM2CmE5ekpBb0dBU0JIYlRPWVo1SGdMVmhOYTFrNVFzc1BOSEppWVIwaWk0TXVWUGh5WTJKVEpUaWNiUlZldHJ1cVcKNFlCQjRHN0RZTmNsNU9JWURyM0J6VHdsYlRUTkNqNXJIMmtwL2dyMUk4d005TlYxWFV6dUp3WFZVVTc3OGJwaApiL3FtblhyWHdqVFJLZVFsbitleis5RzlxUGIySHVPa3pyQ2UzVmlQeDRIWTYrbzVLNHc9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== +kind: Secret +metadata: + name: ca-pair-sslcerts +type: kubernetes.io/tls diff --git a/kustomize/base/confluent/certificates.yaml b/kustomize/base/confluent/certificates.yaml deleted file mode 100644 index 5d34267..0000000 --- a/kustomize/base/confluent/certificates.yaml +++ /dev/null @@ -1,108 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: ca-pair-sslcerts -type: kubernetes.io/tls -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzCnVFM0dWemp2dEFKbno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTQKakNYaEJpcU5RcXkrMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWQpKNGtNcEJGalhjNmVFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkCjJCTVhSY2pBR3dUek9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzIKYjhLV3hQTHVjUDFaY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2bwpuTTVIVW1YR212cjBPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1CkhOU2RsemhLVC9xZG5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGEKNnpCbHZhUHo3WHRST2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVgpFWi92Q2lCNHEzTEh2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxCnlvUmNpaFAyNVlUV1BjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUEKQVFLQ0FnQXZ3TktEeEw3Nnl0Rm42RGVpaUVWSVhzQWR2cHNwQm9TY3FBYTFMOG5DeVV2eTl3RDNFcE01cTJuRQorTFIzck42TkZTL084dUQzbTVEUk1Ma00vd3grclgzZVFrc2U0L2Q1OU52U0hLUVJQQmxYaEhpOGc5YWl6L0FyCmNxU2JUSGFvNTZVSExiUFlGUExMdHYvTjNUeVNFOFQvS2FZNjk5SUJrVnhzcmtwR0VUYmd0WmcvUzA5N0JxTUQKMFpZaVNUUEt5REtmaThMTngwUzdaczZYSXJLbjhES2ZsYnZUNStzaHkzYUQxd1hHRGYyQjlGV1c3MUtNMmNVYgpZMG1Yb2VNb1U5aFBXMEhWNjAydUdKRVBKMVh3T0pYTDMybGRsY1JjZVd5c0IwanNRQXphZmJQS1lOSlE2ZGJCCjlsT08wdVZ0a3FGRTgyNUp0a001Ry9iOHVkZldmdlFmcEswWU51aTBuRlVNRmowNHd4WUl1RWNvWDU0RFlzMFMKTnhxRWRqUE1VMUl4bzNXb2dvVU9CRUdLMmFVakIwSVA1SGk1QlN0Tld2bVcrTUMwN3cxUDQxWUJvaVpuT1ZleQp0ZDFoc0p1RW5LVVlCU2pDME9IRnNPMlcveEdhZEU3TVlLUzAzcWh6eVVxVmlKTmNvZkxDckNLNDkyZHJOckU1CjYvTjVvcUtpRzIySE9qejBLblV6T1I3S3QyVjVtYlVQTkQrWGxjRlBKNmo5ZU1CU0t0YlgvQnZXR0ZMSGJtL3UKOXZVQjFvSFErR0IzSlVJNTRSRGY5WXMyTlIrM0VVWmdvakcybzZXbE1PTDNMMm93OGQrYllZZEt3SHUxcVlMSQpLSWJvTnJYRTVYcmYvSUdwNmQ2WXExbURXd09PS1AxTzUvVFFqSHdQWXNNMlpObFlxUUtDQVFFQThzQmtndnB0Clo3MDlxMkZDQWRIZnBsK0RQMllPL0g5emFqc1Z5M2ZWTmtlTUQ4V2ZvQUppZnFPbEQ3d0s4SVNzTFVkRThHVnIKdzVmQjdBUTVONUZFekc1WVZFU1pTY0oydnF5RnVUVHEwcm93VFF4NDZaTWEyS25kZnRIdVJKZitjczV1eFV0YQpMZ3grNHBsK3Q1NEI3NUd2TkdOaE4wNHlPbHZUU2EzRDZYNDFGTDJ4TFRxcjA3YjVZTTZlTXNoQ1BKMWF4Ti9yCmpQb1RQUDJxYkRObE53RWlBcm9Vb3lacitrVzh6Nkx0eWxkSTBWNjhsYW53NkhabXptazNUSExVTXJzV2EvWmQKdUIybGY3UklKdHg5QVVkZm8rWHRmUk54WGgxZWtlQXkvbWh3dUN0M0JSWU13ek5weVRld3BMa0dzTUNJREZ3SwprODhjTEN4ZUtUTFpYd0tDQVFFQXhQcnlGbEhlZHBPR1JteHRaZGRRaGg3YlB5M0R1aThjZjYrdmVhT2JkN3QyCnZuQUpUaWtYT0VLOUoxU2k2S1QzbDdicm01b0dzangxZHNmV1dPQ2VCbG81NEFXQU1hUWxzR2g3RWk0Y2dNeTUKMkJFb010Q0ZrRy9PMThrSndnNnoyTEhPbSswYlh3b0Y2eTdKbTUrbCtOeCtERWxCMnFaNGEwQzZQU3NKZExvNwpsN1NtNEorc2I0TVBmaktJd1Q0eWtqS09ObE9HT0ZhckpPQnZGWENpaStaeEIwK3ZzRHpaV2lSZGVSVEM2WlRPCjJWOXkxemdpd0d2dWQ3UDFraGZJZG9XU3grYjlhVTJzZUdtTzkydkw0UDNXUHRFdGhaTXF3R0t0Tzh1U0M3Mm0KckNaZDF1MmpISWVWNXRUR0I3bUg3WlFEYU5xMnhLb2lOeFIxaGVsSFpRS0NBUUFvRVF0Rjl4R1J1dEZ2OVFpUgpCbFAwd1BVSHhNK2FhMnJnVU1wRElBOUgrejBwNlVOMGhKQS9PTUZvdkcvTnpRZ2lIUTVLNDJLTEVRUkg4VmFFClRtemRsU1R0RzdsMVRDeVBRaWg4TGpqSCtVVTVvbUplb3hJZVNzTXRTSGNjU1Q0Tk12ZGpoeEZtWWxlYkRSeTIKTDlVLzluckZtZFdVN0Vvc0NiWHhCa1k4eHNENklHa2Evd0VYVzY4RGhIYm1DTm10NllidTBjcXVKU1NCdjVpZQpiVWs2Yit4dUtNcDVOMEZCT0x0MlJmMGJsWmFHUUMyK1FpTnFLd2pDN3VqYXJHVkx6a2RnSUhUTmk4OGlLZDV5CjA1ZXFXMTUwemVHSjhHaVkwUjRuMDZwM0JVUDlrZWIrSnVxS1dYVVBhaXEwdFhsZU9SajdlVUdocmVDSGhmY3cKczV6ZkFvSUJBUUM1REVKbXcyeHBHcmYyNnA5dkgvSXV2VWdjdHlKN2d3eVR5M2plbmR0TWhOak5tTFMxTDViMwpySUxFTXhlRDFJNGdnYUFmSW5pTjhvd3JGUnNCamFvR3I3WlZCUFhrTEorWGROL0JPWDVmWlhSbFRlRGtzODMxCjNZT0VaZ0Y3dzVJaXpROGFub21ySStCaGl5ZXN3ak1LY2lFYjY2b28vV0I4NldiTVZlVGhPcDhIS3BmbXh6b1gKM0JpdTVreGd0Y3lPV1Y0T0hUTW5OQXc5YlhZTnZ5MkVuZXlyQUtvOHR6MDlHSktUVC9TM3VLc0Z2RXhIY1IzOApoS2lXM1lHaVNDTnpiSkp5cDBhREtZd1A1cUovUDA1ZHhEa0Q5RUIranIySDFHdUhrL3RVZWtyY3lJSTVpaTlFCmV2OVF4YXh2ejFTcDFQWExDRVRReGorMFhNejNDeXFkQW9JQkFDcmlMYzdocmczNHZ2Q1F6dzN0cnk3b0JYL0sKSVhzZzBPY1BtSU9BZjhiaytUd2lBOWxFMWhwOU1IYkU5bER0cmF2WmIxTE5ZOHBPbE1GcVRMNkVHV0o1a0tQSgpxdW56Y200bHBUSUNCVUtMelQxdVhYa21WUTRreWM3SDZ4QXpkRUd6bkZlYlQydnE1aXRqZzIwWEVoeTFTMzZlCnNOVjkxaHYzZWRMT096NnRYc1lEdVY0RkJWWnloTmkzTGY3UE0xMEg4dE9XRzI4UlRnSTFGSTBvVnhacE5Hd1AKSFF1dkhlMWZway9uWm9Xd3RSejBuODVJSlN0T29mejc4dzZXTmdhY084bDBzZFhlT2lWZmNrMC9ZaG9rTUNNNgo5WFY5eUJ3enJoQ1Z1a0g0WXgvS2hyL0pIMWZlTlhHMng2UFgxbXRONzQvTDArcUtvZ29ha1Q0bHpFbz0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K ---- -apiVersion: v1 -kind: Secret -metadata: - name: connect-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRFlUQ0NBa2tDQVFBd1JqRUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhFREFPQmdOVkJBTVRCMk52Ym01bFkzUXdnZ0VpTUEwR0NTcUdTSWIzCkRRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREVXbTNJOWREdnBGK3d1MnZEOFdaaGFOSnhjMm1vWEw2WHZhYkgKQitaUWhYR3JGSjI1UFFZNis1WE1EaW1oZUhXcytWYjB0KzYycEhydktmVnNabURsZEFkMVdnVlJIZmsyOVF1SgpRTWsyazhrVUpBL2ExQ1ZEaCtkYUQ3K0hvZGo4NmZKSDFXNlRrbUlQeU83QWFuRENGbG04cWlqVmp5YUpVNHMrCnJIN1I1MitrekVDVXJrSk1uRVNpRkxzRDFTZDMvK1dLQUpYelc2UFI0ekM1YmpiRFVvM3lRSVh6TkZrVjhhRjQKYVloVTVxY0RXSTBkK1Z5TkR6REdRWUF2REdjQzVkaGpkVDI3dWFMeFRiWmc4V1NqSTJzZGE1NHo4T3lvRzliMApxTjRBQjNBeTFWV1hISEtlSDYvRWJLMzFOVFJuOTh1WFVWbWlYNzBlaitFbWhsTEJBZ01CQUFHZ2dkVXdnZElHCkNTcUdTSWIzRFFFSkRqR0J4RENCd1RDQnZnWURWUjBSQklHMk1JR3pnZ2RqYjI1dVpXTjBnaEZqYjI1dVpXTjAKTG1OdmJtWnNkV1Z1ZElJVlkyOXVibVZqZEM1amIyNW1iSFZsYm5RdWMzWmpnaU5qYjI1dVpXTjBMbU52Ym1acwpkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJVEtpNWpiMjV1WldOMExtTnZibVpzZFdWdWRJSWxLaTVqCmIyNXVaV04wTG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJZEtpNWpiMjVtYkhWbGJuUXUKYzNaakxtTnNkWE4wWlhJdWJHOWpZV3d3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQU1CNm9uSHMwOEV0QWE0aQpCZndYNTcyNXdSdUZKWFlBS2ZtZkg1eGFlVWNobnRhNW1tV2Y4Z1NyZVd3SDJPS3BneS9tZWYzYXdyWWhZWlBlClRMM2ZTZUdGZDdlYkR4Ty9oYW9ibk81THdtc0ZyekJPeDNhNTkrdXRCUGgvSHZMNWIwWll4c1ovdzQyYUw1T1IKWWpSTmVZMmlHaFVJRHFNbm1kZFpiRkNwMXVmNUp6N3RtdGxnN2J0Szd5T1pGVFZzZHZkVFZkbGdOekx2SWNRSAo5dTRNajhkV1lQb01waER6cmRiUmtqMVlsZU1EeHQzZ0RtRlhxTXNDQlJyMXBMTXJNb0lWdmhNc1RlWmpzN1AvCmhuL0o2dDVwNDIrRVpGVmE4S2VzeGNOVzBHZmEvRmdnM0RpK0hBcWY2dU01bXZQZGRNSTFSMVNEZjEzU3JJbloKbkdod1hyMD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EtLmkQAABQEwggT9MA4GCisGAQQBKgIRAQEFAASCBOmHkf+k/dFm49XH1xNNe9kMfnhChmgsnsA/yxQZEJ70Bj3tTq1X5Q+hkKKP/HBvN2cqSMx6bMCQtLCarZuilLYBQ910wG7mMJXqJJFpFNRdN/3om4mKWKZeEgkjy+Evpo0rs7PFCVnA8lYgYYcgwwadm0cuhwxHsvyFnUwum+OTp47f/zjwG2+4YvMBWGR297Se0+KcCBRnunacRFAttiltr3SwgN7LA4WutRm8VYVLR2VmjmhfxmX91UVEmtJ5UM7X3Dl2i8ClroUTGZpAfqlEw0U7Edkhdl7Gcw5QjxHcUL7vXyrOP6zK8+h6Foi+1sdYsVmcGAftM2I4ugH9KIv8YG6eCVesqIE2I10Djer5d+qmYGO1H0525xU3y/PH06DFymA4fh0c74l9b96vPRCyydN2IjtnLi+c5IvgkwKMMjSd+1c4/MrO7JCwZBx2QkxSced0emiXDEW27DbC/KPCjPTzc6X81104om0/UqAoJ2QyGevPZL27T/AhD9N2HmNEm/IRKkDD45IWVOLmS1bB+gsmOwGsUtfykt3BPPSaiGPL9mfH3J/16QaS/NaHvvC0FEaQ43hz049W+B4W8OmPY2oRNW6J1AjVw+lh3XJtCbGN7DnVlwEV2V3eMMMqF4XZGSboFq23VvDdBM1ZqcwlH4p970AqHkTg9O+5X506dNLGpFHKJzN5JdSeY2AOzkZIxDwK17ofxR4brTWZvHKkUSXDYUJv2nMfp/IF3ZcfoFOMY72X0ojU16nf/RJejumAF4fQDKkeMGDfTmOYsL8ACNR/yl/YqAI+LBcBD2U36IYc/SBOKtjPZasH8P7d1Yk/o6b3gQNBO0EexVUIY6c4UJIL+MZYfyX0cv/xEV22dhkVU2QbTtmbKTVvs0tC8NuXhzklVQmf60mAhEoTUWmlOwpnn7/upX5OYiJjEtsupo3fB8aS6zl7bZhAxuPcU39R49oALk/+iuyffj2dW8bU0JmYCpUyhFc6F93GEKK2acK6kIPrhiZnQ+0giMNM4XWI8ioVmD2XFx2u58OBYCMF01TIOiWKWtBNWesqR84C0zZWH6NXNgSgbW1rOeUxSN9+MkTFHdrUxxr9klax1bji7WJzrzNNWhdV23qJyFUCnUBtPufwGa6KJQ1Y5MpS5gijnzH13GkOdRdoavEsiTgeXCxq64jX2FwhLmiogrge5rnNTGzFwqt3kc3OuHPxItkHzv0sXmcxWGkYPAn9ShUrXvlNPNLc/Br5+7XdcGgKVETLyvVno0eZKTTQ3fXeiuXFq/r4FXK1fVJdGpjpfKw6LgGnRe1fKSIeVL/8ydvZOFOknandg2hIHitYIPgeuVKT/SsLPzfA7rbhSCV2nrYgviv/GUumL1jj06rtrvLNTFEXBcXYL3nXRixK72XkeUZ+MOLUQmsr+0SYcBPj0O7NrOCjRBRNEhGLinoyYiEKHiJ9tTZpWI8oAwUZ8guRjz78Lu7QdZS6UxVc/H8ObExQq/cYUkCHsoOvQm80xf2pkmKYUW69e33YjXxSKfk5Bhq49/0eRPyh36mUAdPbUdap+l1KP3gu9fg56CpXGzM0KpPA0Crd9gnVr1INvMoAcrYhwA8wZtLhFqV3LS/s3giOvKpxgoF8FFUflpoWQ2nEYdhAstRnVkrc8VPaLXUKQ/URjHiyapvndxwAAAABAARYNTA5AAAFHjCCBRowggMCoAMCAQICEQDuaKmy9452uDaLdOLVW0iDMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQyNzEwMTQ0MloXDTIyMDQyMjEwMTQ0MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoTBUR1ZnJ5MRUwEwYDVQQLEwxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMTB2Nvbm5lY3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEWm3I9dDvpF+wu2vD8WZhaNJxc2moXL6XvabHB+ZQhXGrFJ25PQY6+5XMDimheHWs+Vb0t+62pHrvKfVsZmDldAd1WgVRHfk29QuJQMk2k8kUJA/a1CVDh+daD7+Hodj86fJH1W6TkmIPyO7AanDCFlm8qijVjyaJU4s+rH7R52+kzECUrkJMnESiFLsD1Sd3/+WKAJXzW6PR4zC5bjbDUo3yQIXzNFkV8aF4aYhU5qcDWI0d+VyNDzDGQYAvDGcC5dhjdT27uaLxTbZg8WSjI2sda54z8OyoG9b0qN4AB3Ay1VWXHHKeH6/EbK31NTRn98uXUVmiX70ej+EmhlLBAgMBAAGjggEBMIH+MA4GA1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADCBvgYDVR0RBIG2MIGzggdjb25uZWN0ghFjb25uZWN0LmNvbmZsdWVudIIVY29ubmVjdC5jb25mbHVlbnQuc3ZjgiNjb25uZWN0LmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIITKi5jb25uZWN0LmNvbmZsdWVudIIlKi5jb25uZWN0LmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIIdKi5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWwwDQYJKoZIhvcNAQELBQADggIBAINqRb4iAE0vJ66Wvq+n3emjTv+PKNjmHn5mv4IGmubgWvoz4vLhmHxrfxHhYk81pZ5B48SWl9WyivmS523vSVrTDgjCI9Zawgblag8h+ZvxmkdkvD4M1r2gsyBaFhoERWGJb4mHvFovEtG9d9OL0ysGCpw67iOwYJf7xdPguw5oNLQVkXtzjUwAsSf8B89Rz+iisilBeGk+WzMDw91qhXb7CTFJ657400piFPI8Uj61Ua8tT5f41TojGY0Hf9DBSI9FsRtQWMmXAd1eo5jMJO2m8ui3CqEP0a/KQg/RB/v7iDtxaD5u9YYRpDf8l2UU+LmNKe7bfkhFH08uWkxSmrsMoG+8NqpJWZxw51pU5YuhZ2GZPmczQoYJsLyClUjd7+R4IpMJrjD0tfYYi4QtAjETNs3h4rIwNOXhFM1KQsJgJ0wVrYcGrLvYCiF6Q5IQUGU97Kj2jQUSk+kFEbk51jsg8HZuPREGB8IJ4X8bJOGptdc5e2i9NHih6k5U1VT7c1Ep7atWxjAY7mHNpfKyzxN7UlX223uE18jUptkGdUrcv4QN4oFmmak6+LWxFN0HQEAgKe3W/L5GUk4t+7KanMAcccr7bsPAs6D+gaJRAQlee6d+SuW2UWCIQEmjNsr0pIuNX5AMnwrpRnGiUoWt11i8EWuDo0cKfiM81l+I86HSAAAAAgACY2EAAAF5EtLmkQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGoi/Ja8QPuA/NAqzf3d5xdWvXJuUR - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZHakNDQXdLZ0F3SUJBZ0lSQU81b3FiTDNqbmE0Tm90MDR0VmJTSU13RFFZSktvWklodmNOQVFFTEJRQXcKUmpFTE1Ba0dBMVVFQmhNQ1EwZ3hEakFNQmdOVkJBb01CVVIxWm5KNU1SVXdFd1lEVlFRTERBeEpibk5wWjJoMApjeUJRVDBNeEVEQU9CZ05WQkFNTUIxSnZiM1FnUTBFd0hoY05NakV3TkRJM01UQXhORFF5V2hjTk1qSXdOREl5Ck1UQXhORFF5V2pCR01Rc3dDUVlEVlFRR0V3SkRTREVPTUF3R0ExVUVDaE1GUkhWbWNua3hGVEFUQmdOVkJBc1QKREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRUF4TUhZMjl1Ym1WamREQ0NBU0l3RFFZSktvWklodmNOQVFFQgpCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNUmFiY2oxME8ra1g3QzdhOFB4Wm1GbzBuRnphYWhjdnBlOXBzY0g1bENGCmNhc1VuYms5QmpyN2xjd09LYUY0ZGF6NVZ2UzM3cmFrZXU4cDlXeG1ZT1YwQjNWYUJWRWQrVGIxQzRsQXlUYVQKeVJRa0Q5clVKVU9INTFvUHY0ZWgyUHpwOGtmVmJwT1NZZy9JN3NCcWNNSVdXYnlxS05XUEpvbFRpejZzZnRIbgpiNlRNUUpTdVFreWNSS0lVdXdQVkozZi81WW9BbGZOYm85SGpNTGx1TnNOU2pmSkFoZk0wV1JYeG9YaHBpRlRtCnB3TllqUjM1WEkwUE1NWkJnQzhNWndMbDJHTjFQYnU1b3ZGTnRtRHhaS01qYXgxcm5qUHc3S2diMXZTbzNnQUgKY0RMVlZaY2NjcDRmcjhSc3JmVTFOR2YzeTVkUldhSmZ2UjZQNFNhR1VzRUNBd0VBQWFPQ0FRRXdnZjR3RGdZRApWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQU1CZ05WCkhSTUJBZjhFQWpBQU1JRytCZ05WSFJFRWdiWXdnYk9DQjJOdmJtNWxZM1NDRVdOdmJtNWxZM1F1WTI5dVpteDEKWlc1MGdoVmpiMjV1WldOMExtTnZibVpzZFdWdWRDNXpkbU9DSTJOdmJtNWxZM1F1WTI5dVpteDFaVzUwTG5OMgpZeTVqYkhWemRHVnlMbXh2WTJGc2doTXFMbU52Ym01bFkzUXVZMjl1Wm14MVpXNTBnaVVxTG1OdmJtNWxZM1F1ClkyOXVabXgxWlc1MExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDEKYzNSbGNpNXNiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWcycEZ2aUlBVFM4bnJwYStyNmZkNmFOTwovNDhvMk9ZZWZtYS9nZ2FhNXVCYStqUGk4dUdZZkd0L0VlRmlUeldsbmtIanhKYVgxYktLK1pMbmJlOUpXdE1PCkNNSWoxbHJDQnVWcUR5SDVtL0dhUjJTOFBneld2YUN6SUZvV0dnUkZZWWx2aVllOFdpOFMwYjEzMDR2VEt3WUsKbkRydUk3QmdsL3ZGMCtDN0RtZzB0QldSZTNPTlRBQ3hKL3dIejFIUDZLS3lLVUY0YVQ1Yk13UEQzV3FGZHZzSgpNVW5ybnZqVFNtSVU4anhTUHJWUnJ5MVBsL2pWT2lNWmpRZC8wTUZJajBXeEcxQll5WmNCM1Y2am1Nd2s3YWJ5CjZMY0tvUS9ScjhwQ0Q5RUgrL3VJTzNGb1BtNzFoaEdrTi95WFpSVDR1WTBwN3R0K1NFVWZUeTVhVEZLYXV3eWcKYjd3MnFrbFpuSERuV2xUbGk2Rm5ZWmsrWnpOQ2hnbXd2SUtWU04zdjVIZ2lrd211TVBTMTloaUxoQzBDTVJNMgp6ZUhpc2pBMDVlRVV6VXBDd21BblRCV3Rod2FzdTlnS0lYcERraEJRWlQzc3FQYU5CUktUNlFVUnVUbldPeUR3CmRtNDlFUVlId2duaGZ4c2s0YW0xMXpsN2FMMDBlS0hxVGxUVlZQdHpVU250cTFiR01CanVZYzJsOHJMUEUzdFMKVmZiYmU0VFh5TlNtMlFaMVN0eS9oQTNpZ1dhWnFUcjR0YkVVM1FkQVFDQXA3ZGI4dmtaU1RpMzdzcHFjd0J4eAp5dnR1dzhDem9QNkJvbEVCQ1Y1N3AzNUs1YlpSWUloQVNhTTJ5dlNraTQxZmtBeWZDdWxHY2FKU2hhM1hXTHdSCmE0T2pSd3ArSXp6V1g0anpvZEk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRREVXbTNJOWREdnBGK3cKdTJ2RDhXWmhhTkp4YzJtb1hMNlh2YWJIQitaUWhYR3JGSjI1UFFZNis1WE1EaW1oZUhXcytWYjB0KzYycEhydgpLZlZzWm1EbGRBZDFXZ1ZSSGZrMjlRdUpRTWsyazhrVUpBL2ExQ1ZEaCtkYUQ3K0hvZGo4NmZKSDFXNlRrbUlQCnlPN0FhbkRDRmxtOHFpalZqeWFKVTRzK3JIN1I1MitrekVDVXJrSk1uRVNpRkxzRDFTZDMvK1dLQUpYelc2UFIKNHpDNWJqYkRVbzN5UUlYek5Ga1Y4YUY0YVloVTVxY0RXSTBkK1Z5TkR6REdRWUF2REdjQzVkaGpkVDI3dWFMeApUYlpnOFdTakkyc2RhNTR6OE95b0c5YjBxTjRBQjNBeTFWV1hISEtlSDYvRWJLMzFOVFJuOTh1WFVWbWlYNzBlCmorRW1obExCQWdNQkFBRUNnZ0VBUUQwWmg5S3NQWXE0WjdpWmhDeDVBMHRvOWdiOVBVRENkaUJzN05hdnlnNHUKWnZ0Q3NyUzlVaFMzS0dCRnpIYjlnTTYrWFNmRDZHc2RjUnQ0R0xQUjVaKzFSUFpqb09zK2VuVm5CY3QxU083RwpyVmt5K3JQSFVUV29RZlcvQXArM3Z0N0hEaXRNbHVrZ1Bldk4rSk9hT2xWWG5IckxDenRmTHpSdTdOMUFUR2xwCmtIU0ZaWFJLN1daNTNrb3NrVEhVUERBbzBiclNuVjFReXYxcFFKcHRYSGVoeEphMWxyVXdEN2ZKS1BkOEptSDcKTFRza2RJbWFPZ1V1dk1YellvWlpETGhPZ3k3WUJSTDdrZk9aWlI4K09OaVhNOFNWTFFZdFpaNEY2NzBxR3I1UApLemxpVGZrT0RQMkFoRG5FK1NLdnFNUTRyL1hhUDh6SzdmZ2hEODhVVlFLQmdRRGZmM0NNSXgvL0ZyR05ka3JZCldsQ3VsQXptNE1GTjhJQ2NVRDJJUkhTcDJ1c20xU2t4TkJvYmlqQ2ZSdEtITTByVjltR0JWS2VnYXEyNzJ0a2QKNStoR1JkZ2pIaGRiL1lTQS9vbTAwUVlUSkcrak5ubmVlNUY4YXRFRlJFNTkzdm1PN09ZTnFmYlkxblk3V1lUegpPTDNIb2tWUFc1blNuTEhYTmVoaFZBYzd1d0tCZ1FEZzZHMi9ZWFBsSVEybDRwWG14dWlMeDJXRlM0TTIzUXNTCnJhcWZRRS83amY4TDhHczZ2NnFWTER6aWhVR0FwampJSGYvTk5zdEl4dXJacDlzK0NQeHIzOTJXa1dzckZ2M08KMzFOaTVmWVloNFFhMnV4dnQza2RwSXJKS3EvRk9WaStRbTREMTNqU0J3c2RwSThNOUZNZVc4c0tOKy8vK2RXbQpFZUdyV3ZROXN3S0JnQ0VDQWs1QUZjYW54RnMvSURpcHhnYXlpT0ZFU21oSFg4YzJOcEE4Zy9wZUFhSy9rcERZCndBNVhMMjBtbVlzc01SNCtnQklJdmFUOGZHSWxKVEc4Z1ZwM2tEOUhmMjJ2bUhVd29vZlk0d3ZLc3M0cENvQ28KUVVsZHdUY0U2bzYrY3A4QUw4M096MDBoQjE4bWpuTVphelhqcWxiWkVYUEFmcWRwSjhQUUZDMW5Bb0dCQUtlOAo4YzBnYzMxYUQ0Rys0aW5DQThIc0xzMGhLbldLbWkyT0ZJaTlRR25PMTM4aUNmZEE1NHBsK2VxL2s4RE5OK0FZCmI2V3Z6aUV6S2dpMjVnNzRTTHB6dGlJTHhxL1diK2tRS25MQ0s2N1RzelVNUGZaOEVmcUhzM0toUVlLSWFLVk4KaWh1WFltYlNGZm8vdHVqa2QvRldhTEh3VWpESk5neXJuWEZkWG5kOUFvR0FVMlMrYTQ1U3JGK2x1azZ1bE16ZQpDQXpYQTlpYTF4cm00ZERrRjFMRUZXdWN1WndvZEhhYWVLMDdDVzNzVHFRRG9aRjA0ZkY4c2dBc0M1SitJYU1mCngxV1ZsQnRiOHpyYlFXeG03dEV1NCtWbHFkZmhCNXZmV3JFT3crWktIOEYrOUpzZHVmNVlPU3pBbktzS3pZNjEKTXBReGtpOEdzSWdIc3F6VGpNT1k0bkE9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EtLmkQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGov70Iu1X2a5v2mcMWU/txGnyBbwK ---- -apiVersion: v1 -kind: Secret -metadata: - name: controlcenter-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRGl6Q0NBbk1DQVFBd1RERUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhGakFVQmdOVkJBTVREV052Ym5SeWIyeGpaVzUwWlhJd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDdVFDUmV0Z2pyY0RYa3RuSU0vM3RWejVzM2xhTG4KTHAvWXlSMGZCVkZqd2FvMnFsRFNId29uUUJPQWl0VVUycmpjZEV5SEtUZ1Nrby9zaDdnR0ppTzZSOHdDVTJwVgp6T0NOamU1UFB2N0t3cmZsMXh2QmY1TUtzc3N4dFFPSStybjVQUFVxZU9YRDh1QXFSRXpLUTgzVWlOVFkxU3FPCnFWRnV1bjJQamIxQm1DWnpobXRMVTFseUFVRndvWXo4L2xnWVBGZzBlR2hnUzdwaERPb3Bkb3JWOG1zMDJDNzgKVWc2bUVEa0p1VVY1SXdzQyt5citNejVrdldMNmV1WnI1YVZQVVZGN0NiMHdDdDN3TkpOZWlaT1o5NHdYOFJDaQovam1IekIwU0hXUGp2UnhFbXBCUFhqMFgyRXhXdzhXOENrR2o1MzdQV25meUVGSUwvM1FIWDlGN0FnTUJBQUdnCmdma3dnZllHQ1NxR1NJYjNEUUVKRGpHQjZEQ0I1VENCNGdZRFZSMFJCSUhhTUlIWGdnMWpiMjUwY205c1kyVnUKZEdWeWdoZGpiMjUwY205c1kyVnVkR1Z5TG1OdmJtWnNkV1Z1ZElJYlkyOXVkSEp2YkdObGJuUmxjaTVqYjI1bQpiSFZsYm5RdWMzWmpnaWxqYjI1MGNtOXNZMlZ1ZEdWeUxtTnZibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzCmIyTmhiSUlaS2k1amIyNTBjbTlzWTJWdWRHVnlMbU52Ym1ac2RXVnVkSUlyS2k1amIyNTBjbTlzWTJWdWRHVnkKTG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJZEtpNWpiMjVtYkhWbGJuUXVjM1pqTG1OcwpkWE4wWlhJdWJHOWpZV3d3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUJYcUNUQ3owS2tYUzdya1dOK2dxZ1RqCmY3emp1Ujd3dTV1Zjczcko4ZnJ2c0h1OTRUajBQMVR6WkhYbWU2c0lOVXVNOEdhZFpSV1EvejlSSEJ0K3hoN1MKZkdqTmIyT01zOXRneUcrTFhjQno4eXdTaVdiK3c5bld5OW9xa3pSZzRrc2dpUGV3TnNTRGZvb1ZlazNHaVBnZgppT25rRGR0L2piVmdySzhjMkVWWE85UHdMVXdPNXNUcVpFaTNKdm9TTlpub1FuWlBxRS9qY0l2eGJWQjhmbFRzCkQwQjFUUU4vOXRjYjlpOVpTZXBQT0FBNmlZZjV3NE12YWpZRUJsODhjNnZldDdXVFIzRFhFWndzVWlMMnR2WXgKODJjTW4rWXU4RldWSWhsb0hONkxOZFFyRWNUc0ZTNDF5N3JuelBST2oxQlJZWkw5N1FxemFsVENUQ0lIM0pBPQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EtLheAAABQAwggT8MA4GCisGAQQBKgIRAQEFAASCBOiTZtkqHXnlkp0RFUJuhZVEdAuzrThfEE+7q+s+B79Pzvj2IXKtecntE44mxdcJgSwV95iKuQC7Js+Jku5hpWdS285ADZ2i8s/DdYaBy+aeZijQ4sXfx9dfzBD5cUXJUj2ZfzuPnMedm7teAWhdxt1Xqqe2MNHwqiANkjQ16OOuoNcnpJpxZFnzlHktMENLkLmErGjs3F/nwC1n7fxh0cb3AiI1LvZfbc99bfY80sBi641Fc8b10Gg+wp+TrlavC4WJEhFEAy+semupK1OakM9agOKiZY0MzEWfE5hZw7fYaGctyySa7BFu9kCl6KsGu9NENTEn/5kW6FLp42PbOOfMhJ3ptMIJ7do0gKKfrTu6xaZKHOwLC8oWjQjhNT+ylvs+74cdGCfl53cQF5ImyU9/Cx3XWtauzDQGn5ghwHn3Fk6FhIfhhgSQ3yitfOxpnkeZexkdd4pVRWHIFc/W7U0SDv7qNibih4I0IZFZod9iqDi+SW2krsNSyP1R8dmUKwpUGs5mJjqiq7s9mj8Y2LLs3PR0fm/I1M8IjyvA/Em74HxuWYLEiggqc7921CmLL+2G+gZk9Fji2YDR4llaUtTUHLpyeuIqGXH0UJM2C/5ZlQx2yfC6RJHb5SOT60mrIeeygxaLl/HQ8pcfCYiyb1qtG6mpkYY54PRaJtx1dKAW3qo1B8o3nmkuAQCH8dWBGs5n6IGqv4W7oejfQKI5rDlTJLiBgQ1HZ+JGkdWRazdMPn4CQ2gVKJ0cK25cZdCgTWG7+gWAwL+X1kPpEIG2AvK4cstU/6CbF57HjQhwFSGDxV2mQtVIY79BrLDtOw3pxqJuT5ZLArM8CMAUYZOwggHB5OnroCrNyZYTw6hJctYiG3+Qb1Ux87sm8HYgiq93qQorNZfj/rEyd0L5oTOHbTgET4FfwJ2IxBRHHm2ezOOazc57g7PFTFhDZ8EO2s0H/QFSEpvB0lAaobIMhtclAV4KjUZqJvMujlk+svYfRh4U3umJLpgpqaTWXv8TMq6PZVp/wh+nD6c5fttednxaM4MST4z27T/dwszK8k1MB04S+B3UUv2WphOe59Kf9m8VLM1E2jgnOgjGBPNhb3ym1ScGP83pcQc/5R+PPPg6fLzyAUTi1GwOjmPqLOpqKUuG1H7lLbeK0RC8eP6X1hZEt/INxiEs7S0zb6M+tPcZAQ7De5M2D5vg4x6LCWWIZLmsWDCwgTyKaYTJNr87mAhQwmD94M1QVd6e6I6+28oHxMX2z0XspGmfGs0ZH/u40GcD+GDvvEhiaB5p+YW6I/h2/AvQbsyWBzqWAIdDci7dqibeY+8hCUhquUnWpZn6bG7RkjgC9KATBM+wcE8ai29ux5/mNkLdR+P8ffl7wqmatV3qMSkvMdmXvaeFutKLVaWySYdOshooZTh/Maf11J2jjxtneksaWFAa3/eXUOiFdg0J2TpVdAMvC1kVcovrGwPwW0yNRqv50SB6QN2bhwowvowKrq7Z36ApxJZT5OzN91OfoTmOo5fcYSIIwEDmj9EOAAZTVk/lp6t8qy8MxxerXEUv+XEJMxIAra5PCkuusF/d/dUqRXWMVvDcSUFS1TKidwBGZ8a8r3eM0EKO8smYqeDAC91pExwsijc2Drk7JVrBlWBvn2nRAvqZlNsxlL+Noau9vl4hiPOT1wAAAAEABFg1MDkAAAVIMIIFRDCCAyygAwIBAgIQe6p780NWXWQRaDGqpdbG2zANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MjcxMDE0NDBaFw0yMjA0MjIxMDE0NDBaMEwxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKEwVEdWZyeTEVMBMGA1UECxMMSW5zaWdodHMgUE9DMRYwFAYDVQQDEw1jb250cm9sY2VudGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkAkXrYI63A15LZyDP97Vc+bN5Wi5y6f2MkdHwVRY8GqNqpQ0h8KJ0ATgIrVFNq43HRMhyk4EpKP7Ie4BiYjukfMAlNqVczgjY3uTz7+ysK35dcbwX+TCrLLMbUDiPq5+Tz1Knjlw/LgKkRMykPN1IjU2NUqjqlRbrp9j429QZgmc4ZrS1NZcgFBcKGM/P5YGDxYNHhoYEu6YQzqKXaK1fJrNNgu/FIOphA5CblFeSMLAvsq/jM+ZL1i+nrma+WlT1FRewm9MArd8DSTXomTmfeMF/EQov45h8wdEh1j470cRJqQT149F9hMVsPFvApBo+d+z1p38hBSC/90B1/RewIDAQABo4IBJjCCASIwDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMIHiBgNVHREEgdowgdeCDWNvbnRyb2xjZW50ZXKCF2NvbnRyb2xjZW50ZXIuY29uZmx1ZW50ghtjb250cm9sY2VudGVyLmNvbmZsdWVudC5zdmOCKWNvbnRyb2xjZW50ZXIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsghkqLmNvbnRyb2xjZW50ZXIuY29uZmx1ZW50gisqLmNvbnRyb2xjZW50ZXIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2Fsgh0qLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAt74y12o0HShVLd+8HrcR3RRdA5U4JvD7MaoYGEZ/dqGpPzmlMAzp5VsLgfvuHkZlQozi8Je+xzj8N+67N47G5liPFfH1ezh8/K9M+42sOR8YHjwuldOwIyLPQO5fBrpafyte7ojac2R10jWhv/4E3r86k3a+OijnJ+QpOHRKEu/JFanLuXigWnJ685G06otcRXmLxKNBQLg/7TJcUwImVic3kxC8x77hmWQDKuUIAeYBlofeM/iHVXadVaYNPUw10lBcljOl4vaiiFS0O4XI8A9XdTatm8FQOvNGLOPSlBtmg5mIOCm16n6o8LY4rh96WcuU5S01YsE4D2dDfqz+knD2RMKjO4Iksc/nwQS2eHHV5AhLXEKzLR8N8bbORftXFz72xcYWytyPEz8WC2nX6L5xT6mq8wtAJmHXM4w9Dbt6tSrSAWovozlQibAMdmFsw3ERZUypfPkso5g88VAtbQApT8merCyXy+eVIK2NUMgLT18qfZXw7h5nxqwDncdKxvDns4MUIMwV9OHGHa0GPzzxJ6k7DO7/gQxt+h/ldwqOEIr3msn+IQ2D1WteYzYLNTUttoHz418q9ynJ69w0czEVVdauUD35kpA8WZeqEfqqjpXyhSx5oBt3S0WfKLc7HuoMDsV+92oDNb2VTxpC8ZAw5ot9+ECJRRXGOfs5mXkAAAACAAJjYQAAAXkS0uF4AARYNTA5AAAFDDCCBQgwggLwAgkAwCk1qRAIiMUwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDE5MjExNTUyWhcNMjQwMjA3MjExNTUyWjBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALrJQmV40plWUHCZwtWRl0mRqY8RifLa6YrhemNh4GlpLT7D97hNxlc477QCZ8+9HKW+KTmRCt7t1vjbkC8Pl5Q4uVx8g7knCyMhr9SdWJnkkVQEOIwl4QYqjUKsvtWGgCaZdiJ7CtRcJVoguGaB8H8gbFeuTx/L4gNh3KzwWoS0rHAYGCeJDKQRY13OnhMmVhTunmDf9xm/Cpk91YYAXQ8X65V66ScA4wLlllmmdYMbDW3uHdgTF0XIwBsE8zm7QahAq6myjbcylSzZAqOVTtknSFpovcfaA/nqabjzrzKK5zXd9m/ClsTy7nD9WXIYa3MBjlkmBJITayw4aV/rSlBTOHehBnRL+MgOICMeCTeDLwWuqJzOR1Jlxpr69DpAZ27Iv2ZO+3P45g5C+d5/4xtVeQUd5C57dOIeMYcoiuiEzZjUeRzUnZc4Sk/6nZ3qiGKAFSELxwv8FANwfgd7rq4ba/WunC2L8mvVgQDSYEAy3Elw2uswZb2j8+17UTmjCpGOFOhQp9K+2tdq9eeAmFsI8ZGDeK+3m8cPcIFWtBpERbDBlRGf7wogeKtyx77QLuJkWAW9bKzGdeX1E59A0J+US+uRcE6bdQUX4lB4V7jVkQ83asqEXIoT9uWE1j3MluAGRhbLUwmR6Cv7EkuvvxO81Zb7d2Sq6cl4TTSN0Bt7AgMBAAEwDQYJKoZIhvcNAQELBQADggIBAHjqFcAFwJKPlw3UXj6LrzXR0RhTRKuux/9BfcggprOXe4jFtV+XWt+7pGHt0wljGBT+idhxgXWy/CGaZ66OLNiDx9hM9FYGmPeTeogZGRHQpT7IRinK5RJIHggOYAPiCtvKZfTlybX9lOAxi9CwBg7p/O/sDy7g0VZKeEnRM1WBkccuWNCIrqGIqc6Y9QCexPYN7pcBpFp7djaf+6WjcAJhA94PyByHcsN38lWxyYD47BbEZ7iyYIcCrPeVj/dn2oCWJ7qI+kU6OG6Os+s9cGL0M8s8U9ZqYE4ZtBcqkjnsrifn/rXLSW53OmnzLXpaAyiQXwDzQze3LkPGoGo+0XKpCip3TjzqsWfxuk8qkdTA0IOZgZW1le3o6AQEMIZ6Oq/HzUXo1VZpBGexfgSxklidsTxsBnBB7qA77QI0qFZaxC0kVYzilDBcIk/YO1gK5XZF1mGcO5834n76NyoS42JjlmSoc5OPvDZ8mrJSOYwk3r9MARASeV8I/JnvP8StzLv1UI8yBjuWx03E31zgmXHUE0COuXwPMg4nVu2T9g5+MjJOJqyIxsbt6o/XWsSob7wgDoW8ck2Xwm3ItW1hFOaHIU7u3LAV+DJWJYWKc4rbH8p3chWi/Vo1/LqeMvdD8Tjt0gpbdJZbX8vzVxwmWY+enJiqehXLXJT6IqbUyEaiPXVyKsVc0eiKICOAM4IvZH974W0= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZSRENDQXl5Z0F3SUJBZ0lRZTZwNzgwTldYV1FSYURHcXBkYkcyekFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjeE1ERTBOREJhRncweU1qQTBNakl4Ck1ERTBOREJhTUV3eEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1SWXdGQVlEVlFRREV3MWpiMjUwY205c1kyVnVkR1Z5TUlJQklqQU5CZ2txaGtpRwo5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBcmtBa1hyWUk2M0ExNUxaeURQOTdWYytiTjVXaTV5NmYyTWtkCkh3VlJZOEdxTnFwUTBoOEtKMEFUZ0lyVkZOcTQzSFJNaHlrNEVwS1A3SWU0QmlZanVrZk1BbE5xVmN6Z2pZM3UKVHo3K3lzSzM1ZGNid1grVENyTExNYlVEaVBxNStUejFLbmpsdy9MZ0trUk15a1BOMUlqVTJOVXFqcWxSYnJwOQpqNDI5UVpnbWM0WnJTMU5aY2dGQmNLR00vUDVZR0R4WU5IaG9ZRXU2WVF6cUtYYUsxZkpyTk5ndS9GSU9waEE1CkNibEZlU01MQXZzcS9qTStaTDFpK25ybWErV2xUMUZSZXdtOU1BcmQ4RFNUWG9tVG1mZU1GL0VRb3Y0NWg4d2QKRWgxajQ3MGNSSnFRVDE0OUY5aE1Wc1BGdkFwQm8rZCt6MXAzOGhCU0MvOTBCMS9SZXdJREFRQUJvNElCSmpDQwpBU0l3RGdZRFZSMFBBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNECkFqQU1CZ05WSFJNQkFmOEVBakFBTUlIaUJnTlZIUkVFZ2Rvd2dkZUNEV052Ym5SeWIyeGpaVzUwWlhLQ0YyTnYKYm5SeWIyeGpaVzUwWlhJdVkyOXVabXgxWlc1MGdodGpiMjUwY205c1kyVnVkR1Z5TG1OdmJtWnNkV1Z1ZEM1egpkbU9DS1dOdmJuUnliMnhqWlc1MFpYSXVZMjl1Wm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNnaGtxCkxtTnZiblJ5YjJ4alpXNTBaWEl1WTI5dVpteDFaVzUwZ2lzcUxtTnZiblJ5YjJ4alpXNTBaWEl1WTI5dVpteDEKWlc1MExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDFjM1JsY2k1cwpiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQXQ3NHkxMm8wSFNoVkxkKzhIcmNSM1JSZEE1VTRKdkQ3Ck1hb1lHRVovZHFHcFB6bWxNQXpwNVZzTGdmdnVIa1psUW96aThKZSt4emo4Tis2N040N0c1bGlQRmZIMWV6aDgKL0s5TSs0MnNPUjhZSGp3dWxkT3dJeUxQUU81ZkJycGFmeXRlN29qYWMyUjEwaldodi80RTNyODZrM2ErT2lqbgpKK1FwT0hSS0V1L0pGYW5MdVhpZ1duSjY4NUcwNm90Y1JYbUx4S05CUUxnLzdUSmNVd0ltVmljM2t4Qzh4NzdoCm1XUURLdVVJQWVZQmxvZmVNL2lIVlhhZFZhWU5QVXcxMGxCY2xqT2w0dmFpaUZTME80WEk4QTlYZFRhdG04RlEKT3ZOR0xPUFNsQnRtZzVtSU9DbTE2bjZvOExZNHJoOTZXY3VVNVMwMVlzRTREMmREZnF6K2tuRDJSTUtqTzRJawpzYy9ud1FTMmVISFY1QWhMWEVLekxSOE44YmJPUmZ0WEZ6NzJ4Y1lXeXR5UEV6OFdDMm5YNkw1eFQ2bXE4d3RBCkptSFhNNHc5RGJ0NnRTclNBV292b3psUWliQU1kbUZzdzNFUlpVeXBmUGtzbzVnODhWQXRiUUFwVDhtZXJDeVgKeStlVklLMk5VTWdMVDE4cWZaWHc3aDVueHF3RG5jZEt4dkRuczRNVUlNd1Y5T0hHSGEwR1B6enhKNms3RE83LwpnUXh0K2gvbGR3cU9FSXIzbXNuK0lRMkQxV3RlWXpZTE5UVXR0b0h6NDE4cTl5bko2OXcwY3pFVlZkYXVVRDM1CmtwQThXWmVxRWZxcWpwWHloU3g1b0J0M1MwV2ZLTGM3SHVvTURzVis5Mm9ETmIyVlR4cEM4WkF3NW90OStFQ0oKUlJYR09mczVtWGs9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRQ3VRQ1JldGdqcmNEWGsKdG5JTS8zdFZ6NXMzbGFMbkxwL1l5UjBmQlZGandhbzJxbERTSHdvblFCT0FpdFVVMnJqY2RFeUhLVGdTa28vcwpoN2dHSmlPNlI4d0NVMnBWek9DTmplNVBQdjdLd3JmbDF4dkJmNU1Lc3NzeHRRT0krcm41UFBVcWVPWEQ4dUFxClJFektRODNVaU5UWTFTcU9xVkZ1dW4yUGpiMUJtQ1p6aG10TFUxbHlBVUZ3b1l6OC9sZ1lQRmcwZUdoZ1M3cGgKRE9vcGRvclY4bXMwMkM3OFVnNm1FRGtKdVVWNUl3c0MreXIrTXo1a3ZXTDZldVpyNWFWUFVWRjdDYjB3Q3QzdwpOSk5laVpPWjk0d1g4UkNpL2ptSHpCMFNIV1BqdlJ4RW1wQlBYajBYMkV4V3c4VzhDa0dqNTM3UFduZnlFRklMCi8zUUhYOUY3QWdNQkFBRUNnZ0VBZldHd0NlcG9McWsyVGxVdGFjYm53MDQ0UE4zU014RXNlYnYwMVY1cE95T2UKUytsdmNGSmZadkRIVjZZT1B3eEhHbklnb3R6NCtQdzJ6WmEyeHMzb3hXQm1Ib0pSTUYzVWNtYmZSR3hxd0JFdQpiQmJGWlExY0M4V3RTaDRhNWhTcmZ2anEzRjNUenBSVDBuWUUzMEc4dUtLZ3JVbHRidXZNcWFWTk5kOWlmL0JBCk8ySWYrOFZORWw2TmZvQng1N3VHanFkVGVKak5lRGFuKzhZU0phRGdqZ1hOdGNtOCtEZHB4T042ZURFYldqZE4KWE5XS0FFSm0xaG9qNjZwVUNrYUlEcVFEY0ZLSTBJYXhUcVZPbXhkT1Bybk9Jb2VmVzU3U3NHUE91Vzl6NXBHVAo4MjZ6Tk9pQTZtN1E2S29ETHJxbENDUHNMSVZ5OEhTN0pEL3MybCtrR1FLQmdRRFJGb3NacVUrb3E4aE9ySTBrCmZPSFN4dHJCd1BSSkJscDZoN0M1bTVlZmZRbkM2Vk1TVTBMQnRIUzZ3UWJnczNMOFIvUlU3ejlWZ01HWmN3QjIKV0YzdlJYeU1PaU1nQ0hzVWxSbU5laWw5cG9jeGNQYmxpRFhsYnNveGVieVh2eCt1RTI3bVV6VXhuSkJEVGtkeQpJZ09BUUFhUUUxV3llNndTT1hxajRqTkpYd0tCZ1FEVldLQkFPVUxjQS9iOW0xRHVKMGVZZ2QyR0RwcytLaGFDCndWRHo1cmRobkl4VDlST21CeDdPRUN0anBFN2JIdm1hSWZ6TFJHMnZhMzBpMlNhOWR0VnhSYjg5Ym9OQWlvQisKc0NSMDZXaC9sUGdFZHYweXZHdWE1YldTSDdtUXR4Z2pLdkM2RW9HZXZCVytBRFo0b2M1K2Mwa1VlT0Q3cHVvMQpuemtQajdXQlpRS0JnQXh2cE5KZjZhY0VvS05kUy8vUmxiVHRzdkUzUXRCZEdtQ1RWWVdVcFk0TTU5bTUrd0RxCkJ0eHltVWJLV0ZoaEZBUEJXOXo1WmZEMStZM2c4elFXeVcrRDJJYVdwcVF2SFBMNmMweWc2WHJadnN6SUJVZGQKdEtieTBmL2pWNzVHMWVHS3NsdnNzd3RDWHFwQ0s2bTBNRFVlbWNWVUFSTGVuRHR4UThRZm5pRk5Bb0dBSUdxMAovczAwa1lXd3M5d3pzZHdhRHR3OHNxL3Blc3FlWFFQT3J5Q3hZSTJPN1ByaUgyb1pqaW42emNzYmlFUHVuVExvCjNHSHJZS291ZTJzUGJkNXVsQ1dLNTJTeFlNOHFzeFZFbE5jYVg3aGM3eUM5WEVZdyszcEgyb29qZ2crd0JUZnoKRi9MVDZ6Q2RCUiszSnlFKzVRdlRZTjcxSUllK01xT2M0Zlp1RjlrQ2dZQmVVckIwTWlCSHRYTWllTS9uZXVmYwpqYjl5OGRiSUhDTmtuVVRRalZFZDJvSmJvM0FzRklLY1pxc1crSENQN0xuem5aNGpDM2JWakZqQ0laOG1jTUx1Cm9PNnVDV3piUmdYK05XRXhaYW9pRTFUZUlTdU40QkdiczBORzQ4VjFHSVo0V21mN3ZGbUVNU3F6WTJ6YWgweHAKWnBwTGdweldmK0pwdDEwZW9BeUNjQT09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EtLheQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGogKOqbvH8v+lhm8jipCdQ4N7IngA ---- -apiVersion: v1 -kind: Secret -metadata: - name: kafka-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRFV6Q0NBanNDQVFBd1JERUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhEakFNQmdOVkJBTVRCV3RoWm10aE1JSUJJakFOQmdrcWhraUc5dzBCCkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQWxnaUVnQUszSDY4MXBuaGtmaTV6YURGSC9jTVdOODd1TVowQ3dBQ1YKOEsxcnl2YTQ1cG9heWlyeDBrSTFxKyt5VWk0dkRvemQwY2NsdXJ6aVNyU2c0SHFTSUxsSW9UZ0p6aHBkdkVMOQpnMkpRVkxUeGZGSTNneTZyMG9uQlU4TTRTSlI5R3JONUhzUDNxYVYzRzdHOEJnS0FDbzNuK283QThtRnpLUzhICjJubExMbHNzalRuY0tCZHlWNzF3NFpwa2I4V0h6VnJyWUhMd1VMSzhwekVOWjYwdnhMalorQnp1R2I5MDNYVkoKdmVpQkw4M2JVRUp1VjZNSzc1S1hHTUkyKzJEajYrQTVUaEpGdSt6M3FDbGZLOFJpWUhsSjdQV1g3d0pwOVp4Twp5TmlPUThYTzM1RmZ3N09IQklETmNWWWNkNHVIN3pTcUxDdnczeHBtekVJU1RRSURBUUFCb0lISk1JSEdCZ2txCmhraUc5dzBCQ1E0eGdiZ3dnYlV3Z2JJR0ExVWRFUVNCcWpDQnA0SUZhMkZtYTJHQ0QydGhabXRoTG1OdmJtWnMKZFdWdWRJSVRhMkZtYTJFdVkyOXVabXgxWlc1MExuTjJZNEloYTJGbWEyRXVZMjl1Wm14MVpXNTBMbk4yWXk1agpiSFZ6ZEdWeUxteHZZMkZzZ2hFcUxtdGhabXRoTG1OdmJtWnNkV1Z1ZElJaktpNXJZV1pyWVM1amIyNW1iSFZsCmJuUXVjM1pqTG1Oc2RYTjBaWEl1Ykc5allXeUNIU291WTI5dVpteDFaVzUwTG5OMll5NWpiSFZ6ZEdWeUxteHYKWTJGc01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQjJ2UEhDY3RrRFVORlpiUi8wcTRGM055QXc5WEVOaThBMApwQWNjamtmc2k1bnRWY3VBVGwvWmoyMlhIc3RxdjB5Nm1MMC9TdjZmK0dRdFUzOEdCVnhXS25tOVhlb0FVSjJQCllhRFdHc3Z5aDQ5a3NYZkhVbnhxTDJOZEdKRWpqdlJTNG5xMHVwQTNtUU4remdpd0VHQ3FEanhZK1BxUUZ5YkwKWHJGbVJBUUR2SzNLcFlmZENOOFZ3bzhwbUo0a3JiOUJXRTFNNmNiQUZUUFRMT2E0VTBaOUdvcVRMdlBiT2dqcwpBUHhwejZSeHJXR3VnKzQwb1VLL2IrK3N6Rjk5Vm9ZM0s1SDcwTEhVOTVSaFBVbTRFakR0eTVDVkxEVnAydTZJClk1SERReDZzVmhlQ0xpcUdydUtka1lGQkU2NUJKOTRFdERnTHhHNi82bk52SVpBa1NidGcKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5ErDMNQAABQIwggT+MA4GCisGAQQBKgIRAQEFAASCBOoBANW4I6IZvIFa4JaoHzuQDlcZg91sQNAv9fhhDGtSf/AddlKCI0dgPljcjVPQFGXpe4vTMoec3twlAisp4gDZVpJAKaV3UMmANK/f8f6Nit2CHVebzNk+G4t3m0QA+4p0hvv36DeMknzyjp+iWvuJAAWPNQWRYCY+Ph7jjXXyjwIynY4e2GgM0Jb831kJds47USnHWAoyVNs+eEmu7HpbU4RlfgxNA/07J52r0x8hzPucAnjOujaAveJaDiKmnqdJT0j5iKGIisKdtc2RQOrTJRLr6tHqu0kHuP8c77M3LkFaNMTex9MoGh/SmCccHOmR20DAUCm7Xn6KQVXqBeGQTZZfBUbMA4VXJFXQF3YmncwERupjT50nUpFlL+hMAWww4Tl9UolaVp+GrR+j6l+yfaCDkbBFRUDXZOO/+IedN7agBn+YvpK5VV6Ak6Vuw/wXxBQQdrhxX+h8c5Ka4h/ELblCYf0A4rsZaAzpOVSbet0nBWD2uE6ERsdHjpzWyOtr2nyfI6dRrmGRYlcdENy+XSaaRpvhaiRUf5DUwSG8w7On/FDJrbvRuiyJRCJh5U25+wUUD3veDcEMqbIZ0cC1ISvg4bS0BMoYvVga2m4xlktEu5cuMut1rdRmHwDyofcg7geULxrZfvtKDx/OXcuSr/ag9oXhN4z+jzbE0+tKWiVmghgm7uDTaIjl5LnuxauIBuPl0kk2+tGqBrKcIyMbboZHfH0Zz4w6cZ93ediXfJJ9+mKGIFV0S5CCzzbaSr+t9PKtdnaLdkWLY3dyr50o0zyeizX8XoswTZ+fKd8ZZOnxDXm6NVkxIJUJZOyJtV8siJm2eqih3k0ujkzutlZYUAGkGG6BIQHjjyENXUiNhlRUsMYDniDSqrRT8vDrhgRqQk1U14cYb53WbGMwCJd6zicD1TiTzmiwriH5egYdEg7/uNbMdFZ3u1WvpPO3av1fDkL7CUWosIDY3RXFyK2tafAI4uGSnHZ+NV9kZ9RA5KcL3HXs1ZQNRFRq83WxCsAS54AbEJHyt1TZvmooD53J9mVQZDChW37pB/M64zXMSVeujB+vSvupVUQVQ1i3AsPbrujp397H3ShUdBUg5mcTSV8i9noxoYq3TRO2d+5GnmqhOM0h9lRWIA7pn7TBOyQQfx+NPmi1BwMqKCCT4UXS11FLmAZiak7nJVKgYrDjD2y+KU2o7cTbyDXfj8c687rk8haPy6Pfly+bwzs06lWYxxVEFDWjQkjwAtSMU3P8yc+TCi+cO487z5UaSBWoadFFQuSliKx5jaqTRNL9+0Riun9TYY7+CLXlAvLSct/QOE4ivONmAObOlMq9Oq3bqWmtlJ0VoX1X7eJV6dVRyugGiLaC5qrtBq3XWScGlKqTRRtQ1VJx71uz3YKi4JUqVbJmUpabtWTStxaolWJqiqYxqu8FEFbPOn5ft8koOWDP9oVJgXQ8oJiW5hXJ7OF3pxPlg1LXTJGanU1Bcy7gYt7pzQhYAMb2EEDGBl5i8v5Q52nIGhZowPybCp2+GIGj64MQfnUrg8NAAHejmgrm+TCcWtZhNsqA4/UZejLsq+LTWUsjrVVRCHSZTPUDtGOdTJdtDQW2ewfNQW3tDZEYBgTZy5rYrBM/ONzFQ+FtEWIw0AfSeBwyvuAHSjLK+qa81s2LMy72ZNnbbWcHAAAAAQAEWDUwOQAABQ8wggULMIIC86ADAgECAhEAw0UgqDhhKhtWERN8lkh/mTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MjcwOTM3MjdaFw0yMjA0MjIwOTM3MjdaMEQxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKEwVEdWZyeTEVMBMGA1UECxMMSW5zaWdodHMgUE9DMQ4wDAYDVQQDEwVrYWZrYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJYIhIACtx+vNaZ4ZH4uc2gxR/3DFjfO7jGdAsAAlfCta8r2uOaaGsoq8dJCNavvslIuLw6M3dHHJbq84kq0oOB6kiC5SKE4Cc4aXbxC/YNiUFS08XxSN4Muq9KJwVPDOEiUfRqzeR7D96mldxuxvAYCgAqN5/qOwPJhcykvB9p5Sy5bLI053CgXcle9cOGaZG/Fh81a62By8FCyvKcxDWetL8S42fgc7hm/dN11Sb3ogS/N21BCblejCu+SlxjCNvtg4+vgOU4SRbvs96gpXyvEYmB5Sez1l+8CafWcTsjYjkPFzt+RX8OzhwSAzXFWHHeLh+80qiwr8N8aZsxCEk0CAwEAAaOB9TCB8jAOBgNVHQ8BAf8EBAMCAqQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwgbIGA1UdEQSBqjCBp4IFa2Fma2GCD2thZmthLmNvbmZsdWVudIITa2Fma2EuY29uZmx1ZW50LnN2Y4Iha2Fma2EuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsghEqLmthZmthLmNvbmZsdWVudIIjKi5rYWZrYS5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCHSouY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsMA0GCSqGSIb3DQEBCwUAA4ICAQBi/cIE48RiWD1DkdnskBFIrurORqWn6WsURj1GEduOWnJaTNmmdhZTNK9Rdw3N8p+bRw9O8P+qhZZuJiUMnt2mC7RvKKReQEfWIQA95/G9jxiz+Njo/z3Pxo0xmmC8Q2393jpq4cn26myETtrrlvureqaaBLNeOwP/xfI0/TccXa4yQHkLma9FDhgzK5fFDXo6BGhOjh7m+Yp4drul53zJQD+7Su2WxdxGpdhDH15T7k34RCJqJEHp4flukSkmJfoXwIL6Wq1PWNDJcVROnZ3ScoLS/VaoV2HyjdYkqrv8dnY6VgvycsAGhb3iiVcKBrIomMYwzB4SmGGqL7i1z1vJxVUfsVzbzfA4IGuL8HY6QMa96Qexj2IxwPwmXfjpCAw4y63k7TlfEZtf4PXc+FfLUSpR+XvfpZFd5ON8VtucH/4AWD2D+XxGrESudfLfzb8uTUE6KlVBgV23rsBJaOXX/SF345UxCRT6/tiZp3WZ7YyJsix3v8qJIyqRj72eAb1Ju5Ii8A6MV1HX4UsnALCAbr+v24l2InZSzZu47K5RD8EjyGcBVrXXDf9WhrMGflX+ht505EVFCDazYEKovUTItssh7Ta+x8Myf7O3sthJJYY6rPUgoJRgKWkEOibCFz5XiK3K62Bg1N95Tnxkp1yTrIIwUCh55sGbob5Z8ispIgAAAAIAAmNhAAABeRKwzDUABFg1MDkAAAUMMIIFCDCCAvACCQDAKTWpEAiIxTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yNDAyMDcyMTE1NTJaMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuslCZXjSmVZQcJnC1ZGXSZGpjxGJ8trpiuF6Y2HgaWktPsP3uE3GVzjvtAJnz70cpb4pOZEK3u3W+NuQLw+XlDi5XHyDuScLIyGv1J1YmeSRVAQ4jCXhBiqNQqy+1YaAJpl2InsK1FwlWiC4ZoHwfyBsV65PH8viA2HcrPBahLSscBgYJ4kMpBFjXc6eEyZWFO6eYN/3Gb8KmT3VhgBdDxfrlXrpJwDjAuWWWaZ1gxsNbe4d2BMXRcjAGwTzObtBqECrqbKNtzKVLNkCo5VO2SdIWmi9x9oD+eppuPOvMornNd32b8KWxPLucP1ZchhrcwGOWSYEkhNrLDhpX+tKUFM4d6EGdEv4yA4gIx4JN4MvBa6onM5HUmXGmvr0OkBnbsi/Zk77c/jmDkL53n/jG1V5BR3kLnt04h4xhyiK6ITNmNR5HNSdlzhKT/qdneqIYoAVIQvHC/wUA3B+B3uurhtr9a6cLYvya9WBANJgQDLcSXDa6zBlvaPz7XtROaMKkY4U6FCn0r7a12r154CYWwjxkYN4r7ebxw9wgVa0GkRFsMGVEZ/vCiB4q3LHvtAu4mRYBb1srMZ15fUTn0DQn5RL65FwTpt1BRfiUHhXuNWRDzdqyoRcihP25YTWPcyW4AZGFstTCZHoK/sSS6+/E7zVlvt3ZKrpyXhNNI3QG3sCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAeOoVwAXAko+XDdRePouvNdHRGFNEq67H/0F9yCCms5d7iMW1X5da37ukYe3TCWMYFP6J2HGBdbL8IZpnro4s2IPH2Ez0VgaY95N6iBkZEdClPshGKcrlEkgeCA5gA+IK28pl9OXJtf2U4DGL0LAGDun87+wPLuDRVkp4SdEzVYGRxy5Y0IiuoYipzpj1AJ7E9g3ulwGkWnt2Np/7paNwAmED3g/IHIdyw3fyVbHJgPjsFsRnuLJghwKs95WP92fagJYnuoj6RTo4bo6z6z1wYvQzyzxT1mpgThm0FyqSOeyuJ+f+tctJbnc6afMteloDKJBfAPNDN7cuQ8agaj7RcqkKKndOPOqxZ/G6TyqR1MDQg5mBlbWV7ejoBAQwhno6r8fNRejVVmkEZ7F+BLGSWJ2xPGwGcEHuoDvtAjSoVlrELSRVjOKUMFwiT9g7WArldkXWYZw7nzfifvo3KhLjYmOWZKhzk4+8NnyaslI5jCTev0wBEBJ5Xwj8me8/xK3Mu/VQjzIGO5bHTcTfXOCZcdQTQI65fA8yDidW7ZP2Dn4yMk4mrIjGxu3qj9daxKhvvCAOhbxyTZfCbci1bWEU5ochTu7csBX4MlYlhYpzitsfyndyFaL9WjX8up4y90PxOO3SClt0lltfy/NXHCZZj56cmKp6FctclPoiptTIRqJVPK9nxNuoZ39mkA+Xi/FSlKVL/Q== - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDekNDQXZPZ0F3SUJBZ0lSQU1ORklLZzRZU29iVmhFVGZKWklmNWt3RFFZSktvWklodmNOQVFFTEJRQXcKUmpFTE1Ba0dBMVVFQmhNQ1EwZ3hEakFNQmdOVkJBb01CVVIxWm5KNU1SVXdFd1lEVlFRTERBeEpibk5wWjJoMApjeUJRVDBNeEVEQU9CZ05WQkFNTUIxSnZiM1FnUTBFd0hoY05NakV3TkRJM01Ea3pOekkzV2hjTk1qSXdOREl5Ck1Ea3pOekkzV2pCRU1Rc3dDUVlEVlFRR0V3SkRTREVPTUF3R0ExVUVDaE1GUkhWbWNua3hGVEFUQmdOVkJBc1QKREVsdWMybG5hSFJ6SUZCUFF6RU9NQXdHQTFVRUF4TUZhMkZtYTJFd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQpBNElCRHdBd2dnRUtBb0lCQVFDV0NJU0FBcmNmcnpXbWVHUitMbk5vTVVmOXd4WTN6dTR4blFMQUFKWHdyV3ZLCjlyam1taHJLS3ZIU1FqV3I3N0pTTGk4T2pOM1J4eVc2dk9KS3RLRGdlcElndVVpaE9Bbk9HbDI4UXYyRFlsQlUKdFBGOFVqZURMcXZTaWNGVHd6aElsSDBhczNrZXcvZXBwWGNic2J3R0FvQUtqZWY2anNEeVlYTXBMd2ZhZVVzdQpXeXlOT2R3b0YzSlh2WERobW1SdnhZZk5XdXRnY3ZCUXNyeW5NUTFuclMvRXVObjRITzRadjNUZGRVbTk2SUV2CnpkdFFRbTVYb3dydmtwY1l3amI3WU9QcjREbE9Fa1c3N1Blb0tWOHJ4R0pnZVVuczlaZnZBbW4xbkU3STJJNUQKeGM3ZmtWL0RzNGNFZ00xeFZoeDNpNGZ2Tktvc0svRGZHbWJNUWhKTkFnTUJBQUdqZ2ZVd2dmSXdEZ1lEVlIwUApBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CCkFmOEVBakFBTUlHeUJnTlZIUkVFZ2Fvd2dhZUNCV3RoWm10aGdnOXJZV1pyWVM1amIyNW1iSFZsYm5TQ0UydGgKWm10aExtTnZibVpzZFdWdWRDNXpkbU9DSVd0aFptdGhMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDFjM1JsY2k1cwpiMk5oYklJUktpNXJZV1pyWVM1amIyNW1iSFZsYm5TQ0l5b3VhMkZtYTJFdVkyOXVabXgxWlc1MExuTjJZeTVqCmJIVnpkR1Z5TG14dlkyRnNnaDBxTG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYkRBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FnRUFZdjNDQk9QRVlsZzlRNUhaN0pBUlNLN3F6a2FscCtsckZFWTlSaEhiamxweQpXa3pacG5ZV1V6U3ZVWGNOemZLZm0wY1BUdkQvcW9XV2JpWWxESjdkcGd1MGJ5aWtYa0JIMWlFQVBlZnh2WThZCnMvalk2UDg5ejhhTk1acGd2RU50L2Q0NmF1SEo5dXBzaEU3YTY1YjdxM3FtbWdTelhqc0QvOFh5TlAwM0hGMnUKTWtCNUM1bXZSUTRZTXl1WHhRMTZPZ1JvVG80ZTV2bUtlSGE3cGVkOHlVQS91MHJ0bHNYY1JxWFlReDllVSs1TgorRVFpYWlSQjZlSDVicEVwSmlYNkY4Q0MrbHF0VDFqUXlYRlVUcDJkMG5LQzB2MVdxRmRoOG8zV0pLcTcvSFoyCk9sWUw4bkxBQm9XOTRvbFhDZ2F5S0pqR01Nd2VFcGhocWkrNHRjOWJ5Y1ZWSDdGYzI4M3dPQ0JyaS9CMk9rREcKdmVrSHNZOWlNY0Q4SmwzNDZRZ01PTXV0NU8wNVh4R2JYK0QxM1BoWHkxRXFVZmw3MzZXUlhlVGpmRmJibkIvKwpBRmc5Zy9sOFJxeEVyblh5MzgyL0xrMUJPaXBWUVlGZHQ2N0FTV2psMS8waGQrT1ZNUWtVK3Y3WW1hZDFtZTJNCmliSXNkNy9LaVNNcWtZKzluZ0c5U2J1U0l2QU9qRmRSMStGTEp3Q3dnRzYvcjl1SmRpSjJVczJidU95dVVRL0IKSThobkFWYTExdzMvVm9hekJuNVYvb2JlZE9SRlJRZzJzMkJDcUwxRXlMYkxJZTAydnNmRE1uK3p0N0xZU1NXRwpPcXoxSUtDVVlDbHBCRG9td2hjK1Y0aXR5dXRnWU5UZmVVNThaS2RjazZ5Q01GQW9lZWJCbTZHK1dmSXJLU0k9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRQ1dDSVNBQXJjZnJ6V20KZUdSK0xuTm9NVWY5d3hZM3p1NHhuUUxBQUpYd3JXdks5cmptbWhyS0t2SFNRaldyNzdKU0xpOE9qTjNSeHlXNgp2T0pLdEtEZ2VwSWd1VWloT0FuT0dsMjhRdjJEWWxCVXRQRjhVamVETHF2U2ljRlR3emhJbEgwYXMza2V3L2VwCnBYY2JzYndHQW9BS2plZjZqc0R5WVhNcEx3ZmFlVXN1V3l5Tk9kd29GM0pYdlhEaG1tUnZ4WWZOV3V0Z2N2QlEKc3J5bk1RMW5yUy9FdU5uNEhPNFp2M1RkZFVtOTZJRXZ6ZHRRUW01WG93cnZrcGNZd2piN1lPUHI0RGxPRWtXNwo3UGVvS1Y4cnhHSmdlVW5zOVpmdkFtbjFuRTdJMkk1RHhjN2ZrVi9EczRjRWdNMXhWaHgzaTRmdk5Lb3NLL0RmCkdtYk1RaEpOQWdNQkFBRUNnZ0VBQ3BsemN1KytMRGplbTNJcDkxZ2t3eG1vTWw5VDlJRmtCcEZISG5Wc0ltSysKR01xeGFXazl0MGF0YXVOT2syVU52Z3lST24vdE0rTFQ0WXR5bVVDRmxSWlR1SWdlZjNWTURBbUUwY1lSenZSbApKSGJjRUtKbVZaZzRmMWxJRlRqWGd4a3FkWFowZWgzeUkwUVRWQnVNWXdoT0wzQ3pFTnFBK3g2eldoZCtnSXF4CmVUTHJYV3ZHME51RXV4UGpUZWRMbmZ1M01Ock9CV0p1bVFiaWtNUGROUGRweHZyQzFHNzdHdWFCMlJjMDJ1M3oKSFF5bUJ0RnhGdkhOUVJVU0ZGRWd4aGY5WmorVXhCMVUwbjZKcy9iNlZMSmQrSjI1ZDIwYUNLOGlETG1SMmRQYQpvRndHT1RMRUFkcThUd0hjZ0hDMkNIQkNDT2pYT1ozYXRXZUxwWHdxZ1FLQmdRREJBTGdOdDE5TWk1a1lqYndKCjZJNTNPd0lkLy96S1RlckRTenZhSFltU2FkTEdrTWY3b2JWSFRnbkY0dTE2b1B0cFN1ellxbDJpMTdjY0taU04Kd2FINUpXS1pOZUt4NklDMDZqNDZScmZhZTV4RkY5TFM4YWpEV3ZOaWlyZ3hPMVU1TGZjSmc5ZUIrWTNwcmNyRgpkOElyS0RhOUxxaHVnczlZUmxGMWM5eGlmUUtCZ1FESEFVV0pNcEhsRHBqTmlXUUZjelV6V3cvZk5jSW9sT0pwCnBweldaSlhKNXUyY2ZlUXBkOCs4WGJOdU12cnQyUHZNYTgyMW1kNmJmRGtiMTZyc24yRnM0SFRkY1FyMnhWUUgKbUZOR3pzWEVMa3NoMzdsQ1pCbjk4c09TR0wrenBiOCtTeEtqQW9xVXFPNVFZeFpFQVVCdEdYWU5KZWQwNnhsWAo4bGZlWU93b0VRS0JnR3JteHd0eDRpczN0MWpPU0xVRVJzVHJ2a1Izb2NFOFh5aEU1NlhzYm1MV2twVEJaTU9QCjBpVG9xS2tmQklMRDMvMTJMckhqeTNHRElqMUxHcWxaOHlsWTk3LzlCTStlQkl3d29yOE1wSkV6bmw3Mnp5TmcKRHlZRm5vR2FiR040aGIvaUljNzNZOHJ1T3hpUDFweUJ0TjdLcTJjbURNMEpUMmVKcTF6dkM4YlJBb0dCQUtMRQpYSDZKMlNDVFh0R0YxVVJMNWJDYWc1SGFvM0tUeTlnRUNYV2xrWW94RWhtVU1tRGtlUW1sVGhRTktJWVBtbXVwCnBQZ3E0Uk1sZUlSWVVwbjFCamVLSXF2WVFOSnp0WFg4MWVndFNUNWJhdUpLM1hqNjdQTnpjeGgwbTU4eEt3bWwKVjVueWd5eHlPM0dPaWZDWFlYMmFmSjdtYUxpTmJnNHJ6a2k1MTQ0eEFvR0JBSXprRDB6blpjbVdMdTkwenpLLwpZdVRLdmExQnNyQWZhaTM5Q0d5MXpwaTlVbDN0M2dDdE92ZFVBYk16ejkxdzdLc1pINkdvZWFROWJWWU9DNlBUCkFJbDMwZmhkWENGSDUvQmg4K1RialJBcjhTeE9INmtST0pSSUVRamt2ZXdWZ29OUndBYXFPK0V3M2pmZVZ0NUkKV2l5d3ArMDFzTkJJWlQrT0h2eVVRbklMCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5ErDMNQAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGorfYhYy08EA34Sz0atRhctmkVr8A ---- -apiVersion: v1 -kind: Secret -metadata: - name: ksqldb-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRFdqQ0NBa0lDQVFBd1JURUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhEekFOQmdOVkJBTVRCbXR6Y1d4a1lqQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOVXVDZ0NiNmQ1U1BHTUNGWXZ6cytaUFJma1FZY2xIRFRPOTYrejgKaTUvOEJ0TGVHMlVMQzczaXJZdWtSdi9CZ0R6dmdkZURzdmJsRGMvZStQcUcvTllMejg0M1ZiNlJsc2xESTRRQwo0U0h4TEsrUUlUZ2VMZkg1Q0tDVFQyVDlNWVpzTlMzelpLQW94Wk1ORnlJWTdwNDhsTDdUV2RUK0NOYSs4K09jCmFSZnRHc3NIUU9KZW5pbFhzdC9CTWR4MC92ajhsYk0zNmJJekVXMzRFNHIxdTJwYS81bUpveVVIeTFwVjk0REIKZmc1aVVvSitSYWxCclFrUVp4MkdEekdsbkFHYzZ6R1JrdFA4Ujk5c1hFU2pGL2xrWlRFOEI0aXdtL3o0RmRpdAp3Vlo1WFRlYWY0TFNHZVV4TXU1ZlhyUm9yRUUrR2F5ZVdqaHdnNVlRTTZSdnhLc0NBd0VBQWFDQnp6Q0J6QVlKCktvWklodmNOQVFrT01ZRytNSUc3TUlHNEJnTlZIUkVFZ2JBd2dhMkNCbXR6Y1d4a1lvSVFhM054YkdSaUxtTnYKYm1ac2RXVnVkSUlVYTNOeGJHUmlMbU52Ym1ac2RXVnVkQzV6ZG1PQ0ltdHpjV3hrWWk1amIyNW1iSFZsYm5RdQpjM1pqTG1Oc2RYTjBaWEl1Ykc5allXeUNFaW91YTNOeGJHUmlMbU52Ym1ac2RXVnVkSUlrS2k1cmMzRnNaR0l1ClkyOXVabXgxWlc1MExuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDEKYzNSbGNpNXNiMk5oYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQVR3MVhQR3B3ejVDR2pXZmYraXMyUXMrbwp3eFl5Z2FMN1k2Q3BnTTc2eCtidjZySVFxNE9odWVtK1VRMTJueGdsTW04a2xFczY5dnk2alNja3pNekhweFkvCkljREdDNVZQQTQrNWVoVmpybzgrU2F3dzY4aWdXL3lEellMU2h0N2RmYVRZbHpWUFEwVVlMNGFOSEJ4U0wyVi8KV2dpa0daL2R3RzVqR3B5NmM4UEtTVGpQcWxwOVErQnRwcnVpbnlySWlwYmhYRGtVbnZkaitMM0QyVElDVGZlYgpldm5xQllWRURvWnJTbTlWU1l0RTQrMEM0WndZMFdWT0YwV09Sb2RoeldGdWtOeTJEYTMySFJwSGo3T2U2bmVjCnBVK01UbytpcERmbjF5ZnQ4S1p4SDh3cTI2aGZYZWFNWDZ3VE9RVEVDT3R1SERhd1YxNXd3SEoyeWpjV0VRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EtLiRAAABQEwggT9MA4GCisGAQQBKgIRAQEFAASCBOl9GF22s8Ef9INR47xmKtIlr4BrJ/dZZ3IYnYCI1nKOJRLLt513S1TwKQpT4PSqhzN/1Mx4qevsM0fm6bGWJw9hAqjyUKehRN9mcEoyYC7AMZUcwUp7Xw/B5mLgcuX0jeuPzMimdkLXw1m8mUx1XqcH58a+HI+I5upeQn8HWqsS4BsM/fSiOjAmyDMZ/aSQd9tB/E+0+ToghX8sFzQgH48UyniEYXcxR9rd/ja8KxHapKc24X7twPL9q7EjQI/83xu7ahpbwFSPv1Xk0fpp9YhZP/DUwCh5OCjI24xc8Bk/HgbSPec6hi69QuHAfgKNfOYhVnyCd6PKBQo3OMrPER6y7QL6pQvhaFoxC2faSfxJXLVpIgfOWgaBvRK2IU0df/4ptTJjJjqrJr/iq56W4Cn9NX9FhL5JKOcc6b250J6d6kRR93MKNwZxQoN0AczJKX1DpChfyDzl6znl6MWoFwHBW1kKoCLW0wthv/SNkBcJoctpy3hbxUE+CgythJ9wSofEx2MJt4pvwskgxgRmUUpAVIDPZjio2sdniRrdnGvcvYVVuCB0ed+rsYOFd9odKll1ykMf0NTjXLpTucTd8Oz+X++Up7RuFk/dPEtTnAX9BuRPhm+00twaH2E4egcDpwOATiwgjP1AadKZZv0texjG6opxU94rgVJwaoNB5zw423SCWNcyPyl7YGybI8kJhYJIuupCMPP0Ab6aK/gFTsVRlQrKaKLwigca9AeyhPyM3MPzTT2cIDdF9YLI6EuMw5wbZoJ2hSqTFEY1nP8m0+lbJJBzlxMtUmKOiEpSyb1yXSRB+JR+9dnfhKMRTyTfQ7DpbJW04Fa8oPTUK2FWEuuzw6jln0+1HEUpU/jpdUvobYiqv6xKsoJjzXQTWqzukn4FckX/bYEHoWKuSLDWDZOYdFM7A4VzHZ8Z1+No3aaS4ezqahSRULSz0Xg/Nti6znuFfbVp+9i9Wl9lOPYfnqTAf6kRx38usP+DAFZsK7kqRB30pFusSRkF2HOCZQ4OGgxUJXewyz2PJaBv/q1EnY4/ZOojmSxyRJnyzPz5rtW46bX/ZICqdpJ87IkoLWiEtvz43MY4iQh6QeUgbwwGptc1lN4/xDosoT9ty2WkeRiB3Jaria4xQNNDZh/D82hT62AyStiA6wdO4Bcj2c8dz/2TAfg3pxiGnPJEanAWXmSS87BtZDlAnyADJXH1PF9dL5xa0tFFfIQua46xDfe16GF4kU/ZNRya1kpRpYdbIk9mVncmb+ZO7jH+jAFdhnRKCX8cdwC4/kmSp+w/sOSeT9hg4qmr3pZHUXZRYoOVpM4U4HOsvY1Y3TKu8n01FRZMUNX9DhzmxClB9GGex9d2DeR949jfo7bQXf1eeaWTAQ/Vc/1j3woOaDaXhDd6rdoi/6em9JATed/qSrU58juucruVmMDFu8C9q0kFxfJO3JnfBQrqY4bJcNtdx2WiDhtaDLr0LZe8Gsm1HlDuYf2ev2XEA3iyUb/EqroezIEPAse5gG89Y4c4YVgLOoSXjI1P+ej2uG8FRjA+jAOF0/9wgG90JYeB1aZ4eAKG7cNWU/o0BdZRtIQH2qKogIoEig3/Ukx/xX9zOUUm04+7VdyVtdTKzc6rdDrAxQJVHz3BeZqrdwJK4mdxm2y/SM2YKruNs4pw5DmzKLsu+BYAAAABAARYNTA5AAAFFTCCBREwggL5oAMCAQICEGSSOmeurnqTa3lIjrqZWMMwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDI3MTAxNDQwWhcNMjIwNDIyMTAxNDQwWjBFMQswCQYDVQQGEwJDSDEOMAwGA1UEChMFRHVmcnkxFTATBgNVBAsTDEluc2lnaHRzIFBPQzEPMA0GA1UEAxMGa3NxbGRiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1S4KAJvp3lI8YwIVi/Oz5k9F+RBhyUcNM73r7PyLn/wG0t4bZQsLveKti6RG/8GAPO+B14Oy9uUNz974+ob81gvPzjdVvpGWyUMjhALhIfEsr5AhOB4t8fkIoJNPZP0xhmw1LfNkoCjFkw0XIhjunjyUvtNZ1P4I1r7z45xpF+0aywdA4l6eKVey38Ex3HT++PyVszfpsjMRbfgTivW7alr/mYmjJQfLWlX3gMF+DmJSgn5FqUGtCRBnHYYPMaWcAZzrMZGS0/xH32xcRKMX+WRlMTwHiLCb/PgV2K3BVnldN5p/gtIZ5TEy7l9etGisQT4ZrJ5aOHCDlhAzpG/EqwIDAQABo4H7MIH4MA4GA1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADCBuAYDVR0RBIGwMIGtggZrc3FsZGKCEGtzcWxkYi5jb25mbHVlbnSCFGtzcWxkYi5jb25mbHVlbnQuc3ZjgiJrc3FsZGIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2FsghIqLmtzcWxkYi5jb25mbHVlbnSCJCoua3NxbGRiLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIIdKi5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWwwDQYJKoZIhvcNAQELBQADggIBACq2FIEHRRMafIdY3Y4bynUKyfjBI+09yyxNubu1Rx0DLG7jEsUcGqpbFE/zDOGQ0SZzwbVGEFhAbyYeGpqZZy4gJ0N36b1lpe8HDL5RBNuEG8CsSiWuQi2dmi7pgLbJu16CPFcuGJEQKMnGH7hPOCuVqcx0/jkTqFpEbJaGsl4HVLRMSIBY4/eV3PkHZh5v3vtZC5m/IkMjaTFiF+YO5ZH/C9dFIZnxwRD+u/UG1oF71lqvuhkmEkcmSWWHwBMS71O4CEMiOGwQ9kaBAMvg61gAS4mGBJjw5UpGValPFr+Zw/RfcV2OI8GWF75O77nsp2kOUcTqBH8PreYzvYfBGVazBCvc+RFnRnrZ41rQTn/Q/bXuNrOmkiu2G1w0pQIL2F4a3CFaRJrB9JB59dzHwQGaGgOMiBkCtkyuVoKh138WMKPbjI12PMAcpX9QQlG5y8k6pTI4vJQC8+vQpKmHgtTaO48A5hC5+Ioifye0oQJow6MwpiZWve7vEKc+JgiqV5V5HD+HBOLiUwmDc2Jgg5KbxJWpmYfxjtaRO1x2lkT9zQDnVFD3JyTr6ZtIltgPLMwfTTFVR3sQFEyMKaWf36goVRV7wI3YGyGGzUPXE2k5FWqL8TiOH/w6p079nh0KeQRDeaPfuv+3OE+0p/Qlvxk69SsNknAEJN1LvIn9RMbyAAAAAgACY2EAAAF5EtLiRAAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGohGNcwaQ8wkWlh4HRH6NNI1nRPM7 - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZFVENDQXZtZ0F3SUJBZ0lRWkpJNlo2NnVlcE5yZVVpT3VwbFl3ekFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjeE1ERTBOREJhRncweU1qQTBNakl4Ck1ERTBOREJhTUVVeEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1ROHdEUVlEVlFRREV3WnJjM0ZzWkdJd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQQpBNElCRHdBd2dnRUtBb0lCQVFEVkxnb0FtK25lVWp4akFoV0w4N1BtVDBYNUVHSEpSdzB6dmV2cy9JdWYvQWJTCjNodGxDd3U5NHEyTHBFYi93WUE4NzRIWGc3TDI1UTNQM3ZqNmh2eldDOC9PTjFXK2taYkpReU9FQXVFaDhTeXYKa0NFNEhpM3grUWlnazA5ay9UR0diRFV0ODJTZ0tNV1REUmNpR082ZVBKUyswMW5VL2dqV3Z2UGpuR2tYN1JyTApCMERpWHA0cFY3TGZ3VEhjZFA3NC9KV3pOK215TXhGdCtCT0s5YnRxV3YrWmlhTWxCOHRhVmZlQXdYNE9ZbEtDCmZrV3BRYTBKRUdjZGhnOHhwWndCbk9zeGtaTFQvRWZmYkZ4RW94ZjVaR1V4UEFlSXNKdjgrQlhZcmNGV2VWMDMKbW4rQzBobmxNVEx1WDE2MGFLeEJQaG1zbmxvNGNJT1dFRE9rYjhTckFnTUJBQUdqZ2Zzd2dmZ3dEZ1lEVlIwUApBUUgvQkFRREFnS2tNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CCkFmOEVBakFBTUlHNEJnTlZIUkVFZ2JBd2dhMkNCbXR6Y1d4a1lvSVFhM054YkdSaUxtTnZibVpzZFdWdWRJSVUKYTNOeGJHUmlMbU52Ym1ac2RXVnVkQzV6ZG1PQ0ltdHpjV3hrWWk1amIyNW1iSFZsYm5RdWMzWmpMbU5zZFhOMApaWEl1Ykc5allXeUNFaW91YTNOeGJHUmlMbU52Ym1ac2RXVnVkSUlrS2k1cmMzRnNaR0l1WTI5dVpteDFaVzUwCkxuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2doMHFMbU52Ym1ac2RXVnVkQzV6ZG1NdVkyeDFjM1JsY2k1c2IyTmgKYkRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQUtyWVVnUWRGRXhwOGgxamRqaHZLZFFySitNRWo3VDNMTEUyNQp1N1ZISFFNc2J1TVN4UndhcWxzVVQvTU00WkRSSm5QQnRVWVFXRUJ2Smg0YW1wbG5MaUFuUTNmcHZXV2w3d2NNCnZsRUUyNFFid0t4S0phNUNMWjJhTHVtQXRzbTdYb0k4Vnk0WWtSQW95Y1lmdUU4NEs1V3B6SFQrT1JPb1drUnMKbG9heVhnZFV0RXhJZ0Zqajk1WGMrUWRtSG0vZSsxa0xtYjhpUXlOcE1XSVg1Zzdsa2Y4TDEwVWhtZkhCRVA2Nwo5UWJXZ1h2V1dxKzZHU1lTUnlaSlpZZkFFeEx2VTdnSVF5STRiQkQyUm9FQXkrRHJXQUJMaVlZRW1QRGxTa1pWCnFVOFd2NW5EOUY5eFhZNGp3WllYdms3dnVleW5hUTVSeE9vRWZ3K3Q1ak85aDhFWlZyTUVLOXo1RVdkR2V0bmoKV3RCT2Y5RDl0ZTQyczZhU0s3WWJYRFNsQWd2WVhocmNJVnBFbXNIMGtIbjEzTWZCQVpvYUE0eUlHUUsyVEs1VwpncUhYZnhZd285dU1qWFk4d0J5bGYxQkNVYm5MeVRxbE1qaThsQUx6NjlDa3FZZUMxTm83andEbUVMbjRpaUovCko3U2hBbWpEb3pDbUpsYTk3dThRcHo0bUNLcFhsWGtjUDRjRTR1SlRDWU56WW1DRGtwdkVsYW1aaC9HTzFwRTcKWEhhV1JQM05BT2RVVVBjbkpPdnBtMGlXMkE4c3pCOU5NVlZIZXhBVVRJd3BwWi9mcUNoVkZYdkFqZGdiSVliTgpROWNUYVRrVmFvdnhPSTRmL0RxblR2MmVIUXA1QkVONW85KzYvN2M0VDdTbjlDVy9HVHIxS3cyU2NBUWszVXU4CmlmMUV4dkk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRFZMZ29BbStuZVVqeGoKQWhXTDg3UG1UMFg1RUdISlJ3MHp2ZXZzL0l1Zi9BYlMzaHRsQ3d1OTRxMkxwRWIvd1lBODc0SFhnN0wyNVEzUAozdmo2aHZ6V0M4L09OMVcra1piSlF5T0VBdUVoOFN5dmtDRTRIaTN4K1FpZ2swOWsvVEdHYkRVdDgyU2dLTVdUCkRSY2lHTzZlUEpTKzAxblUvZ2pXdnZQam5Ha1g3UnJMQjBEaVhwNHBWN0xmd1RIY2RQNzQvSld6TitteU14RnQKK0JPSzlidHFXditaaWFNbEI4dGFWZmVBd1g0T1lsS0Nma1dwUWEwSkVHY2RoZzh4cFp3Qm5Pc3hrWkxUL0VmZgpiRnhFb3hmNVpHVXhQQWVJc0p2OCtCWFlyY0ZXZVYwM21uK0MwaG5sTVRMdVgxNjBhS3hCUGhtc25sbzRjSU9XCkVET2tiOFNyQWdNQkFBRUNnZ0VBTFRYOVl4R3Q4THVLR1FsWkhueEoyLzlWL0xOdnVhczY3bzFKMnRIWW5zNXAKZUJFb3lDNG1pRmZwckdManQ5d0c0V1YrS1FIQ1U4QlNSSktxUlIrWndaOXhxKzlxWE9jdGpuT1J0YTZTcG9zcQppZlZNUmtXSVF2Z296ejFPcWtGVVhvaldZbTlyR05oc3hub1JQT2NDdkVabTJXMmpjSnVMcmxlREMvT2hDalNZCmtJMGdSWWl6M3YycGJESTYxTEk0T0VnMjlVQ0ZzV216cU01V1RwTDRQZTVvTExiRDhObGNSdWxvK1N1bGxEVHMKVG5RNVhkaStzc3JJMkV2Rk51ajYweEJSWXVuL0l1MEdEZ3cxb3dzcHdnNnRSUnJpeWJTUEdXeDBLSSs4a0phNwpWclJuQmNPLzBHcVF2MWs1Q3FWb0RCWHN0L1pUZ1dFUWhzdzQ0T0dXK1FLQmdRRFpaUThWSkY4dzdYcDlKNlRJCjVvdTdvYWNYT1NVTkt6dW41VE1GMUJYUDJqa2xsRHlpcCtZKzJ3K1UzL1poMUVXSFA5V1pSVGxnSEJxSEU0YWMKUWNNanJ5RmdkSEFZaCt1U2w1MkNmbkxkc0swUHkvc2QxVWcwcVpmWFV0Qk0vU2VaSzMweWlKZXlNN0d1VlZTZgpVSmVITzBraDk3QkdCQUlpQVFIb2lncVNSd0tCZ1FEN0NWM08wNThsTDVzZHh4TENGdXFYT29Udm1HRy8wRmErCjI3VnV1Z21malNMdnR6QkxMdXVQeFVvdWZpZXZ6S2p6TkEvRCs5Rm5MajdXZnlwa1NCL2g2a2syelE1STNQRmwKbWJFejJ0YmRSQjgxV2VlajFBVlFzSWJwbk9pZEk5ejVrRTg0V0hZOGhHSk5sVVJIdFZSVDFaSmdZYmJIRjNLLwpoUVNUQnByb2ZRS0JnUURKZDBWZUE0SVFOdFNnTGVBaHFyNXVXV1lmT0g4azBCOE4vbk9sZ0NIaXFVcnlqNGtOCitHbUJjTVBrNVJWUkhrWjlDK1Jva1dXVnN4WEdmb3J1UG1lWXAxRllNVEE5RzZGdURnSVRrQm5sWnpsSy9XK3YKK3h0YWFwemtHTVFmeFRBd1c4US8wNlE1cW55TW9sbTA5eHdtWUFQcmJiNjNkRG1CeDhzNzlNbk5Pd0tCZ0RrbQpnTHk5WU5YT2FMbjJ3RVovZ1JpOHNkYjZFZ2JoSDE2RUZtSUc2SG55WDZuRFFyTmJFelcvN0l0NUhQL2d6L1hPClBHaVp3NnFCMUx4d1p1NDluVVNKV2ZHbjdVQ1pURHVkS2NKc1o4NG4zQk1CVE1MM1dkNXMwY29OZHNlUGlwY20KUzJMQWdPcDJHUXNnbUZMYTdUL0l0M0pKekpxMnMrRDJIM3g1WEhyaEFvR0FOS3hrSm8xT0VMWGdlZmRKbVltdwpZNVlEK0x5ZmNMKzdGUlNHbTVqdjdMQ1FYbTZqTjRqTHFDNUc3WTEwZjg0UGE3a3NrSkJsNCt6NHh3Q0NHZlk4CkNFdDNYNFhNMVhGMDRNSDB0U1ZYN21IY3ZLbVgwRW1vVVFTMXVsaXJUYjNTSXVQMjQrdlArYkJKSC9aZzYzN0QKdWRYTTFFN3NFSHAxc2NpUG1ZMTJaY0k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EtLiRAAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGoqypfVz1zt0phuvrz37eH0Xveps6 ---- -apiVersion: v1 -kind: Secret -metadata: - name: registry-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRGFEQ0NBbEFDQVFBd1J6RUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhFVEFQQmdOVkJBTVRDSEpsWjJsemRISjVNSUlCSWpBTkJna3Foa2lHCjl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF5YytJcXFLaXZrWk96a1BIeXBtdTd3ajZndHB1QUE1K2J4UlUKSkJ6WjFlNHFtcUFEbVpIOE1PTzJrSDlUV2FvZTFDWXFBN0xnT01tSTlWR1N0UC9EK0RranlhZFlUUDJuSmk2QwpXUFNtRFlzck1KNHlPbWRZcDdMdHB1NWdhQ1BPN0toV255eTdGbnA1SDY4RzVySnRqQm5HS2lJZ3dTbHNmOUxnCkZIS0psYTlIWGlyeEJBM3g3Wk4vYjl5Z0NLdndMWDU3M2lpNW5QVHdIcldxNDFLT1dGYkFKZG9qWGRiYlBYMUcKZFUzNmdINDdJR3pvaFlRdHBldTh5VXVsV21QNFZRVnR4eVBOaW5TVFYvY0g1NzFONlNZbDRzb3JaUDdXTko3YwpzUi95UWJWZDZUVDhHZ0NzNDk1UTk1SzN0UUxpNlBWZ2xnQ0hFbEVJVWdwU1h4MCtKUUlEQVFBQm9JSGJNSUhZCkJna3Foa2lHOXcwQkNRNHhnY293Z2Njd2djUUdBMVVkRVFTQnZEQ0J1WUlJY21WbmFYTjBjbm1DRW5KbFoybHoKZEhKNUxtTnZibVpzZFdWdWRJSVdjbVZuYVhOMGNua3VZMjl1Wm14MVpXNTBMbk4yWTRJa2NtVm5hWE4wY25rdQpZMjl1Wm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNnaFFxTG5KbFoybHpkSEo1TG1OdmJtWnNkV1Z1CmRJSW1LaTV5WldkcGMzUnllUzVqYjI1bWJIVmxiblF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDSFNvdVkyOXUKWm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJQSE9xZwpZNUhUSDVIamx5SFhxa2I5UEVWUEllVHFOSWdLYkZOdWVQcVpKKzcvUEFkNmUyUS9ERlRHQ3Zmb3BUcWNoYVBtCmo2YzY0V0pqQlAySVM2U1B3MVRnQ0hqVmVmU2UrUzdFUUhaS3ZwS1NucWVFaEhkcGRQdVJ2RDc5aEVqbDFQNFEKQTJyVk1pTzkzdmVWS2JYWVpOUENlNDFsRmVWaHdveFNuQWNHYmdJeXVPOW1KZEZLVjV3czR3eEdKOHhrTE1waAp2bUNkcG9BNllVbjE4aVMrd2o2aTA1enBVbXh5aFhXS3IzMjhOdjBGQUozQUlqaVo2TlJucEpUU2piVkFuNHVDCkRJeGxDa2F4V3NwSXhwUk9HWWFiV0JZblJOTzNFTDdKcGg4R3U5alE1SHF3ZStFYUV6K2gvYWtqZ0w5UHJzNGMKa1AraGV0R1c1VjVXSnVxdgotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5ErpCCgAABQIwggT+MA4GCisGAQQBKgIRAQEFAASCBOrWJqMF9Cux5JN17Z5f866XfWbVPU7Ii1Px81GcL1CBiF/tW/AO7mWHLBSrXNy1+c0husWdd058SGkcFY153mUluN1X+rJ6djc659fyN+gjLG0nf1nrjyf8abG/mvLg4s4cd5Z6i+RHTNlGAa7YiBJghaGdENrjvOdSwc5IoJt4kX5S24msdq/C9Po+ROvyP+lMETpd58yVLBl681FAn+0KvbjDTO1xLcVgn3tYWryt6bCFO1U4AwrzxGyXkQDldAmTQj4EvuBk7sJoErhr7nvwxFDfjA1aynw8hsvLVDYVscrVjRpLFU+Db90A+eVKdU5a/Bb97wb7u3kEdL4wi69LVYOzr+bNJJ7Yb7zb5mjJy12cHg+ZghImIGdCABbpbKrIjpfKKJYoNJFMkGGNLaFeUy+VB7t/gqSrFIu+4BlgBALnFN037ijw7RKEt3SKneqTEPg/41hriV9UjQsdpLMXv3uLPP8uzHXr71U0JuN6neGClaUUViEzpEw1Zwwfbw0+lrObyEKB4INPQgmi7UlL+wNdGrW/wHGpqmgO2AUt9Rxly1r9A736edEM8857VRU3Md9WAANimptiuNfHsjhoLh9i2fqu51AHcQev2MYAYI5G8nFA0EHOJB1uSErn8SoTcRmv819gTNRrkzNTQuBNY5iLmb+z7s+5lqInQjRQNqZ3bwC9Lqa9PYEOrS6H82LVQZoWSBnEkHnXyjWWuQEdEIUCTSv3XbcQ7VkNFMYl88jFiZApI1rZNzO5GlmX0BM8eDJHhF6SdG2EoxntwpIvFi7SR66nWGxpt1MtxH2t+A1v0rX0LRhLbvt3OzFTCZY/EW0HMHD7wzesmzNXgLDHi5fzX+dHLrGNg5C1q1zQy7phdI1omW5HSxAxuqWyypqAql2y/DBLwFozEm/ftzr+ERKd9qF92Z8YggKRUsRu8qqMHBkp80Yzzx2jakg+0Cy+f+We7c23jxyVR4CvinBHepatm3Y1mjLzx2UM+FgLxzavqV0BvZiOrlyKru3TO7O3a7dOlHyci1+R86y16yeukn88V4ayAhwqrbLqa2oOhgHGvobUt8wngU7VCNQg0kNn7QuTfyyFOTOxuCswRLyNjp0uPTmbgEYKnckXZ2bo7G0A6U1HwE/h9wnOiOKcVeMA2tevUFayqlyC15caMv666z4+4EkfnzN/ANWDGYAheOXqfDynUgLACTgvDlUPIAl2g7bSA9dGoCvJAqyxAJ8FSd27QhqCxiWuV/LEPDiOI1R9Qos6AMtzCFK7XIOqeUCEpXdvxHgB1VjsPxgk0nd8FemizX0LXFLyBatEh53CyMRJGovdHztwKr12/6T3ClYh7DbjGLw8WnqqGN6m4LBmWJ92haDUnVpDb9WeeGHopZxk8iVXofdVcXEiVRaJWOYV/h/oTjDrXX39/UZZ6MlrirGe3lkxbgtqMa3atlTL2wg+r3C9rDLsS5sq247xU3y6Sv+XtTbJ91WVBPJVbcMioImJ68zBDC6AJehY40ytl3fOiuqzE0lbbsmnuX6yD+Yjwvlp1Vpf/0pv4b3zSEohU2kBlA8LW3HwFscNdbs5BKaOABxRbJ7NX3PNl416XG/rtBHevMuRm2+wWaNY5RrU+vP2SO/OYKS2cKUOEfhfgfgPmkoNDSHG9HnAUnD4mg/ze5MzWkw3DJTNAAAAAQAEWDUwOQAABSUwggUhMIIDCaADAgECAhBwLrRcWC1rU7wsX52RZHicMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQyNzA5NDc0N1oXDTIyMDQyMjA5NDc0N1owRzELMAkGA1UEBhMCQ0gxDjAMBgNVBAoTBUR1ZnJ5MRUwEwYDVQQLEwxJbnNpZ2h0cyBQT0MxETAPBgNVBAMTCHJlZ2lzdHJ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyc+IqqKivkZOzkPHypmu7wj6gtpuAA5+bxRUJBzZ1e4qmqADmZH8MOO2kH9TWaoe1CYqA7LgOMmI9VGStP/D+DkjyadYTP2nJi6CWPSmDYsrMJ4yOmdYp7Ltpu5gaCPO7KhWnyy7Fnp5H68G5rJtjBnGKiIgwSlsf9LgFHKJla9HXirxBA3x7ZN/b9ygCKvwLX573ii5nPTwHrWq41KOWFbAJdojXdbbPX1GdU36gH47IGzohYQtpeu8yUulWmP4VQVtxyPNinSTV/cH571N6SYl4sorZP7WNJ7csR/yQbVd6TT8GgCs495Q95K3tQLi6PVglgCHElEIUgpSXx0+JQIDAQABo4IBCDCCAQQwDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMIHEBgNVHREEgbwwgbmCCHJlZ2lzdHJ5ghJyZWdpc3RyeS5jb25mbHVlbnSCFnJlZ2lzdHJ5LmNvbmZsdWVudC5zdmOCJHJlZ2lzdHJ5LmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbIIUKi5yZWdpc3RyeS5jb25mbHVlbnSCJioucmVnaXN0cnkuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2Fsgh0qLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAJADP27b6KzRx4mHtqp14fJMMe66xZZGrUc3uOEGnG9f7uxsr+mN/8kPUqwIUkXYCSBoql2l4kcqSJPDyOAn9g5N87i/6JyYXogCypQhMkGjUZh3Oej6nJ9/lsKwnke3t8qimRBm6wQrMwLQIH8AZQGnTzIhbNj4xRVNEeFVTEIDYum/DZY6NA/sRFzyDbs8rHvOdbJxoVHGvuK/nu/7AGjnGneqN1iRYv8rxvBcly8jxMtYD0wu41VijyD0cA8fnFOeiyTIOjQ0QuCPq7tE2hKi53U/GE1/mSgk2FX6QlqIuVFnAwFlNxxOamm2Sqd+S0vpFj8KJ2YMDHBLHepq3P0va8l+STeKVbghBZD0w7xv2ypq4oViRZUYV8nXm5uUf+3xZe5nVbhmUdOrFDTi8dE0ywZNoNyY7fiwcA/8b8sJZ8NyHuocIWsY1OD6PkDKjWPQsmZ061abiCVzyzZfscRdP29jRO4EZy9XBeSLC3cUP9tIpMmVy9St94tQTuYzQtPVpGStJ5QO9mUKUHzAM8ZZ/F8gDE1yHxql004YGSGqe1TuX/5oX0U+9k9ReCLhT0R13uvdOmCqOeYfqcr7RPtYocPRfauogKkj3U3kKlGS9zMBIkr7gh4SuraerNUzpAaYQ4LgQx188ZvTkpK07ufxcWE4hZignCUKJjW765hMAAAACAAJjYQAAAXkSukIKAARYNTA5AAAFDDCCBQgwggLwAgkAwCk1qRAIiMUwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDE5MjExNTUyWhcNMjQwMjA3MjExNTUyWjBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALrJQmV40plWUHCZwtWRl0mRqY8RifLa6YrhemNh4GlpLT7D97hNxlc477QCZ8+9HKW+KTmRCt7t1vjbkC8Pl5Q4uVx8g7knCyMhr9SdWJnkkVQEOIwl4QYqjUKsvtWGgCaZdiJ7CtRcJVoguGaB8H8gbFeuTx/L4gNh3KzwWoS0rHAYGCeJDKQRY13OnhMmVhTunmDf9xm/Cpk91YYAXQ8X65V66ScA4wLlllmmdYMbDW3uHdgTF0XIwBsE8zm7QahAq6myjbcylSzZAqOVTtknSFpovcfaA/nqabjzrzKK5zXd9m/ClsTy7nD9WXIYa3MBjlkmBJITayw4aV/rSlBTOHehBnRL+MgOICMeCTeDLwWuqJzOR1Jlxpr69DpAZ27Iv2ZO+3P45g5C+d5/4xtVeQUd5C57dOIeMYcoiuiEzZjUeRzUnZc4Sk/6nZ3qiGKAFSELxwv8FANwfgd7rq4ba/WunC2L8mvVgQDSYEAy3Elw2uswZb2j8+17UTmjCpGOFOhQp9K+2tdq9eeAmFsI8ZGDeK+3m8cPcIFWtBpERbDBlRGf7wogeKtyx77QLuJkWAW9bKzGdeX1E59A0J+US+uRcE6bdQUX4lB4V7jVkQ83asqEXIoT9uWE1j3MluAGRhbLUwmR6Cv7EkuvvxO81Zb7d2Sq6cl4TTSN0Bt7AgMBAAEwDQYJKoZIhvcNAQELBQADggIBAHjqFcAFwJKPlw3UXj6LrzXR0RhTRKuux/9BfcggprOXe4jFtV+XWt+7pGHt0wljGBT+idhxgXWy/CGaZ66OLNiDx9hM9FYGmPeTeogZGRHQpT7IRinK5RJIHggOYAPiCtvKZfTlybX9lOAxi9CwBg7p/O/sDy7g0VZKeEnRM1WBkccuWNCIrqGIqc6Y9QCexPYN7pcBpFp7djaf+6WjcAJhA94PyByHcsN38lWxyYD47BbEZ7iyYIcCrPeVj/dn2oCWJ7qI+kU6OG6Os+s9cGL0M8s8U9ZqYE4ZtBcqkjnsrifn/rXLSW53OmnzLXpaAyiQXwDzQze3LkPGoGo+0XKpCip3TjzqsWfxuk8qkdTA0IOZgZW1le3o6AQEMIZ6Oq/HzUXo1VZpBGexfgSxklidsTxsBnBB7qA77QI0qFZaxC0kVYzilDBcIk/YO1gK5XZF1mGcO5834n76NyoS42JjlmSoc5OPvDZ8mrJSOYwk3r9MARASeV8I/JnvP8StzLv1UI8yBjuWx03E31zgmXHUE0COuXwPMg4nVu2T9g5+MjJOJqyIxsbt6o/XWsSob7wgDoW8ck2Xwm3ItW1hFOaHIU7u3LAV+DJWJYWKc4rbH8p3chWi/Vo1/LqeMvdD8Tjt0gpbdJZbX8vzVxwmWY+enJiqehXLXJT6IqbUyEainAPfsldpFZUDJvjAsK9p1TsHj8g= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZJVENDQXdtZ0F3SUJBZ0lRY0M2MFhGZ3RhMU84TEYrZGtXUjRuREFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjd09UUTNORGRhRncweU1qQTBNakl3Ck9UUTNORGRhTUVjeEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1SRXdEd1lEVlFRREV3aHlaV2RwYzNSeWVUQ0NBU0l3RFFZSktvWklodmNOQVFFQgpCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNblBpS3Fpb3I1R1RzNUR4OHFacnU4SStvTGFiZ0FPZm04VVZDUWMyZFh1CktwcWdBNW1SL0REanRwQi9VMW1xSHRRbUtnT3k0RGpKaVBWUmtyVC93L2c1SThtbldFejlweVl1Z2xqMHBnMkwKS3pDZU1qcG5XS2V5N2FidVlHZ2p6dXlvVnA4c3V4WjZlUit2QnVheWJZd1p4aW9pSU1FcGJIL1M0QlJ5aVpXdgpSMTRxOFFRTjhlMlRmMi9jb0FpcjhDMStlOTRvdVp6MDhCNjFxdU5TamxoV3dDWGFJMTNXMnoxOVJuVk4rb0IrCk95QnM2SVdFTGFYcnZNbExwVnBqK0ZVRmJjY2p6WXAwazFmM0IrZTlUZWttSmVMS0syVCsxalNlM0xFZjhrRzEKWGVrMC9Cb0FyT1BlVVBlU3Q3VUM0dWoxWUpZQWh4SlJDRklLVWw4ZFBpVUNBd0VBQWFPQ0FRZ3dnZ0VFTUE0RwpBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEClZSMFRBUUgvQkFJd0FEQ0J4QVlEVlIwUkJJRzhNSUc1Z2doeVpXZHBjM1J5ZVlJU2NtVm5hWE4wY25rdVkyOXUKWm14MVpXNTBnaFp5WldkcGMzUnllUzVqYjI1bWJIVmxiblF1YzNaamdpUnlaV2RwYzNSeWVTNWpiMjVtYkhWbApiblF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDRkNvdWNtVm5hWE4wY25rdVkyOXVabXgxWlc1MGdpWXFMbkpsCloybHpkSEo1TG1OdmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJZEtpNWpiMjVtYkhWbGJuUXUKYzNaakxtTnNkWE4wWlhJdWJHOWpZV3d3RFFZSktvWklodmNOQVFFTEJRQURnZ0lCQUNRQXo5dTIraXMwY2VKaAo3YXFkZUh5VERIdXVzV1dScTFITjdqaEJweHZYKzdzYksvcGpmL0pEMUtzQ0ZKRjJBa2dhS3BkcGVKSEtraVR3CjhqZ0ovWU9UZk80ditpY21GNklBc3FVSVRKQm8xR1lkem5vK3B5ZmY1YkNzSjVIdDdmS29wa1FadXNFS3pNQzAKQ0IvQUdVQnAwOHlJV3pZK01VVlRSSGhWVXhDQTJMcHZ3MldPalFQN0VSYzhnMjdQS3g3em5XeWNhRlJ4cjdpdgo1N3Yrd0JvNXhwM3FqZFlrV0wvSzhid1hKY3ZJOFRMV0E5TUx1TlZZbzhnOUhBUEg1eFRub3NreURvME5FTGdqCjZ1N1JOb1NvdWQxUHhoTmY1a29KTmhWK2tKYWlMbFJad01CWlRjY1RtcHB0a3FuZmt0TDZSWS9DaWRtREF4d1MKeDNxYXR6OUwydkpma2szaWxXNElRV1E5TU84YjlzcWF1S0ZZa1dWR0ZmSjE1dWJsSC90OFdYdVoxVzRabEhUcQp4UTA0dkhSTk1zR1RhRGNtTzM0c0hBUC9HL0xDV2ZEY2g3cUhDRnJHTlRnK2o1QXlvMWowTEptZE90V200Z2xjCjhzMlg3SEVYVDl2WTBUdUJHY3ZWd1hraXd0M0ZEL2JTS1RKbGN2VXJmZUxVRTdtTTBMVDFhUmtyU2VVRHZabEMKbEI4d0RQR1dmeGZJQXhOY2g4YXBkTk9HQmtocW50VTdsLythRjlGUHZaUFVYZ2k0VTlFZGQ3cjNUcGdxam5tSAo2bksrMFQ3V0tIRDBYMnJxSUNwSTkxTjVDcFJrdmN6QVNKSys0SWVFcnEybnF6Vk02UUdtRU9DNEVNZGZQR2IwCjVLU3RPN244WEZoT0lXWW9Kd2xDaVkxdSt1WVQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRREp6NGlxb3FLK1JrN08KUThmS21hN3ZDUHFDMm00QURuNXZGRlFrSE5uVjdpcWFvQU9aa2Z3dzQ3YVFmMU5acWg3VUppb0RzdUE0eVlqMQpVWkswLzhQNE9TUEpwMWhNL2FjbUxvSlk5S1lOaXlzd25qSTZaMWluc3UybTdtQm9JODdzcUZhZkxMc1dlbmtmCnJ3Ym1zbTJNR2NZcUlpREJLV3gvMHVBVWNvbVZyMGRlS3ZFRURmSHRrMzl2M0tBSXEvQXRmbnZlS0xtYzlQQWUKdGFyalVvNVlWc0FsMmlOZDF0czlmVVoxVGZxQWZqc2diT2lGaEMybDY3ekpTNlZhWS9oVkJXM0hJODJLZEpOWAo5d2ZudlUzcEppWGl5aXRrL3RZMG50eXhIL0pCdFYzcE5Qd2FBS3pqM2xEM2tyZTFBdUxvOVdDV0FJY1NVUWhTCkNsSmZIVDRsQWdNQkFBRUNnZ0VCQUx5aVdmSjFObjE0Sm0weWVldHNIMUdiS04xcTRtcjNJVU1lMDA4MkVIK2cKc1AzN0Y2SlNERkorWnNWRjNsanZaUVdUN3EycVkxOXhNYTFzWkI3Kyt1Um9OSVZuQUdobXAvaE9mTlE5U1lGYgpWakdKalJWK1NDWG9YNjhySGIzNXlvNzNBcENpTlBYYjRKKzI4Rkp1OFdxRkpPOTVHdml5aVpJcFAvNmMyUEdwClRMVUx2OWdTOFNwd0I2aUtkQ0lZUnNBdHI1TUhRNjFDcGM4MUxsMGYrUzRlVmw0QXlMbUI3eC9oMVBoWTNScTgKU2E0N0w0VEpEclJCbmdZMzh5YjE0VHFvdWZERkpaK3lDMjJlOWx1VXArMWxMVjE2MXR2YWNxdElZV0dlTzNZNgpFNm9uZmZUcTFRdXZvbzhzdklEcFdmSzQ4TjNtYm5xN09lMk1BNzdoajRFQ2dZRUExQ29icFptSTdwczV5cVl5Ck1LL2JtSXhBUU5yQnVjVWtzSXExcE5PV2JCa28yVFZ6dG1PTWcrSTMxUlJEZXZ3WlZBa1ZoZmpXV1ZWR3NDbnMKWjI4eG1Pd2I3TXNYSi9ycFJyOHZyQWdpQURvbHNjK2dwbnRYVGpaZy9OWk5rOEVRbGFEMTJHb0lqZEdXc05pcAptWEJOU05TcTU4d2c1d1o1N2l3eDVqNGN6UEVDZ1lFQTg0SEp3R1dOTlFOY2grVGhGZkFwRTU0L3d0Wnd6eEFoCkFoUnprM3FtYzV6SW1abW5yc0V4aWtaWTBsMlpJWmxWYmgwdUZyTXcwY3N5dFoyUkdidVZzeEJPNUxMZXFLcVoKeFU1RjZLbkxBM1NHSVNzT254WmRZRVNydzR2QmZWbXVJSTBTR09Edm5Pem1TVDVNVnFkUGRsK0krOVRpVXNFTgpvc3lsNkxYODFIVUNnWUJDVzlFOTRHRzF6NU1wMFFXTnVOTkVTVW1uZjBSc2FEN3JnTmNEY0xKeHFRVGZ1eG93CkI3N2hXUllCYlU4VjNsZkZzdm1xWjRRVGVOcWRLdCtvRWwwKzZVcHFxN0xZYkdBZUlwbzBnbTZ3QjMvV3Q0d1YKeGlvdWFrKzNoUWZLbU80by9xa21RVFBmdDVnY1JBZjMxK28wUjJBVkZBR09nTFlPU29CbzlUQm80UUtCZ0NlZQplMXZ4YWVzeE05SHNmRzdjVjJLWXdka0ttT29udnFjZStyc0pIcUg2NVd5UVlvYjlhZmtNZnhFakozSWZCNVpWCjZ4VEliTzRGZUtleURsUzRmNS9WekhCTFpnemRUUTJjTWFXc1VwcXFUOVIvcys1UWJqcm1rV2ZNaWx2QnhxSUgKTWVXWVc0UVZ5MVlwYTdSQm5wMHM2QlhKU2xXYWtZUm1kYXdLU0N1dEFvR0JBTXM0SkFUTlNOTFJhU3JmaENwRgpIRVZxNGNUL2dBUWNiNTRHaG10STBxa1Rzek1NL1UwTElRaWZBWk9ZM3djM2VYUUc4YkRGUmR4VXpPL2RyM3A3CnhqNVlQZWpGSUxlRG9wekx2Y0o5RldBQlVBMXVXUFk0eVE2elZVNVNZVkd1eVh5OWJNcGNIeUdHNysyRHhlaWcKVEh3L2prblRGZkRybUNydjNJc0hrZmoxCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5ErpCCgAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGop0nmg8QgU4VXD1zTfkq5kZ392GD ---- -apiVersion: v1 -kind: Secret -metadata: - name: rest-sslcerts -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ2lEQ0NBWEFDQVFBd1F6RUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9NQlVSMVpuSjVNUlV3RXdZRApWUVFMREF4SmJuTnBaMmgwY3lCUVQwTXhEVEFMQmdOVkJBTU1CSEpsYzNRd2dnRWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDdWpiK1drYjlNTGxtQnpRbTVTZ1hBeTVrNmRPNjM5bHlZSUl3K1c1TUgKTEZUQ2diN3lSQUhOY2N3a0RsaG9oVFJpY0tYc0Q3cHBzNEJtK2hsNlVta0FuZDR4NzJ6OC82dXNkMENnT1hlTwowZG04SmFxdWQrVW11cnk3Y0U1VEtTaElGL2tacmEzMFlEemRVSjhFNTFPR29NYk9lZlZRMlMwQlVTeHRRTmFLCm1aYnRoNWRQbUJEckcwamFycDhDZDRZY1BpdHRjSTNiNFdXRXZ1WHpCa2hmN21TRUpSdnBRUkI3YTgvdldMTVoKL0FoblpFRnh0UDEvSHZpckJYa0ZUNXd6MEhuY3NXcGtwd2JWbDJhYVRST0JzMTJUUGJJOXRpMnU2MnJGRHJlYgppRkZERlVVWFVjRitrYXAwRUtSYVNHRHZpai9CZkdkVHZUMFd0N1lGekE5cEFnTUJBQUdnQURBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFrOHRIQXpXY3ZTaFFJRGN3b3pzSHNpYThkNlZnNlJrbG5hbEt0SFgzY0FqRitvOWkKMnU5aWczbVFDRGVGUEpmdDlmSnlLM1gwUDUzSU9TM3VWWDRnRmpkTnU2aVNRY3ZKOXVnbWZ6cUZybWNheEg1ZgozVlZQZm9WdUpEaVpxc0FlZTJJNWhhMzEwMUNsTWdiU3A2YmZBSVNMQ0xoUiswaHVaNnYzQ0FFN2dsUHNZMnhFCjFOSE9ka1dDYm5NcU5Ib3ZWOCt6WlhEYUt3RXQxanVUeW0zMEp2VjluL1hTWGVMQVF4ZkpyMTBkWEkvc00rbzQKTWJNOW5WZzh4cVkwdit0b3NwbEwvbjdNWkNENTRIaXpsbW1KbHpRZDVSUElGaGc4UWZVd0ZHejZydzJKSWE4dQpYeGcwVURDaS8ybHlMUkR0S0QzMUVqWWhud0EzQVMyM0JMbkJ4dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo= - jksPassword.txt: amtzUGFzc3dvcmQ9Y2hhbmdlaXQKCg== - keystore.jks: /u3+7QAAAAIAAAABAAAAAQAEcmVzdAAAAXj0oI9WAAAFATCCBP0wDgYKKwYBBAEqAhEBAQUABIIE6XptDRk9DByyOU1E+J4F19K6tGx3lmtyQYXswcmvhuig4zbLvi7baWqFV9pZrCP1O2vcfsfkByXTezKCLPoJUsT6dmpGzjscwZ90kSkjWytZkvz9xLlEGAwE7DurmXgOXu+ucXtXRvdYMSb9kJsk7zsH37fFoyHxPSAMG2DdHw3yV4ysaGCTHzx56VoaQWz3Ett+Q28hltmfamyzyyGFS4osSQi9Ll/ZW/LJJXOjR5kGG8JTZevBKdEACusMG2RELbg4STBMef2LEwF0TDvCiAK+k6J5pixVP0x0+/JmA4cA/P8Vxc2nu8DapAKuWbQdzpZ3We+O5TRPhdyuFFTtJFicWQnvX3J4/82POM6rDlDI0MtgOL7mmj9mij/2OG7Fqan9eFpFuS4RUfBcTnsOhKku3wDsaAqrwlMm9n8cHk6GBkmYKj1FILYJ9HjS+m60wFdWHA1QTCSWYCCZet8m+K8eyZgI1ZxTFeogL4rgiev8aMw2ZxFphxWCjI2KZ7FsGqPnrVmWAyzjY8gOSfABpDewYTwTmieEvipPojkAEyVNyZXaNEr+bBBzHxduLY9nAL8v+LtZBKUCXpr7eZ9zY2yEBjIb2iBAOHt/+bG/kGZkpgPmJCrgPyRi1ESP+x4+nNr0fQdfgfYDL0qDYlT6971Tln3pvQwUrl3t5QQjBSKlDMa/KNl/uJEM123UodEsT27Rpl6+mLEFGbhcKGkuLfkdxMlytB+jGSdtN/CMF4o6IawvJfIuUavb4YHq/lVDdiEP7Bxi0fuTC/vE7+FR5wlnvF2ZQCk/WowGwTzw/LvBgTk3lO52mhp+lZiz3r1+dZAVwnbUNkcQjBBQqbHF3pk91SL7FXaUZTauNJZxZn+eeNMjR+VtwOpNSnKHeTabGbJczgCVOKU16hO0WqYfshg2GaxqKohOiz9XYkEkGpNQPrG9eqSlwjVOdT8CB7TE3HO5cj7Hd7XeWrY+IxiJ7J6Y1ZKmg78Ru8H0IiOAkuxKWRQamORgckWmj7T5ZJkum4pbcfhsPYrXS2qv9DcfaWmlGB6jbyo8ezLCp+wz2cbwQyXwmS3zmbcS/MftsNej72tdNLtwJHhyCEIyXgAG73AvTxu7qDPf7vKBik94ETVG9mzecJM382GcavV8JvYHGIjZEqunJxQv/MUApL3//ObYzVfYlb206YcjQnTTOFYYEvk05jaCOydOtQdCaWMOBq6jZER3VirFS22digpCpcq80eT25el7yj0b7Leigk/t7oM3hcSQP2K9FYXik6Jr80tkA3K9Zrqd5XqY417OeADFfP9itgq47tvu509/lJi8irloo6IZSkkCrrlOiKU2GJdfFXYQvh/kVkd3vFKpnYllKAjX3CQ9R0Afr200Vc/fnBAhdwe6RXePBGK2rvE5faiiVowm2aUj5cMsdLtM9RiGm05EcM5eIC6kdOJdhq1KCzRZLERCtH5zIM0ttRlE5f5SHNmk74GCui7HjyNhe+r2pa4dkev4/SuOU8gJ+8w6NJsNY01h5uvKjp8IhVU+9UMHZftsXy2aRBPtKBDb1cz1A8ouwpyuJeyy47GOmn7EIQ4OGnpBkrcp+ewLMIkCT+GF1RxUbTmiRMUTkOiY21VXGS/Azh4aRbMdAbXH7AAh3pwnO26cbfAzDYmihBWCxRuZoOibtt4WUAAAAAMABVguNTA5AAAD9DCCA/AwggLYoAMCAQICCQDoW62bU8ygFzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEPMA0GA1UEAwwGU1NMIENBMB4XDTIxMDQyMTEzMzEwNVoXDTIyMDQyMTEzMzEwNVowQzELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxDTALBgNVBAMMBHJlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCujb+Wkb9MLlmBzQm5SgXAy5k6dO639lyYIIw+W5MHLFTCgb7yRAHNccwkDlhohTRicKXsD7pps4Bm+hl6UmkAnd4x72z8/6usd0CgOXeO0dm8Jaqud+Umury7cE5TKShIF/kZra30YDzdUJ8E51OGoMbOefVQ2S0BUSxtQNaKmZbth5dPmBDrG0jarp8Cd4YcPittcI3b4WWEvuXzBkhf7mSEJRvpQRB7a8/vWLMZ/AhnZEFxtP1/HvirBXkFT5wz0HncsWpkpwbVl2aaTROBs12TPbI9ti2u62rFDrebiFFDFUUXUcF+kap0EKRaSGDvij/BfGdTvT0Wt7YFzA9pAgMBAAGjgeQwgeEwgacGA1UdEQSBnzCBnIIEcmVzdIIOcmVzdC5jb25mbHVlbnSCEnJlc3QuY29uZmx1ZW50LnN2Y4IgcmVzdC5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCECoucmVzdC5jb25mbHVlbnSCIioucmVzdC5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCGCoucmVzdC5zdmMuY2x1c3Rlci5sb2NhbDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAHGKR7zEIgFLos6RAIXfwO+EYne3Q8pHB890YSchc+yW0rgDONPPGcl/k6XmsL9+Zs6AIIcO5VVBkFqusrS/h1Zt5yvY+r3elrXa5/xNa3SFLVDRqVDzowpibS7RkCc3bkdYtrOZ7kKYMmV2degBd4sih3lTLd7Qb4y5jKwFkOyvcKiWJ0dVUhRNeCL4DZcR/POA6JtrG7a6TYcz/TNUyudLfO+RFKXuC5GsmeQxVW6qLCcD7QLUBuRQshJW6nLDswnYUgNFM/84Iy8wcAC4/W4guRqj0vnIl8WC3VrFdGSbHLwfvlJqe73l77Q6e4nzxoD73UwZPMycno4KAF2MZBUABVguNTA5AAAELzCCBCswggIToAMCAQICCQCU4on800qmnDANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yMjA0MTkyMTE1NTJaMEUxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMQ8wDQYDVQQDDAZTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWuUSwQ2cXcKxH165cnuaVq07De/UGa2vFbjdkhR5A6TOU074uOqfZTiLPHhKSZ4YYH1+L4K9Q+lbat3gqhvpnUtP+n307YR1eoTyKdd6EYb8vEue4TG6DSPzgatMxsiliqpee5Q0IJQU2ng6Bb7UUR8ooudtYc7nJVi1GvxmuFejF44g/0db7hUSUvmNyDuxaipGtVj9yZqJf5Kc7JCHqih80/7WcWxIalzYMdqvVti5BVvs2bbLIqS/DSRoFy+jO/m6y0YaXi/0bWbjd6pm6noE7t0tTY2jXxmGDMyuOa9acTFWu/hS5TOTnA27p3xAWga+/w30TKvHM7l6jyaSxAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgKEMA0GCSqGSIb3DQEBCwUAA4ICAQAcfOCVH7IEzAauOklzSeDYqIYkvNKFbWtBhUqm3P5jsZoa6+RMkCe6imbNR7wYlzzF+lXuLWkCIQI10WC/dc7RjKDB3Ra6p0fsARa26C+5OaD/prPraOBnZpIP27iXeCOORETZCuePTIodzximX/mxfDp8jE3utuW1qXmxjc6gLChX/IUbHfgWiJz4fU9crSaynqzBBZCaMMpZPEgJXy00kX6tsWKIlVbVULW9KYw1AD+8lNxUzWuceIngm/XYyOM+vmZMDZ0pv+Th9YbtwRlVCAzRyBM5muC2uxg9//VsFs19mqhPr6AISj4IKoxBOCaVUn6L8STM6XhNeO9boW6NPXuaWyCeRaLKOyeMfpBdPfo+CujVacPSQ2YNKMU/a4QE3j/BSuG/P1dlFprbb8ZzGBOvfxqv01zgETfvqS9RgNkqa1D4KRKkOZLYGsuU6jdpq/UB9PXWZETAKu2QA1ckWtNLz9FMPrviGYj1HsazaCYcx7FhEzFejoIsmlarmtpZQH9taLf2cn/ZJrDDncdJBOvyZsmtefS/+k/hKLrgUKEm6QdwVR0BbFc/5GatihCwi3hgoEj0r4F0PYnbp96MLlhKO3kdO02lrXnPzgEG+j6S7dNhTreBBybtMpLl0BAdCnzeOXqQMoeGKQZXoLwn7xReGmzJYcECVzGNqezAcgAFWC41MDkAAAUMMIIFCDCCAvACCQDAKTWpEAiIxTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yNDAyMDcyMTE1NTJaMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuslCZXjSmVZQcJnC1ZGXSZGpjxGJ8trpiuF6Y2HgaWktPsP3uE3GVzjvtAJnz70cpb4pOZEK3u3W+NuQLw+XlDi5XHyDuScLIyGv1J1YmeSRVAQ4jCXhBiqNQqy+1YaAJpl2InsK1FwlWiC4ZoHwfyBsV65PH8viA2HcrPBahLSscBgYJ4kMpBFjXc6eEyZWFO6eYN/3Gb8KmT3VhgBdDxfrlXrpJwDjAuWWWaZ1gxsNbe4d2BMXRcjAGwTzObtBqECrqbKNtzKVLNkCo5VO2SdIWmi9x9oD+eppuPOvMornNd32b8KWxPLucP1ZchhrcwGOWSYEkhNrLDhpX+tKUFM4d6EGdEv4yA4gIx4JN4MvBa6onM5HUmXGmvr0OkBnbsi/Zk77c/jmDkL53n/jG1V5BR3kLnt04h4xhyiK6ITNmNR5HNSdlzhKT/qdneqIYoAVIQvHC/wUA3B+B3uurhtr9a6cLYvya9WBANJgQDLcSXDa6zBlvaPz7XtROaMKkY4U6FCn0r7a12r154CYWwjxkYN4r7ebxw9wgVa0GkRFsMGVEZ/vCiB4q3LHvtAu4mRYBb1srMZ15fUTn0DQn5RL65FwTpt1BRfiUHhXuNWRDzdqyoRcihP25YTWPcyW4AZGFstTCZHoK/sSS6+/E7zVlvt3ZKrpyXhNNI3QG3sCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAeOoVwAXAko+XDdRePouvNdHRGFNEq67H/0F9yCCms5d7iMW1X5da37ukYe3TCWMYFP6J2HGBdbL8IZpnro4s2IPH2Ez0VgaY95N6iBkZEdClPshGKcrlEkgeCA5gA+IK28pl9OXJtf2U4DGL0LAGDun87+wPLuDRVkp4SdEzVYGRxy5Y0IiuoYipzpj1AJ7E9g3ulwGkWnt2Np/7paNwAmED3g/IHIdyw3fyVbHJgPjsFsRnuLJghwKs95WP92fagJYnuoj6RTo4bo6z6z1wYvQzyzxT1mpgThm0FyqSOeyuJ+f+tctJbnc6afMteloDKJBfAPNDN7cuQ8agaj7RcqkKKndOPOqxZ/G6TyqR1MDQg5mBlbWV7ejoBAQwhno6r8fNRejVVmkEZ7F+BLGSWJ2xPGwGcEHuoDvtAjSoVlrELSRVjOKUMFwiT9g7WArldkXWYZw7nzfifvo3KhLjYmOWZKhzk4+8NnyaslI5jCTev0wBEBJ5Xwj8me8/xK3Mu/VQjzIGO5bHTcTfXOCZcdQTQI65fA8yDidW7ZP2Dn4yMk4mrIjGxu3qj9daxKhvvCAOhbxyTZfCbci1bWEU5ochTu7csBX4MlYlhYpzitsfyndyFaL9WjX8up4y90PxOO3SClt0lltfy/NXHCZZj56cmKp6FctclPoiptTIRqJD+Ym0Ks9Ms0nrQbI6SbeWkhpv4w== - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ4RENDQXRpZ0F3SUJBZ0lKQU9oYnJadFR6S0FYTUEwR0NTcUdTSWIzRFFFQkN3VUFNRVV4Q3pBSkJnTlYKQkFZVEFrTklNUTR3REFZRFZRUUtEQVZFZFdaeWVURVZNQk1HQTFVRUN3d01TVzV6YVdkb2RITWdVRTlETVE4dwpEUVlEVlFRRERBWlRVMHdnUTBFd0hoY05NakV3TkRJeE1UTXpNVEExV2hjTk1qSXdOREl4TVRNek1UQTFXakJECk1Rc3dDUVlEVlFRR0V3SkRTREVPTUF3R0ExVUVDZ3dGUkhWbWNua3hGVEFUQmdOVkJBc01ERWx1YzJsbmFIUnoKSUZCUFF6RU5NQXNHQTFVRUF3d0VjbVZ6ZERDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQwpnZ0VCQUs2TnY1YVJ2MHd1V1lITkNibEtCY0RMbVRwMDdyZjJYSmdnakQ1Ymt3Y3NWTUtCdnZKRUFjMXh6Q1FPCldHaUZOR0p3cGV3UHVtbXpnR2I2R1hwU2FRQ2Qzakh2YlB6L3E2eDNRS0E1ZDQ3UjJid2xxcTUzNVNhNnZMdHcKVGxNcEtFZ1grUm10cmZSZ1BOMVFud1RuVTRhZ3hzNTU5VkRaTFFGUkxHMUExb3FabHUySGwwK1lFT3NiU05xdQpud0ozaGh3K0syMXdqZHZoWllTKzVmTUdTRi91WklRbEcrbEJFSHRyeis5WXN4bjhDR2RrUVhHMC9YOGUrS3NGCmVRVlBuRFBRZWR5eGFtU25CdFdYWnBwTkU0R3pYWk05c2oyMkxhN3Jhc1VPdDV1SVVVTVZSUmRSd1g2UnFuUVEKcEZwSVlPK0tQOEY4WjFPOVBSYTN0Z1hNRDJrQ0F3RUFBYU9CNURDQjRUQ0Jwd1lEVlIwUkJJR2ZNSUdjZ2dSeQpaWE4wZ2c1eVpYTjBMbU52Ym1ac2RXVnVkSUlTY21WemRDNWpiMjVtYkhWbGJuUXVjM1pqZ2lCeVpYTjBMbU52CmJtWnNkV1Z1ZEM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJUUtpNXlaWE4wTG1OdmJtWnNkV1Z1ZElJaUtpNXkKWlhOMExtTnZibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSVlLaTV5WlhOMExuTjJZeTVqYkhWegpkR1Z5TG14dlkyRnNNQWtHQTFVZEV3UUNNQUF3Q3dZRFZSMFBCQVFEQWdXZ01CMEdBMVVkSlFRV01CUUdDQ3NHCkFRVUZCd01CQmdnckJnRUZCUWNEQWpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWNZcEh2TVFpQVV1aXpwRUEKaGQvQTc0UmlkN2REeWtjSHozUmhKeUZ6N0piU3VBTTQwODhaeVgrVHBlYXd2MzVtem9BZ2h3N2xWVUdRV3E2eQp0TCtIVm0zbks5ajZ2ZDZXdGRybi9FMXJkSVV0VU5HcFVQT2pDbUp0THRHUUp6ZHVSMWkyczVudVFwZ3laWFoxCjZBRjNpeUtIZVZNdDN0QnZqTG1NckFXUTdLOXdxSlluUjFWU0ZFMTRJdmdObHhIODg0RG9tMnNidHJwTmh6UDkKTTFUSzUwdDg3NUVVcGU0TGtheVo1REZWYnFvc0p3UHRBdFFHNUZDeUVsYnFjc096Q2RoU0EwVXovemdqTHpCdwpBTGo5YmlDNUdxUFMrY2lYeFlMZFdzVjBaSnNjdkIrK1VtcDd2ZVh2dERwN2lmUEdnUHZkVEJrOHpKeWVqZ29BClhZeGtGUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcm8yL2xwRy9UQzVaZ2MwSnVVb0Z3TXVaT25UdXQvWmNtQ0NNUGx1VEJ5eFV3b0crCjhrUUJ6WEhNSkE1WWFJVTBZbkNsN0ErNmFiT0Fadm9aZWxKcEFKM2VNZTlzL1ArcnJIZEFvRGwzanRIWnZDV3EKcm5mbEpycTh1M0JPVXlrb1NCZjVHYTJ0OUdBODNWQ2ZCT2RUaHFER3pubjFVTmt0QVZFc2JVRFdpcG1XN1llWApUNWdRNnh0STJxNmZBbmVHSEQ0cmJYQ04yK0ZsaEw3bDh3WklYKzVraENVYjZVRVFlMnZQNzFpekdmd0laMlJCCmNiVDlmeDc0cXdWNUJVK2NNOUI1M0xGcVpLY0cxWmRtbWswVGdiTmRrejJ5UGJZdHJ1dHF4UTYzbTRoUlF4VkYKRjFIQmZwR3FkQkNrV2toZzc0by93WHhuVTcwOUZyZTJCY3dQYVFJREFRQUJBb0lCQVFDTmFaejdlTnhIOVl6aQpFYUI5RWpFUy9sOEc4dENyRE5YN0VQTk5XWmNGeXE1b1hnQzUrTXFWREVwY001c0FJbHBNSGdMdCtkZ0Y1anh5Ck1OQVBQMUIrQldlTGdQTUZESVNpVm9KdXk5L0dQdEJ0RXY3eUZZUDZHbkxvVDVYRTNhVWFzd0ZHQW1UWmhGWUsKM2xQVi95cTErTzdYUEFxNEV4blk1VkJldXBhVTlYNlFpUG0xYlNNSnloT0RGMVdxL2c2U3FJWW5MOVVYYUw2MgpUalRpdDFRN043VTUveFBtTW9zWDYxUDdzUm5rdE9PQTZPSVIxYWJIUnJLY083UWlPTkJaTXpIU1VKRlc1STJvCjNJbVdTYnl1dEFuVGZYdFo0dm9aRDlsMmc3V2VpZTQ1VENsSmJyN01UVVF1Zzc4MjhUckdXRVd5ZmVRR3dCbkkKSThFb2dsTjVBb0dCQU5xckdFcEhuaFhSaVB2UVF6VS9kYVorZVVnRzlxa1FqMDhtcVFYZjJTWllSdVpVeVBuUwpMOWlNUlFYNWQ1Zmt6dWEzdis2aWFaWEtsM2hYT2gyNWdqa2x5OGxaY2tKcUJjZU5EZjhoSDNmWnYxUk9ScVFuCmVRQncwYVJkL0p6MFY1aUZ2ZkZTeGdTaVo2cG9kZXVoTnFKT1VFZERXRTdoWTF0dVMwRTlIZVFuQW9HQkFNeGEKbjFCSGJOYnowb1RVd0N5QmowdFJqWklQaUU4ZjV4RFR4SDF0N1prMVg1SThHMW1qakdCTWQ2cmlpaEZ1TElYbQpaUUJDaGZ3ckoxdSs4dXZVY1dNcEtCMHM2eEdJTm9ORmNMY2FnUFcyWlRuMTV6ZDZsZFpKKzBCalpvOHI3Q24zCkMyd1VsYm9nUEZIdjQ5UWJRNzhUVDV3bm1xK2NqeUVLdjZ2ZjZkbnZBb0dBY1pZc3NQRVF5aTZrNUlGalYvYVYKNjUySTdJUkpmcnJPWm9RamlweWoxUXBJRWY5NndtS1BYZ0pISEhwZ3lETWYwck1pYlJoS2xuZTlSTkt5cXB3aApiQVFaSG9kckZkcXpFOXhPcC9lUnZCVU5FUUwwS1BNa0pMbDEvTmFoa1BwUHdqZSsyZXR3VnhueGxaQmJxTUYrCmVzTUphbXN1SlJOcEpDWmZ5d3l2U1VNQ2dZQkVMTmVKaU1xZXk2a245M0pGWnRQUFpOMitKTUJzNVUvSkpWMGcKRzFSeEVJVlozQU9qM0JRdzdGSGdDTVBYSE5KdHVYZG9wc2pjWCtrNWluS3dpcWRwVlltMGNnL2FRWDh1UERSbQpZY2swTUMyRk1LeDZyY0xmUXI4M3MvRzdRZ1AvM0JOTGMzS2dMYkR5QlA0VS9TT1UwM1J6dkNLM0E1d2NnZUdBCkRhdU9zUUtCZ0g1WEtuYzU0bWRaMzBnN0hhUlF4T1BvZWRKK21zVjlCQnpYR2hpVUFtcWhva2dpc2dVRmQ5Y24KczNCcVYxektSY1V1UEVhc3RsRTdtaVpUSFhESklOeGp5cDdLd0xtK2M0YVJzemhXTUF1NzRsbDZ5QWMwak91WAo0cnVBdVBrY0pIbzhhRSsvY3I5NXo1MlZRRDVVdTgwWDU5R21HMnFsZ015ZFRLKys5RGlkCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF47AJ+MgAFWC41MDkAAAUMMIIFCDCCAvACCQDAKTWpEAiIxTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTAeFw0yMTA0MTkyMTE1NTJaFw0yNDAyMDcyMTE1NTJaMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuslCZXjSmVZQcJnC1ZGXSZGpjxGJ8trpiuF6Y2HgaWktPsP3uE3GVzjvtAJnz70cpb4pOZEK3u3W+NuQLw+XlDi5XHyDuScLIyGv1J1YmeSRVAQ4jCXhBiqNQqy+1YaAJpl2InsK1FwlWiC4ZoHwfyBsV65PH8viA2HcrPBahLSscBgYJ4kMpBFjXc6eEyZWFO6eYN/3Gb8KmT3VhgBdDxfrlXrpJwDjAuWWWaZ1gxsNbe4d2BMXRcjAGwTzObtBqECrqbKNtzKVLNkCo5VO2SdIWmi9x9oD+eppuPOvMornNd32b8KWxPLucP1ZchhrcwGOWSYEkhNrLDhpX+tKUFM4d6EGdEv4yA4gIx4JN4MvBa6onM5HUmXGmvr0OkBnbsi/Zk77c/jmDkL53n/jG1V5BR3kLnt04h4xhyiK6ITNmNR5HNSdlzhKT/qdneqIYoAVIQvHC/wUA3B+B3uurhtr9a6cLYvya9WBANJgQDLcSXDa6zBlvaPz7XtROaMKkY4U6FCn0r7a12r154CYWwjxkYN4r7ebxw9wgVa0GkRFsMGVEZ/vCiB4q3LHvtAu4mRYBb1srMZ15fUTn0DQn5RL65FwTpt1BRfiUHhXuNWRDzdqyoRcihP25YTWPcyW4AZGFstTCZHoK/sSS6+/E7zVlvt3ZKrpyXhNNI3QG3sCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAeOoVwAXAko+XDdRePouvNdHRGFNEq67H/0F9yCCms5d7iMW1X5da37ukYe3TCWMYFP6J2HGBdbL8IZpnro4s2IPH2Ez0VgaY95N6iBkZEdClPshGKcrlEkgeCA5gA+IK28pl9OXJtf2U4DGL0LAGDun87+wPLuDRVkp4SdEzVYGRxy5Y0IiuoYipzpj1AJ7E9g3ulwGkWnt2Np/7paNwAmED3g/IHIdyw3fyVbHJgPjsFsRnuLJghwKs95WP92fagJYnuoj6RTo4bo6z6z1wYvQzyzxT1mpgThm0FyqSOeyuJ+f+tctJbnc6afMteloDKJBfAPNDN7cuQ8agaj7RcqkKKndOPOqxZ/G6TyqR1MDQg5mBlbWV7ejoBAQwhno6r8fNRejVVmkEZ7F+BLGSWJ2xPGwGcEHuoDvtAjSoVlrELSRVjOKUMFwiT9g7WArldkXWYZw7nzfifvo3KhLjYmOWZKhzk4+8NnyaslI5jCTev0wBEBJ5Xwj8me8/xK3Mu/VQjzIGO5bHTcTfXOCZcdQTQI65fA8yDidW7ZP2Dn4yMk4mrIjGxu3qj9daxKhvvCAOhbxyTZfCbci1bWEU5ochTu7csBX4MlYlhYpzitsfyndyFaL9WjX8up4y90PxOO3SClt0lltfy/NXHCZZj56cmKp6FctclPoiptTIRqJdoke9keGfFxrWEUmg0Pk60kFs3A== ---- -apiVersion: v1 -kind: Secret -metadata: - name: zookeeper-generated-jks -type: kubernetes.io/tls -data: - ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZDRENDQXZBQ0NRREFLVFdwRUFpSXhUQU5CZ2txaGtpRzl3MEJBUXNGQURCR01Rc3dDUVlEVlFRR0V3SkQKU0RFT01Bd0dBMVVFQ2d3RlJIVm1jbmt4RlRBVEJnTlZCQXNNREVsdWMybG5hSFJ6SUZCUFF6RVFNQTRHQTFVRQpBd3dIVW05dmRDQkRRVEFlRncweU1UQTBNVGt5TVRFMU5USmFGdzB5TkRBeU1EY3lNVEUxTlRKYU1FWXhDekFKCkJnTlZCQVlUQWtOSU1RNHdEQVlEVlFRS0RBVkVkV1p5ZVRFVk1CTUdBMVVFQ3d3TVNXNXphV2RvZEhNZ1VFOUQKTVJBd0RnWURWUVFEREFkU2IyOTBJRU5CTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQwpBZ0VBdXNsQ1pYalNtVlpRY0puQzFaR1hTWkdwanhHSjh0cnBpdUY2WTJIZ2FXa3RQc1AzdUUzR1Z6anZ0QUpuCno3MGNwYjRwT1pFSzN1M1crTnVRTHcrWGxEaTVYSHlEdVNjTEl5R3YxSjFZbWVTUlZBUTRqQ1hoQmlxTlFxeSsKMVlhQUpwbDJJbnNLMUZ3bFdpQzRab0h3ZnlCc1Y2NVBIOHZpQTJIY3JQQmFoTFNzY0JnWUo0a01wQkZqWGM2ZQpFeVpXRk82ZVlOLzNHYjhLbVQzVmhnQmREeGZybFhycEp3RGpBdVdXV2FaMWd4c05iZTRkMkJNWFJjakFHd1R6Ck9idEJxRUNycWJLTnR6S1ZMTmtDbzVWTzJTZElXbWk5eDlvRCtlcHB1UE92TW9ybk5kMzJiOEtXeFBMdWNQMVoKY2hocmN3R09XU1lFa2hOckxEaHBYK3RLVUZNNGQ2RUdkRXY0eUE0Z0l4NEpONE12QmE2b25NNUhVbVhHbXZyMApPa0JuYnNpL1prNzdjL2ptRGtMNTNuL2pHMVY1QlIza0xudDA0aDR4aHlpSzZJVE5tTlI1SE5TZGx6aEtUL3FkCm5lcUlZb0FWSVF2SEMvd1VBM0IrQjN1dXJodHI5YTZjTFl2eWE5V0JBTkpnUURMY1NYRGE2ekJsdmFQejdYdFIKT2FNS2tZNFU2RkNuMHI3YTEycjE1NENZV3dqeGtZTjRyN2VieHc5d2dWYTBHa1JGc01HVkVaL3ZDaUI0cTNMSAp2dEF1NG1SWUJiMXNyTVoxNWZVVG4wRFFuNVJMNjVGd1RwdDFCUmZpVUhoWHVOV1JEemRxeW9SY2loUDI1WVRXClBjeVc0QVpHRnN0VENaSG9LL3NTUzYrL0U3elZsdnQzWktycHlYaE5OSTNRRzNzQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQWdFQWVPb1Z3QVhBa28rWERkUmVQb3V2TmRIUkdGTkVxNjdILzBGOXlDQ21zNWQ3aU1XMQpYNWRhMzd1a1llM1RDV01ZRlA2SjJIR0JkYkw4SVpwbnJvNHMySVBIMkV6MFZnYVk5NU42aUJrWkVkQ2xQc2hHCktjcmxFa2dlQ0E1Z0ErSUsyOHBsOU9YSnRmMlU0REdMMExBR0R1bjg3K3dQTHVEUlZrcDRTZEV6VllHUnh5NVkKMElpdW9ZaXB6cGoxQUo3RTlnM3Vsd0drV250Mk5wLzdwYU53QW1FRDNnL0lISWR5dzNmeVZiSEpnUGpzRnNSbgp1TEpnaHdLczk1V1A5MmZhZ0pZbnVvajZSVG80Ym82ejZ6MXdZdlF6eXp4VDFtcGdUaG0wRnlxU09leXVKK2YrCnRjdEpibmM2YWZNdGVsb0RLSkJmQVBORE43Y3VROGFnYWo3UmNxa0tLbmRPUE9xeFovRzZUeXFSMU1EUWc1bUIKbGJXVjdlam9CQVF3aG5vNnI4Zk5SZWpWVm1rRVo3RitCTEdTV0oyeFBHd0djRUh1b0R2dEFqU29WbHJFTFNSVgpqT0tVTUZ3aVQ5ZzdXQXJsZGtYV1ladzduemZpZnZvM0toTGpZbU9XWktoems0KzhObnlhc2xJNWpDVGV2MHdCCkVCSjVYd2o4bWU4L3hLM011L1ZRanpJR081YkhUY1RmWE9DWmNkUVRRSTY1ZkE4eURpZFc3WlAyRG40eU1rNG0KcklqR3h1M3FqOWRheEtodnZDQU9oYnh5VFpmQ2JjaTFiV0VVNW9jaFR1N2NzQlg0TWxZbGhZcHppdHNmeW5keQpGYUw5V2pYOHVwNHk5MFB4T08zU0NsdDBsbHRmeS9OWEhDWlpqNTZjbUtwNkZjdGNsUG9pcHRUSVJxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - csr.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJRGJ6Q0NBbGNDQVFBd1NERUxNQWtHQTFVRUJoTUNRMGd4RGpBTUJnTlZCQW9UQlVSMVpuSjVNUlV3RXdZRApWUVFMRXd4SmJuTnBaMmgwY3lCUVQwTXhFakFRQmdOVkJBTVRDWHB2YjJ0bFpYQmxjakNDQVNJd0RRWUpLb1pJCmh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTWp2RlhTSDQ1YmRRb1NsUjNxekhkSjliWjJZZU5PZXhYYjcKSmdiOXpIKzlJT1BIaTFFOEJrbFZHRVFJOS82RUlNckVDaSsrWmRqS01Kc01jS25KazBBc2VjU3BlRVdhS0dhMQo0TEwyVTg2YzNqRHB3bG45SUxFWmd3OTNEWXBpYmNOcEFsbW5BUmVOZDdoaFczdStpKzVsS0JGT2dXbVR3WHhsCktNOUZhL1BlbGFZc1ZXTVlpa1ZGbmNRNjg3WnpWejZqenlsb2p1QjJwK3JudHZ0Vkg2RFpGQ2xUekdsY2xJSnIKRXRFNHVNMm1DbW9BSmVRUHhDVWxWZmJGbS9GYUlSbFJ5cUE4WUZQT1gxUmlYdlJ0dXBxblh0eHhaTWhIWkRyTQpmOXBpaTRKL2lmQUx0RTIvZFB2ekViclQ5UzM2dkVKekphRVFML2lhVjQ0RFR5YTlycFVDQXdFQUFhQ0I0VENCCjNnWUpLb1pJaHZjTkFRa09NWUhRTUlITk1JSEtCZ05WSFJFRWdjSXdnYitDQ1hwdmIydGxaWEJsY29JVGVtOXYKYTJWbGNHVnlMbU52Ym1ac2RXVnVkSUlYZW05dmEyVmxjR1Z5TG1OdmJtWnNkV1Z1ZEM1emRtT0NKWHB2YjJ0bApaWEJsY2k1amIyNW1iSFZsYm5RdWMzWmpMbU5zZFhOMFpYSXViRzlqWVd5Q0ZTb3VlbTl2YTJWbGNHVnlMbU52CmJtWnNkV1Z1ZElJbktpNTZiMjlyWldWd1pYSXVZMjl1Wm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnMKZ2gwcUxtTnZibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQwpBUUVBSEJqN2x0Uk9Nc1FVTWlVOUZZUFRQSTJ5NW1iQlk3WGNZNk9tVUE0ampLZ1hZVFlrSU5Cc1htcFBZTGw1CmtRTVR0VTNFSUZrdklwUEVLUE0vTFFLSjNlcHkwUTMybmh6TWFTaTdUdWg2WmpyUzRaMGxvVmpRZU9TTzJ6QVcKaGgvdU15TFBrWUlTbndZbVpqeSsrMDBYeDhRYnlNMjZtVE5FNUt4d2dNaU9HbG1ON2tvU1JGWTdob3BmcWJWeApGUVBGMUpyNm5DTFV0bTRFMVZvN0tMQVJpbGo3QXVmSGNoYVpmZ3RiS2U5Q25mQTc5cTJpYkdtbDNncDEycTZVClZkUWVLUzU1eGJvUDdBc0VycmtwR3UzQm9xMjk0RGJtTW1lV3ovYW9IdDl4N29vRFBGNW9TYlF4eVRkcUNmWXcKSnpNY3Q1Z2l0cjluRGRwNFc5WkxSbEdMWlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K - jksPassword.txt: amtzUGFzc3dvcmQ9bXlzdG9yZXBhc3N3b3Jk - keystore.jks: /u3+7QAAAAIAAAACAAAAAQALY2VydGlmaWNhdGUAAAF5EqeFjgAABQEwggT9MA4GCisGAQQBKgIRAQEFAASCBOkcB/nfvwtr736A0LeqwWYJXKcMrOGsloCjEpUx2PIsz3f+CGcsbMp1mYGxsgXflHxRpfDgqhFdpwjbVIfQ0zvb4p5S/oWePL5vcynIAxAcqO6rsK08cHmN+AE2R+u5kBh0tqFW/cyl0aUA7GcNlojgoazZavgWHPhh9yqHSA/5lUOlGky6sYFhty2o7NJHDhWd++WRnEssifDmmHHEkv36EaVKpsWtgwYz5EwFWTi2CUl4K5Z0/ZmvMJqSGyMq3Dehl1y1jrwogdwEWQk7kgjcwP00NIEkAWj1OUm0P43wLahMFoxQfpLCEuZABPSePPh52AFQ9EA6x9k4+j/DZ4d9e3i6rWpFiJeCekvJt+8nvxFVa0H+d7V6cBP84NHZWfNtv5vfUdB4yIaonvkCpgvmX0QYrco1S45dc7A54HKW14FcbZmARQl+NBsyhkDR4ykqlG/fr+as2mfIGh3CQBgvNNEsRGvDEaa9yPvLTzDk7b7h6VgGYv/vLNHuwXV3KBgFvN5XMvI66iByU7f/Gep8rj1VpHr7D9uTTkusdxz8b8+DGJUQ1lq+yb1OgjKkEdpQhc/Dm4HEvXUP2A+044MH+Z6WfsYV80w5r76wG2lDsVAOXnkvyjNa0GaertgzagKMyzreT6XXtBpl7xkzsTx1Kresoz5lq0JBuEc97MRThRaQLy2sMK0/3K6K2XT6WcAPdsU7mAZb8Z4RktV0Zoj+ey1esLUTyV81uniZ8tV4pO60m9aNkm1c3FMx2xA/ruPGr9+WceQQ+bjPcmpuLM7bicrhnYTaPRmMfHsK2Bq1C9qMwvLXnQ/6jubL+CjkdR9T8WiY8SauC6FDJ2Z+a8NAZqK5E7eDFKEcKMiDt7Y7YUuF8DAkFYdvp/Pf+/k+aPI1CkZclMzIcngXwokh7aRX5PHJh+WjZa8JbG4zjupspl9m2E1WNgSGyAzeCFBtJk/S7rbK8N/vTuaaN0jXJ5kpGdTjGX6wOdGQhkfWp1FPssciLZxmvfMkU4dxanOlIDIGk7Cba+vXAIMdTbn3Ztj6BQOZI6hCi/PuRbJT6F0kc9XoWXoLvPKCg2mJVXwx1/iExMTYF0awaEQR9s30Q9f85BGy9YERk4kiKjsy4m+CcwkdjC/2aDPrB2oVdGFDvKWamPAfQuoMcfLoXdznpR2+WmLvT/zLEA37a0sfF5hX2AFDtUS/ntwCQxVpEb0nl/8nxf/g+EN28fkxEAK8tjPupU9O+9Ze4sT9Hw/2V9ddvUDLpWSqeEmvQxcB6M9wBzUlbSQ8GTftWuLS9XIRLS1mldVrNoG9BYqDeeDqeI7zomwpOSaCND4Ey12JbeFdUgWENn9lmvDJoQBkoOtMutTSrLmyDjS16j+7/ZH5dmrcijBnBAkT4nDa53fmuq8NGWVkxv5XjrF37Wj59wwPNJ1GaYOSRGRKoNRb8rEciPuFh8voGBgewZmcwuAC3XQpgq+bdXbLUghdFRA0ON1/Al1Nd0ZRTdxiqaJ8wsPnFu6y+ygcC8OIzuSj3ezmjq+ds+ci+fQOIj04jVBIMgAii2fAohm+RlGjA8xnytmkq7l+V+hYMlB42gj+f8WbefK019SYEjAOgWn9Z/pHbzgzIGAd9JYFLpyrTW3cwjHEDzDtB3EHJCEpDJdKDAE5IF8QhrklgKfyP+MxngwAAAABAARYNTA5AAAFLDCCBSgwggMQoAMCAQICEGdpJ7rgx1Lwc4iZOyigcn4wDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDI3MDkyNzE5WhcNMjIwNDIyMDkyNzE5WjBIMQswCQYDVQQGEwJDSDEOMAwGA1UEChMFRHVmcnkxFTATBgNVBAsTDEluc2lnaHRzIFBPQzESMBAGA1UEAxMJem9va2VlcGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyO8VdIfjlt1ChKVHerMd0n1tnZh4057FdvsmBv3Mf70g48eLUTwGSVUYRAj3/oQgysQKL75l2MowmwxwqcmTQCx5xKl4RZooZrXgsvZTzpzeMOnCWf0gsRmDD3cNimJtw2kCWacBF413uGFbe76L7mUoEU6BaZPBfGUoz0Vr896VpixVYxiKRUWdxDrztnNXPqPPKWiO4Han6ue2+1UfoNkUKVPMaVyUgmsS0Ti4zaYKagAl5A/EJSVV9sWb8VohGVHKoDxgU85fVGJe9G26mqde3HFkyEdkOsx/2mKLgn+J8Au0Tb90+/MRutP1Lfq8QnMloRAv+JpXjgNPJr2ulQIDAQABo4IBDjCCAQowDgYDVR0PAQH/BAQDAgKkMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMIHKBgNVHREEgcIwgb+CCXpvb2tlZXBlcoITem9va2VlcGVyLmNvbmZsdWVudIIXem9va2VlcGVyLmNvbmZsdWVudC5zdmOCJXpvb2tlZXBlci5jb25mbHVlbnQuc3ZjLmNsdXN0ZXIubG9jYWyCFSouem9va2VlcGVyLmNvbmZsdWVudIInKi56b29rZWVwZXIuY29uZmx1ZW50LnN2Yy5jbHVzdGVyLmxvY2Fsgh0qLmNvbmZsdWVudC5zdmMuY2x1c3Rlci5sb2NhbDANBgkqhkiG9w0BAQsFAAOCAgEAc/mIXN8mtOfOY+/yEVKUEi01ZC0qyEg0frpdHQJjeaenynKyvVEbQUHQ4UT6Of4IS4Q1FunsLCvqWMLe0hkFmuj59sK+CtwKfq5cc2jTlq1BACyTJB/peTsJHUL/CQKenMlRJMJS64tRDzYIdndQSG4M0LRrfnuiw6nkPIBNhb0Ud4hv3Fu4W2TKADGGGdfxd5gGCwB6o4hMp0/0Xaj9Mks5fqQq1Gc8AeLDTnw8GgZmUzBuH071rJxM5nENAlzP2mb/FqbbwmYkZArAslTFh+ngfYa/p7YzYxsKrS6Al22IncYwk26bs8f0fMnrlClj/4BJw6PishPY2p7HuChtLEkeUG+8ITBYLUeEvHlqZ3D7cYYbtbwYkqTNRx16sNe3cYGBSpDtbT/+89CUPGdWEKckaKCKXx+LYSy8nJrmJ4yEnuixRZgdqv8fptFabZqCKjQDGJF1gr/xgobyg12k75rE6oSIrZpfG/fAagRXADRQwWU/krtKMvh6kJh3HK8JxsuYBshsK43fdBgm3Y+aCteS80SdiZGkYelM3LLMxba7tA2JlPiMTMRK2eFgzjhy9Zu4sStFLentbNAUUJtT+xRP+Y1g0e1qgu9zprH91hdX6b2StyV3MIilbmrZ23XNYFEZH3cHiqMXuCyFICh7IllqYLxVd/r5FlURFHSuqYEAAAACAAJjYQAAAXkSp4WPAARYNTA5AAAFDDCCBQgwggLwAgkAwCk1qRAIiMUwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMjEwNDE5MjExNTUyWhcNMjQwMjA3MjExNTUyWjBGMQswCQYDVQQGEwJDSDEOMAwGA1UECgwFRHVmcnkxFTATBgNVBAsMDEluc2lnaHRzIFBPQzEQMA4GA1UEAwwHUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALrJQmV40plWUHCZwtWRl0mRqY8RifLa6YrhemNh4GlpLT7D97hNxlc477QCZ8+9HKW+KTmRCt7t1vjbkC8Pl5Q4uVx8g7knCyMhr9SdWJnkkVQEOIwl4QYqjUKsvtWGgCaZdiJ7CtRcJVoguGaB8H8gbFeuTx/L4gNh3KzwWoS0rHAYGCeJDKQRY13OnhMmVhTunmDf9xm/Cpk91YYAXQ8X65V66ScA4wLlllmmdYMbDW3uHdgTF0XIwBsE8zm7QahAq6myjbcylSzZAqOVTtknSFpovcfaA/nqabjzrzKK5zXd9m/ClsTy7nD9WXIYa3MBjlkmBJITayw4aV/rSlBTOHehBnRL+MgOICMeCTeDLwWuqJzOR1Jlxpr69DpAZ27Iv2ZO+3P45g5C+d5/4xtVeQUd5C57dOIeMYcoiuiEzZjUeRzUnZc4Sk/6nZ3qiGKAFSELxwv8FANwfgd7rq4ba/WunC2L8mvVgQDSYEAy3Elw2uswZb2j8+17UTmjCpGOFOhQp9K+2tdq9eeAmFsI8ZGDeK+3m8cPcIFWtBpERbDBlRGf7wogeKtyx77QLuJkWAW9bKzGdeX1E59A0J+US+uRcE6bdQUX4lB4V7jVkQ83asqEXIoT9uWE1j3MluAGRhbLUwmR6Cv7EkuvvxO81Zb7d2Sq6cl4TTSN0Bt7AgMBAAEwDQYJKoZIhvcNAQELBQADggIBAHjqFcAFwJKPlw3UXj6LrzXR0RhTRKuux/9BfcggprOXe4jFtV+XWt+7pGHt0wljGBT+idhxgXWy/CGaZ66OLNiDx9hM9FYGmPeTeogZGRHQpT7IRinK5RJIHggOYAPiCtvKZfTlybX9lOAxi9CwBg7p/O/sDy7g0VZKeEnRM1WBkccuWNCIrqGIqc6Y9QCexPYN7pcBpFp7djaf+6WjcAJhA94PyByHcsN38lWxyYD47BbEZ7iyYIcCrPeVj/dn2oCWJ7qI+kU6OG6Os+s9cGL0M8s8U9ZqYE4ZtBcqkjnsrifn/rXLSW53OmnzLXpaAyiQXwDzQze3LkPGoGo+0XKpCip3TjzqsWfxuk8qkdTA0IOZgZW1le3o6AQEMIZ6Oq/HzUXo1VZpBGexfgSxklidsTxsBnBB7qA77QI0qFZaxC0kVYzilDBcIk/YO1gK5XZF1mGcO5834n76NyoS42JjlmSoc5OPvDZ8mrJSOYwk3r9MARASeV8I/JnvP8StzLv1UI8yBjuWx03E31zgmXHUE0COuXwPMg4nVu2T9g5+MjJOJqyIxsbt6o/XWsSob7wgDoW8ck2Xwm3ItW1hFOaHIU7u3LAV+DJWJYWKc4rbH8p3chWi/Vo1/LqeMvdD8Tjt0gpbdJZbX8vzVxwmWY+enJiqehXLXJT6IqbUyEaieC/K8+LUymGYeLMd7VgAaaZu7jQ= - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZLRENDQXhDZ0F3SUJBZ0lRWjJrbnV1REhVdkJ6aUprN0tLQnlmakFOQmdrcWhraUc5dzBCQVFzRkFEQkcKTVFzd0NRWURWUVFHRXdKRFNERU9NQXdHQTFVRUNnd0ZSSFZtY25reEZUQVRCZ05WQkFzTURFbHVjMmxuYUhSegpJRkJQUXpFUU1BNEdBMVVFQXd3SFVtOXZkQ0JEUVRBZUZ3MHlNVEEwTWpjd09USTNNVGxhRncweU1qQTBNakl3Ck9USTNNVGxhTUVneEN6QUpCZ05WQkFZVEFrTklNUTR3REFZRFZRUUtFd1ZFZFdaeWVURVZNQk1HQTFVRUN4TU0KU1c1emFXZG9kSE1nVUU5RE1SSXdFQVlEVlFRREV3bDZiMjlyWldWd1pYSXdnZ0VpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREk3eFYwaCtPVzNVS0VwVWQ2c3gzU2ZXMmRtSGpUbnNWMit5WUcvY3gvCnZTRGp4NHRSUEFaSlZSaEVDUGYraENES3hBb3Z2bVhZeWpDYkRIQ3B5Wk5BTEhuRXFYaEZtaWhtdGVDeTlsUE8Kbk40dzZjSlovU0N4R1lNUGR3MktZbTNEYVFKWnB3RVhqWGU0WVZ0N3ZvdnVaU2dSVG9GcGs4RjhaU2pQUld2egozcFdtTEZWakdJcEZSWjNFT3ZPMmMxYytvODhwYUk3Z2RxZnE1N2I3VlIrZzJSUXBVOHhwWEpTQ2F4TFJPTGpOCnBncHFBQ1hrRDhRbEpWWDJ4WnZ4V2lFWlVjcWdQR0JUemw5VVlsNzBiYnFhcDE3Y2NXVElSMlE2ekgvYVlvdUMKZjRud0M3Uk52M1Q3OHhHNjAvVXQrcnhDY3lXaEVDLzRtbGVPQTA4bXZhNlZBZ01CQUFHamdnRU9NSUlCQ2pBTwpCZ05WSFE4QkFmOEVCQU1DQXFRd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHCkExVWRFd0VCL3dRQ01BQXdnY29HQTFVZEVRU0J3akNCdjRJSmVtOXZhMlZsY0dWeWdoTjZiMjlyWldWd1pYSXUKWTI5dVpteDFaVzUwZ2hkNmIyOXJaV1Z3WlhJdVkyOXVabXgxWlc1MExuTjJZNElsZW05dmEyVmxjR1Z5TG1OdgpibVpzZFdWdWRDNXpkbU11WTJ4MWMzUmxjaTVzYjJOaGJJSVZLaTU2YjI5clpXVndaWEl1WTI5dVpteDFaVzUwCmdpY3FMbnB2YjJ0bFpYQmxjaTVqYjI1bWJIVmxiblF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDSFNvdVkyOXUKWm14MVpXNTBMbk4yWXk1amJIVnpkR1Z5TG14dlkyRnNNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUJ6K1loYwozeWEwNTg1ajcvSVJVcFFTTFRWa0xTcklTRFIrdWwwZEFtTjVwNmZLY3JLOVVSdEJRZERoUlBvNS9naExoRFVXCjZld3NLK3BZd3Q3U0dRV2E2UG4yd3I0SzNBcCtybHh6YU5PV3JVRUFMSk1rSCtsNU93a2RRdjhKQXA2Y3lWRWsKd2xMcmkxRVBOZ2gyZDFCSWJnelF0R3QrZTZMRHFlUThnRTJGdlJSM2lHL2NXN2hiWk1vQU1ZWVoxL0YzbUFZTApBSHFqaUV5blQvUmRxUDB5U3psK3BDclVaendCNHNOT2ZEd2FCbVpUTUc0ZlR2V3NuRXptY1EwQ1hNL2FadjhXCnB0dkNaaVJrQ3NDeVZNV0g2ZUI5aHIrbnRqTmpHd3F0TG9DWGJZaWR4akNUYnB1engvUjh5ZXVVS1dQL2dFbkQKbytLeUU5amFuc2U0S0cwc1NSNVFiN3doTUZndFI0UzhlV3BuY1B0eGhodTF2QmlTcE0xSEhYcXcxN2R4Z1lGSwprTzF0UC83ejBKUThaMVlRcHlSb29JcGZINHRoTEx5Y211WW5qSVNlNkxGRm1CMnEveCttMFZwdG1vSXFOQU1ZCmtYV0N2L0dDaHZLRFhhVHZtc1RxaElpdG1sOGI5OEJxQkZjQU5GREJaVCtTdTBveStIcVFtSGNjcnduR3k1Z0cKeUd3cmpkOTBHQ2JkajVvSzE1THpSSjJKa2FSaDZVemNzc3pGdHJ1MERZbVUrSXhNeEVyWjRXRE9PSEwxbTdpeApLMFV0NmUxczBCUlFtMVA3RkUvNWpXRFI3V3FDNzNPbXNmM1dGMWZwdlpLM0pYY3dpS1Z1YXRuYmRjMWdVUmtmCmR3ZUtveGU0TElVZ0tIc2lXV3BndkZWMyt2a1dWUkVVZEs2cGdRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRREk3eFYwaCtPVzNVS0UKcFVkNnN4M1NmVzJkbUhqVG5zVjIreVlHL2N4L3ZTRGp4NHRSUEFaSlZSaEVDUGYraENES3hBb3Z2bVhZeWpDYgpESENweVpOQUxIbkVxWGhGbWlobXRlQ3k5bFBPbk40dzZjSlovU0N4R1lNUGR3MktZbTNEYVFKWnB3RVhqWGU0CllWdDd2b3Z1WlNnUlRvRnBrOEY4WlNqUFJXdnozcFdtTEZWakdJcEZSWjNFT3ZPMmMxYytvODhwYUk3Z2RxZnEKNTdiN1ZSK2cyUlFwVTh4cFhKU0NheExST0xqTnBncHFBQ1hrRDhRbEpWWDJ4WnZ4V2lFWlVjcWdQR0JUemw5VQpZbDcwYmJxYXAxN2NjV1RJUjJRNnpIL2FZb3VDZjRud0M3Uk52M1Q3OHhHNjAvVXQrcnhDY3lXaEVDLzRtbGVPCkEwOG12YTZWQWdNQkFBRUNnZ0VBYWh3ZjkyNy9tQjcyVHJnOW5DVlUzV0NSYjRVaVlaYlo3ckJJYjY2OXZNTnkKeC9jTHNuV0JXRjZRdHZVSmlhWGE3MWxCaTk3L1I5SFdnenE1a0dBNzI4cmc3eU1UdWFYa0tnRm9UUG5hWGlUbgpEV3VVMEJMbG5jQzhQb0YvYkJINHB4WWdRSm41OEtjcmp2b1M1ckZFa2p0blFtUno0UDQvVW1MVmYwZkk3M292ClkrUll3UCtXVjhXcHBlbjdETk00VE41T2dsVTZQUVNpcDhhRXdHWUxjZS9BTVV4TnhrWjZsVmtFZ2NLaStWdXYKTTI4YUZiV1A0bk5zWjEwQnIvZTVYSHluakV6MkxtZ1J3RGdYMTloUy9VYWc3KzFqTGwrNjMzZGhNTkR1U0lQZApOdm9rNlVSWGZPbVh2dnpBd1dvWnU1b3krSUtGL3pJSVNQNVdCT0xGb1FLQmdRRGNFT3JMUWw5UUIyZkxJYldCCjRhUU90Y0w3U3hRRGpPRGxPeHFCbjJIUzlFbFV2T1NjNklPVmp3WUlscmRBemh2VFM3d2FERExpbFQ5QzhKSngKRUdxV3IxNCt2bkZSbGdZYkgrU09kOGxOczFETklTMHFyZ1FPNlo2NjcvUW5JMjUwLzhsWitNVGFNMEk5YThhaQp5T2JtSjBRZzQwUDVpT3RCYjlVaFlRMVUyUUtCZ1FEcHZtb1hrNXBDOEJLelJJUTlQWm1RNUFUQ1VYai8yeE5ICi81VmZZYmJQQSt6U2ZoS0NUcnRNWGtMTStlMzMvcHBmbWNiL1c4M2wzOW1Kb01Vd2tTdnk2bjZ5YjJHYWdOL0wKZkRTc1ZxNFlLdUhiN1FmVWp6ZGtqNHBVVTJabkZTMkVmaDFhc3VHR0F2TEN0dklMUGh5UVNmS1BLMlRyRmY3OQo1STNFNDhCaUhRS0JnUUNmS2YwbmxaR3FLREVCMGhlZElMMnZoZmJJR2IwWDlFU1VodkxjM1pHN0tjUC83YjdMClhjQU40NnZSZW5DQUJwSkplSFZMd1pic0dsWHU3R0IrTmdsaGd1VC9MRzU1TzdDZTNhcEpBSW93RUlsWVU2NS8KTit6bmZFQzVvK05LaTIzUVlWQVlLcnoxdEMwc2owN1RYY3JpbTNQQzlaeXNWa01ReVBtMWNxUlp3UUtCZ0VWUgpGWTgyVTNua1RmZGhxMEdxQWQ5bzcweGM4dUFWTEt1ZVRNTERiSDRKc1BKZk5zZno1ekZuaHJIWXNFeHA4WWZHClI3QTBubU84Tlh2TjlJeEprTm54MW02OS94amRmUUNRTGVLcHRla3UxbG5zK2ZSOElEWXZKeHVJdkFaM3prN0wKUTVOQkZ3WXgyNklJdE5ER3M1dktnaWNZL0UyRzhWNkRwOU1xbzBPMUFvR0FKUEU1M0t0NnFDazhJT1BhYkN2ZwpHVHJXbGMvOVN4b3prb1NyMzZIc3JaZHcva2wvRHhMc0tnL0JsK0swb3NVMy9oZTl0N2tRUWFxTVNqWUp5WG1oCndvOUFjMnpWcHR4SzZtWStaNklmQ3ord21kVW1VVSt3cnNIbFoyWlNxaVdUMHZ4Ujl0a1d0eHVUWTZTZHk3NGsKMlJ5UmdNVHo0UC9FV2pzRkVubnJDMDg9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K - truststore.jks: /u3+7QAAAAIAAAABAAAAAgACY2EAAAF5EqeFjwAEWDUwOQAABQwwggUIMIIC8AIJAMApNakQCIjFMA0GCSqGSIb3DQEBCwUAMEYxCzAJBgNVBAYTAkNIMQ4wDAYDVQQKDAVEdWZyeTEVMBMGA1UECwwMSW5zaWdodHMgUE9DMRAwDgYDVQQDDAdSb290IENBMB4XDTIxMDQxOTIxMTU1MloXDTI0MDIwNzIxMTU1MlowRjELMAkGA1UEBhMCQ0gxDjAMBgNVBAoMBUR1ZnJ5MRUwEwYDVQQLDAxJbnNpZ2h0cyBQT0MxEDAOBgNVBAMMB1Jvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6yUJleNKZVlBwmcLVkZdJkamPEYny2umK4XpjYeBpaS0+w/e4TcZXOO+0AmfPvRylvik5kQre7db425AvD5eUOLlcfIO5JwsjIa/UnViZ5JFUBDiMJeEGKo1CrL7VhoAmmXYiewrUXCVaILhmgfB/IGxXrk8fy+IDYdys8FqEtKxwGBgniQykEWNdzp4TJlYU7p5g3/cZvwqZPdWGAF0PF+uVeuknAOMC5ZZZpnWDGw1t7h3YExdFyMAbBPM5u0GoQKupso23MpUs2QKjlU7ZJ0haaL3H2gP56mm4868yiuc13fZvwpbE8u5w/VlyGGtzAY5ZJgSSE2ssOGlf60pQUzh3oQZ0S/jIDiAjHgk3gy8FrqiczkdSZcaa+vQ6QGduyL9mTvtz+OYOQvnef+MbVXkFHeQue3TiHjGHKIrohM2Y1Hkc1J2XOEpP+p2d6ohigBUhC8cL/BQDcH4He66uG2v1rpwti/Jr1YEA0mBAMtxJcNrrMGW9o/Pte1E5owqRjhToUKfSvtrXavXngJhbCPGRg3ivt5vHD3CBVrQaREWwwZURn+8KIHircse+0C7iZFgFvWysxnXl9ROfQNCflEvrkXBOm3UFF+JQeFe41ZEPN2rKhFyKE/blhNY9zJbgBkYWy1MJkegr+xJLr78TvNWW+3dkqunJeE00jdAbewIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB46hXABcCSj5cN1F4+i6810dEYU0Srrsf/QX3IIKazl3uIxbVfl1rfu6Rh7dMJYxgU/onYcYF1svwhmmeujizYg8fYTPRWBpj3k3qIGRkR0KU+yEYpyuUSSB4IDmAD4grbymX05cm1/ZTgMYvQsAYO6fzv7A8u4NFWSnhJ0TNVgZHHLljQiK6hiKnOmPUAnsT2De6XAaRae3Y2n/ulo3ACYQPeD8gch3LDd/JVscmA+OwWxGe4smCHAqz3lY/3Z9qAlie6iPpFOjhujrPrPXBi9DPLPFPWamBOGbQXKpI57K4n5/61y0ludzpp8y16WgMokF8A80M3ty5DxqBqPtFyqQoqd0486rFn8bpPKpHUwNCDmYGVtZXt6OgEBDCGejqvx81F6NVWaQRnsX4EsZJYnbE8bAZwQe6gO+0CNKhWWsQtJFWM4pQwXCJP2DtYCuV2RdZhnDufN+J++jcqEuNiY5ZkqHOTj7w2fJqyUjmMJN6/TAEQEnlfCPyZ7z/Ercy79VCPMgY7lsdNxN9c4Jlx1BNAjrl8DzIOJ1btk/YOfjIyTiasiMbG7eqP11rEqG+8IA6FvHJNl8JtyLVtYRTmhyFO7tywFfgyViWFinOK2x/Kd3IVov1aNfy6njL3Q/E47dIKW3SWW1/L81ccJlmPnpyYqnoVy1yU+iKm1MhGonq6PS2Q0EZUlgvokUMUzxA3ONO3 ---- \ No newline at end of file diff --git a/kustomize/base/confluent/control-centre.yaml b/kustomize/base/confluent/control-centre.yaml index 1f21341..ca16b90 100644 --- a/kustomize/base/confluent/control-centre.yaml +++ b/kustomize/base/confluent/control-centre.yaml @@ -8,62 +8,9 @@ spec: probe: liveness: periodSeconds: 10 - failureThreshold: 60 - timeoutSeconds: 5 - readiness: - periodSeconds: 10 - failureThreshold: 60 - timeoutSeconds: 5 + failureThreshold: 5 + timeoutSeconds: 500 image: application: confluentinc/cp-enterprise-control-center-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 - dataVolumeCapacity: 20Gi - authorization: - type: rbac - tls: - autoGeneratedCerts: true - dependencies: - kafka: - bootstrapEndpoint: kafka.confluent.svc.cluster.local:9071 - authentication: - type: plain - jaasConfig: - secretRef: credential - tls: - enabled: true - mds: - endpoint: https://kafka.confluent.svc.cluster.local:8090 - tokenKeyPair: - secretRef: mds-token - authentication: - type: bearer - bearer: - secretRef: c3-mds-client - tls: - enabled: true - connect: - - name: connect - url: https://connect.confluent.svc.cluster.local:8083 - authentication: - type: basic - basic: - secretRef: c3-mds-client - tls: - enabled: true - ksqldb: - - name: ksqldb - url: https://ksqldb.confluent.svc.cluster.local:8088 - authentication: - type: basic - basic: - secretRef: c3-mds-client - tls: - enabled: true - schemaRegistry: - url: https://schemaregistry.confluent.svc.cluster.local:8081 - authentication: - type: basic - basic: - secretRef: c3-mds-client - tls: - enabled: true + dataVolumeCapacity: 10Gi \ No newline at end of file diff --git a/kustomize/base/confluent/kafka-connect.yaml b/kustomize/base/confluent/kafka-connect.yaml index 1d9ee05..5afbad7 100644 --- a/kustomize/base/confluent/kafka-connect.yaml +++ b/kustomize/base/confluent/kafka-connect.yaml @@ -6,35 +6,4 @@ spec: replicas: 1 image: application: confluentinc/cp-server-connect-operator:6.1.1.0 - init: confluentinc/cp-init-container-operator:6.1.1.0 - tls: - autoGeneratedCerts: true - authorization: - type: rbac - dependencies: - kafka: - bootstrapEndpoint: kafka.confluent.svc.cluster.local:9071 - authentication: - type: plain - jaasConfig: - secretRef: credential - tls: - enabled: true - mds: - authentication: - type: bearer - bearer: - secretRef: connect-mds-client - endpoint: https://kafka.confluent.svc.cluster.local:8090 - tls: - enabled: true - tokenKeyPair: - secretRef: mds-token - configOverrides: - server: - - group.id=connect-cluster - - config.storage.topic=_confluent-connect-configs - - offset.storage.topic=_confluent-connect-offsets - - status.storage.topic=_confluent-connect-status - # - rest.extension.classes=io.confluent.connect.security.ConnectSecurityExtension,io.confluent.connect.secretregistry.ConnectSecretRegistryExtension ---- \ No newline at end of file + init: confluentinc/cp-init-container-operator:6.1.1.0 \ No newline at end of file diff --git a/kustomize/base/confluent/kafka.yaml b/kustomize/base/confluent/kafka.yaml index c929437..e568be2 100644 --- a/kustomize/base/confluent/kafka.yaml +++ b/kustomize/base/confluent/kafka.yaml @@ -7,112 +7,4 @@ spec: image: application: confluentinc/cp-server-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 - dataVolumeCapacity: 40Gi - tls: - autoGeneratedCerts: true - listeners: - # internal listener is used to access the Kafka cluster from the same Kubernetes cluster, - # i.e. in the svc.cluster.local - internal: - authentication: - type: plain - jaasConfig: - secretRef: credential - tls: - enabled: true - # external listener exposes the Kafka bootstrap and brokers as LB endpoints - external: - authentication: - type: plain - jaasConfig: - secretRef: credential - tls: - enabled: true - authorization: - type: rbac - superUsers: - - User:kafka - services: - mds: - tls: - enabled: true - tokenKeyPair: - secretRef: mds-token - provider: - type: ldap - ldap: - address: ldap://ldap.tools.svc.cluster.local:389 - authentication: - type: simple - simple: - secretRef: credential - configurations: - groupNameAttribute: cn - groupObjectClass: group - groupMemberAttribute: member - groupMemberAttributePattern: CN=(.*),DC=test,DC=com - groupSearchBase: dc=test,dc=com - userNameAttribute: cn - userMemberOfAttributePattern: CN=(.*),DC=test,DC=com - userObjectClass: organizationalRole - userSearchBase: dc=test,dc=com - configOverrides: - server: - # the LDAP lookup is set by default to ONE_LEVEL -# - ldap.user.search.scope=2 -# - ldap.search.mode=GROUPS - - confluent.schema.registry.url=registry.production.svc.cluster.local:8081 - # Overwrite the default settings on the INTERNAL listener -# - listener.name.internal.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER -# - listener.name.internal.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; -# - listener.name.internal.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler -# - listener.name.internal.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; -# - listener.name.internal.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler -# - listener.name.internal.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler -# # Overwrite the default settings on the EXTERNAL listener -# - listener.name.external.sasl.enabled.mechanisms=PLAIN,OAUTHBEARER -# - listener.name.external.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required; -# - listener.name.external.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler -# - listener.name.external.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required publicKeyPath="/mnt/secrets/mds-token/mdsPublicKey.pem"; -# - listener.name.external.oauthbearer.sasl.login.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerServerLoginCallbackHandler -# - listener.name.external.oauthbearer.sasl.server.callback.handler.class=io.confluent.kafka.server.plugins.auth.token.TokenBearerValidatorCallbackHandler -# # Overwrite the default settings on the REPLICATION listener -# - listener.name.replication.sasl.enabled.mechanisms=PLAIN -# - listener.name.replication.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="${file:/mnt/secrets/credential/plain.txt:username}" password="${file:/mnt/secrets/credential/plain.txt:password}"; -# - listener.name.replication.plain.sasl.server.callback.handler.class=io.confluent.security.auth.provider.ldap.LdapAuthenticateCallbackHandler - # log4j: - # - log4j.logger.io.confluent.security.auth.provider.ldap.LdapGroupManager=DEBUG - dependencies: - kafkaRest: - authentication: - type: bearer - bearer: - secretRef: mds-client - zookeeper: - endpoint: zookeeper.confluent.svc.cluster.local:2182 - authentication: - type: digest - jaasConfig: - secretRef: credential - tls: - enabled: true - metricReporter: - enabled: true - bootstrapEndpoint: kafka.confluent.svc.cluster.local:9071 - authentication: - type: plain - jaasConfig: - secretRef: credential - tls: - enabled: true ---- -apiVersion: platform.confluent.io/v1beta1 -kind: KafkaRestClass -metadata: - name: default -spec: - kafkaRest: - authentication: - type: bearer - bearer: - secretRef: rest-credential \ No newline at end of file + dataVolumeCapacity: 10Gi diff --git a/kustomize/base/confluent/ksqldb.yaml b/kustomize/base/confluent/ksqldb.yaml index a7cd82a..7f36e97 100644 --- a/kustomize/base/confluent/ksqldb.yaml +++ b/kustomize/base/confluent/ksqldb.yaml @@ -8,30 +8,3 @@ spec: application: confluentinc/cp-ksqldb-server-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 dataVolumeCapacity: 10Gi - tls: - autoGeneratedCerts: true - authorization: - type: rbac - dependencies: - kafka: - bootstrapEndpoint: kafka.confluent.svc.cluster.local:9071 - authentication: - type: plain - jaasConfig: - secretRef: credential - tls: - enabled: true - mds: - authentication: - type: bearer - bearer: - secretRef: ksqldb-mds-client - endpoint: https://kafka.confluent.svc.cluster.local:8090 - tls: - enabled: true - tokenKeyPair: - secretRef: mds-token - configOverrides: - server: - - ksql.service.id=ksqldb-cluster ---- \ No newline at end of file diff --git a/kustomize/base/confluent/kustomization.yaml b/kustomize/base/confluent/kustomization.yaml index a89f32d..0c39768 100644 --- a/kustomize/base/confluent/kustomization.yaml +++ b/kustomize/base/confluent/kustomization.yaml @@ -7,4 +7,4 @@ resources: - schema-registry.yaml - control-centre.yaml - ksqldb.yaml -# - rest-proxy.yaml \ No newline at end of file + - ca-pair-sslcerts.yaml diff --git a/kustomize/base/confluent/rest-class.yaml b/kustomize/base/confluent/rest-class.yaml new file mode 100644 index 0000000..21c449d --- /dev/null +++ b/kustomize/base/confluent/rest-class.yaml @@ -0,0 +1,9 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: KafkaRestClass +metadata: + name: default +spec: + kafkaRest: + authentication: + type: basic + basic: diff --git a/kustomize/base/confluent/rest-proxy.yaml b/kustomize/base/confluent/rest-proxy.yaml deleted file mode 100644 index b348776..0000000 --- a/kustomize/base/confluent/rest-proxy.yaml +++ /dev/null @@ -1,192 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - annotations: - prometheus.io/port: "7778" - prometheus.io/scrape: "true" - labels: - type: rest - name: rest -spec: - podManagementPolicy: Parallel - replicas: 1 - selector: - matchLabels: - app: rest - clusterId: confluent - type: rest - serviceName: rest - template: - metadata: - labels: - app: rest - clusterId: confluent - type: rest - name: rest - spec: - containers: - - name: rest - image: confluentinc/cp-kafka-rest:6.1.1-1-ubi8 - imagePullPolicy: IfNotPresent - - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: KAFKA_REST_CONFIG_PROVIDERS - value: file - - name: KAFKA_REST_CONFIG_PROVIDERS_FILE_CLASS - value: org.apache.kafka.common.config.provider.FileConfigProvider - # duplicated for the proper generation of /etc/kafka-rest/admin.properties - - name: KAFKA_REST_CLIENT_CONFIG_PROVIDERS - value: file - - name: KAFKA_REST_CLIENT_CONFIG_PROVIDERS_FILE_CLASS - value: org.apache.kafka.common.config.provider.FileConfigProvider - - name: KAFKA_REST_BOOTSTRAP_SERVERS - value: kafka.confluent.svc.cluster.local:9071 - - name: KAFKA_REST_CLIENT_SECURITY_PROTOCOL - value: SASL_SSL - - name: KAFKA_REST_CLIENT_SASL_MECHANISM - value: PLAIN - - name: KAFKA_REST_CLIENT_SASL_JAAS_CONFIG - value: org.apache.kafka.common.security.plain.PlainLoginModule required username="${file:/mnt/secrets/rest/plain.txt:username}" password="${file:/mnt/secrets/rest/plain.txt:password}"; - - name: KAFKA_REST_CLIENT_SSL_KEY_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_CLIENT_SSL_KEYSTORE_LOCATION - value: /mnt/sslcerts/keystore.jks - - name: KAFKA_REST_CLIENT_SSL_KEYSTORE_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_CLIENT_SSL_TRUSTSTORE_LOCATION - value: /mnt/sslcerts/truststore.jks - - name: KAFKA_REST_CLIENT_SSL_TRUSTSTORE_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_LISTENERS - value: https://0.0.0.0:8080,http://localhost:9080 - - name: KAFKA_REST_SSL_ENABLED_PROTOCOLS - value: TLSv1.2 - - name: KAFKA_REST_SSL_KEY_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_SSL_KEYSTORE_LOCATION - value: /mnt/sslcerts/keystore.jks - - name: KAFKA_REST_SSL_KEYSTORE_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_SSL_TRUSTSTORE_LOCATION - value: /mnt/sslcerts/truststore.jks - - name: KAFKA_REST_SSL_TRUSTSTORE_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_SCHEMA_REGISTRY_URL - value: https://registry.confluent.svc.cluster.local:8081 - - name: KAFKA_REST_SCHEMA_REGISTRY_HTTPS_SSL_KEY_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_SCHEMA_REGISTRY_HTTPS_SSL_KEYSTORE_LOCATION - value: /mnt/sslcerts/keystore.jks - - name: KAFKA_REST_SCHEMA_REGISTRY_HTTPS_SSL_KEYSTORE_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_SCHEMA_REGISTRY_HTTPS_SSL_TRUSTSTORE_LOCATION - value: /mnt/sslcerts/truststore.jks - - name: KAFKA_REST_SCHEMA_REGISTRY_HTTPS_SSL_TRUSTSTORE_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - - name: KAFKA_REST_CONFLUENT_REST_AUTH_PROPAGATE_METHOD - value: JETTY_AUTH - - name: KAFKA_REST_KAFKA_REST_RESOURCE_EXTENSION_CLASS - value: io.confluent.kafkarest.security.KafkaRestSecurityResourceExtension - - name: KAFKA_REST_REST_SERVLET_INITIALIZOR_CLASSES - value: io.confluent.common.security.jetty.initializer.InstallBearerOrBasicSecurityHandler - - name: KAFKA_REST_PUBLIC_KEY_PATH - value: /mnt/secrets/rest/mdsPublicKey.pem - - name: KAFKA_REST_CONFLUENT_METADATA_BOOTSTRAP_SERVER_URLS - value: https://kafka.confluent.svc.cluster.local:8090 - - name: KAFKA_REST_CONFLUENT_METADATA_HTTP_AUTH_CREDENTIALS_PROVIDER - value: BASIC - - name: KAFKA_REST_CONFLUENT_METADATA_BASIC_AUTH_USER_INFO - value: ${file:/mnt/secrets/rest/basic.txt:username}:${file:/mnt/secrets/rest/basic.txt:password} - - name: KAFKA_REST_CONFLUENT_METADATA_SSL_TRUSTSTORE_LOCATION - value: /mnt/sslcerts/truststore.jks - - name: KAFKA_REST_CONFLUENT_METADATA_SSL_TRUSTSTORE_PASSWORD - value: ${file:/mnt/sslcerts/jksPassword.txt:jksPassword} - startupProbe: - exec: - command: - - curl - - http://localhost:9080/ - failureThreshold: 60 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - livenessProbe: - exec: - command: - - curl - - http://localhost:9080/ - failureThreshold: 5 - initialDelaySeconds: 10 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 5 - ports: - - containerPort: 8080 - name: external - protocol: TCP - - containerPort: 9080 - name: internal - protocol: TCP - - containerPort: 7203 - name: jmx - protocol: TCP - - containerPort: 7777 - name: jolokia - protocol: TCP - - containerPort: 7778 - name: prometheus - protocol: TCP - - volumeMounts: - - mountPath: /mnt/sslcerts - name: sslcerts - - mountPath: /mnt/secrets/rest - name: credentials - dnsPolicy: ClusterFirst - restartPolicy: Always - volumes: - - name: sslcerts - secret: - defaultMode: 420 - secretName: rest-sslcerts - - name: credentials - secret: - defaultMode: 420 - secretName: credential - updateStrategy: - type: RollingUpdate ---- -apiVersion: v1 -kind: Service -metadata: - labels: - type: rest - name: rest -spec: - clusterIP: None - ports: - - name: external - port: 8080 - protocol: TCP - targetPort: 8080 - publishNotReadyAddresses: false - selector: - app: rest - clusterId: confluent - type: rest - sessionAffinity: ClientIP - type: ClusterIP ---- diff --git a/kustomize/base/confluent/schema-registry.yaml b/kustomize/base/confluent/schema-registry.yaml index d542db7..8458536 100644 --- a/kustomize/base/confluent/schema-registry.yaml +++ b/kustomize/base/confluent/schema-registry.yaml @@ -1,33 +1,9 @@ ---- apiVersion: platform.confluent.io/v1beta1 kind: SchemaRegistry metadata: - name: registry + name: schemaregistry spec: replicas: 1 image: application: confluentinc/cp-schema-registry-operator:6.1.1.0 init: confluentinc/cp-init-container-operator:6.1.1.0 - tls: - autoGeneratedCerts: true - authorization: - type: rbac - dependencies: - kafka: - bootstrapEndpoint: kafka.confluent.svc.cluster.local:9071 - authentication: - type: plain - jaasConfig: - secretRef: credential - tls: - enabled: true - mds: - endpoint: https://kafka.confluent.svc.cluster.local:8090 - tokenKeyPair: - secretRef: mds-token - authentication: - type: bearer - bearer: - secretRef: sr-mds-client - tls: - enabled: true diff --git a/kustomize/base/confluent/zookeeper.yaml b/kustomize/base/confluent/zookeeper.yaml index 8257410..c14f5c9 100644 --- a/kustomize/base/confluent/zookeeper.yaml +++ b/kustomize/base/confluent/zookeeper.yaml @@ -1,4 +1,3 @@ ---- apiVersion: platform.confluent.io/v1beta1 kind: Zookeeper metadata: @@ -10,9 +9,3 @@ spec: init: confluentinc/cp-init-container-operator:6.1.1.0 dataVolumeCapacity: 10Gi logVolumeCapacity: 10Gi - authentication: - type: digest - jaasConfig: - secretRef: credential - tls: - autoGeneratedCerts: true diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index 7a392bb..9509326 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -1,8 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - secrets - - operator - confluent - - rolebindings - - topics + diff --git a/kustomize/base/operator/crds/kustomization.yaml b/kustomize/base/operator/crds/kustomization.yaml deleted file mode 100644 index 2ad3673..0000000 --- a/kustomize/base/operator/crds/kustomization.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - platform.confluent.io_confluentrolebindings.yaml - - platform.confluent.io_connects.yaml - - platform.confluent.io_controlcenters.yaml - - platform.confluent.io_kafkarestclasses.yaml - - platform.confluent.io_kafkas.yaml - - platform.confluent.io_kafkatopics.yaml - - platform.confluent.io_ksqldbs.yaml - - platform.confluent.io_migrationjobs.yaml - - platform.confluent.io_schemaregistries.yaml - - platform.confluent.io_zookeepers.yaml diff --git a/kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml b/kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml deleted file mode 100644 index 6ccc8de..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_confluentrolebindings.yaml +++ /dev/null @@ -1,249 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: confluentrolebindings.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.state - name: Status - type: string - - JSONPath: .status.kafkaClusterId - name: KafkaClusterId - type: string - - JSONPath: .status.principal - name: Principal - type: string - - JSONPath: .status.role - name: Role - type: string - - JSONPath: .status.kafkaRestClass - name: KafkaRestClass - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.clusterRegistryName - name: ClusterRegistryName - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: ConfluentRolebinding - listKind: ConfluentRolebindingList - plural: confluentrolebindings - shortNames: - - cfrb - - confluentrolebinding - singular: confluentrolebinding - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: ConfluentRolebinding is the Schema for the confluentrolebinding - API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConfluentRolebindingSpec defines the desired state of rolebinding - for cp component when rbac is enabled - properties: - clustersScopeByIds: - description: ClusterScope defines the scope of clustersId - properties: - connectClusterId: - minLength: 1 - type: string - kafkaClusterId: - minLength: 1 - type: string - ksqlClusterId: - minLength: 1 - type: string - schemaRegistryClusterId: - minLength: 1 - type: string - type: object - clustersScopeByRegistryName: - description: ClusterRegistryName defines the unique cluster name customer - registered in cluster registry - minLength: 1 - type: string - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - principal: - description: Principal defines the confluent rolebinding principal name - and the binding details. - properties: - name: - description: Name defines the name of the principal(user/group) - minLength: 1 - type: string - type: - enum: - - user - - group - type: string - required: - - name - - type - type: object - resourcePatterns: - description: ResourcePatterns define the qualified resources associated - with this rolebinding - items: - description: ResourcePattern define the qualified resource info associated - with this rolebinding - properties: - name: - description: Name defines the name of resource associated with - this rolebinding - minLength: 1 - type: string - patternType: - description: PatternType defines whether the pattern of resource - is PREFIXED or LITERAL, default is LITERAL if not set - enum: - - PREFIXED - - LITERAL - type: string - resourceType: - description: ResourceType defines the type of resource - minLength: 1 - type: string - required: - - name - - resourceType - type: object - type: array - role: - description: Role defines the name of the Role - minLength: 1 - type: string - required: - - principal - - role - type: object - status: - description: ConfluentRolebindingStatus defines the observed state of ConfluentRolebinding - properties: - clusterRegistryName: - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - kafkaClusterId: - type: string - kafkaRestClass: - type: string - mdsEndpoint: - type: string - principal: - type: string - resourcePatterns: - items: - description: ResourcePattern define the qualified resource info associated - with this rolebinding - properties: - name: - description: Name defines the name of resource associated with - this rolebinding - minLength: 1 - type: string - patternType: - description: PatternType defines whether the pattern of resource - is PREFIXED or LITERAL, default is LITERAL if not set - enum: - - PREFIXED - - LITERAL - type: string - resourceType: - description: ResourceType defines the type of resource - minLength: 1 - type: string - required: - - name - - resourceType - type: object - type: array - role: - type: string - state: - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_connects.yaml b/kustomize/base/operator/crds/platform.confluent.io_connects.yaml deleted file mode 100644 index b94a2ea..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_connects.yaml +++ /dev/null @@ -1,3103 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: connects.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.kafka.bootstrapEndpoint - name: Kafka - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: Connect - listKind: ConnectList - plural: connects - shortNames: - - connect - singular: connect - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: Connect is the Schema for the Connects API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConnectSpec defines the desired state of Connect - properties: - authentication: - description: Rest server security fields - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic credential - through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on the - server side only. Changes will be only reflected in ControlCenter - (C3). This configuration is ignored on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on the - server side only. This configuration is ignored on the client - side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme for Rest - Server - enum: - - basic - - mtls - type: string - required: - - type - type: object - authorization: - description: Authorization - properties: - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - type: - enum: - - rbac - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - connectorOverridePolicy: - description: ConnectorOverridePolicy allows policy to permit per-connector - override configuration for producer/consumer/admin prefix. More information - can be found here, https://docs.confluent.io/platform/current/connect/security.html#separate-principals - enum: - - All - - Principal - type: string - dependencies: - description: ConnectDependencies holds dependencies a connect requires - or can enable - properties: - admin: - description: configure admin client If bootstrapEndpoint is not - configured, the security is configured based on the kafka dependencies - configuration. Configure if different bootstrapEndpoint is required - for admin client - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - consumer: - description: Consumer security configuration to connect to Kafka - Cluster pointed by bootstrapEndpoint, used for sink connectors. - If bootstrapEndpoint is not configured, the security is configured - based on the kafka dependencies configuration. Configure if different - bootstrapEndpoint is required for consumer - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - interceptor: - description: configure confluent monitoring interceptor - properties: - configs: - description: Configs defines configs for the CP interceptor - Config override feature can be used to pass config - items: - type: string - type: array - consumer: - description: Consumer defines the consumer configuration for - interceptor. If not configured it will use the kafka dependency - configuration - properties: - authentication: - description: Authentication defines the authentication for - the kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's - JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference - to pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete - JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap - endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability - to discover kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is - running Uses the same namespace where Operator is - running if not configured - type: string - secretRef: - description: SecretRef defines the name of the secret - reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side - TLS setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - enabled: - description: Enabled defines to enable the CP interceptor configuration - type: boolean - producer: - description: Producer defines the producer configuration for - interceptor. If not configured it will use the kafka dependency - configuration - properties: - authentication: - description: Authentication defines the authentication for - the kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's - JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference - to pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete - JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap - endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability - to discover kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is - running Uses the same namespace where Operator is - running if not configured - type: string - secretRef: - description: SecretRef defines the name of the secret - reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side - TLS setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - publishMs: - type: integer - required: - - enabled - type: object - kafka: - description: Connect dependency for connecting to kafka. Uses discovery - if that specified - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mds: - description: Mds configurations for when RBAC is enabled - properties: - authentication: - description: Authentication defines MDS authentication configuration - properties: - bearer: - description: BearerAuthentication defines bearer authentication - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines the authentication type support - for MDS - enum: - - bearer - type: string - required: - - bearer - - type - type: object - endpoint: - description: Endpoint defines the mds endpoint - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: TokenKeyPair defines the token keypair to configure - MDS - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - authentication - - endpoint - - tokenKeyPair - type: object - producer: - description: Producer security configuration to connect to Kafka - Cluster pointed by bootstrapEndpoint, used for source connectors. - If bootstrapEndpoint is not configured, the security is configured - based on the kafka dependencies configuration. Configure if different - bootstrapEndpoint/security is required for producer - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - schemaRegistry: - description: configure connect dependency for schemaregistry - properties: - authentication: - description: Authentication defines the authentication for the - schemaregistry cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass - basic credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles - on the server side only. Changes will be only reflected - in ControlCenter (C3). This configuration is ignored - on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration is ignored - on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme - for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for schemaregistry cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - url - type: object - type: object - enableSchemas: - description: EnableSchemas defines whether to enable scheme or not - type: boolean - externalAccess: - description: CPExternalAccess holds all external access policies for - non-kafka components - properties: - ingress: - description: Ingress allows to create a ingress service Not implemented - yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user wishes - to exist. - properties: - backend: - description: A default backend capable of servicing requests - that don't match any rule. At least one of 'backend' or - 'rules' must be specified. This field is optional to allow - the loadbalancer controller or defaulting logic to specify - a global default. - properties: - resource: - description: Resource is an ObjectRef to another Kubernetes - resource in the namespace of the Ingress object. If - resource is specified, serviceName and servicePort - must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the IngressClass - cluster resource. The associated IngressClass defines - which controller will implement the resource. This replaces - the deprecated `kubernetes.io/ingress.class` annotation. - For backwards compatibility, when that annotation is set, - it must be given precedence over this field. The controller - may emit a warning if the field and annotation have different - values. Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource may - be marked as default, which can be used to set a default - value for this field. For more information, refer to the - IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure the - Ingress. If unspecified, or no rule matches, all traffic - is sent to the default backend. - items: - description: IngressRule represents the rules mapping - the paths under a specified host to the related backend - services. Incoming requests are first evaluated for - a host match, then routed to the backend associated - with the matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified domain name - of a network host, as defined by RFC 3986. Note - the following deviations from the \"host\" part - of the URI as defined in RFC 3986: 1. IPs are not - allowed. Currently an IngressRuleValue can only - apply to the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected because ports - are not allowed. \t Currently the port of an Ingress - is implicitly :80 for http and \t :443 for https. - Both these may change in the future. Incoming requests - are matched against the host before the IngressRuleValue. - If the host is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a domain name - without the terminating dot of a network host (e.g. - \"foo.bar.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. - \"*.foo.com\"). The wildcard character '*' must - appear by itself as the first DNS label and matches - only a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests will - be matched against the Host field in the following - way: 1. If Host is precise, the request matches - this rule if the http host header is equal to Host. - 2. If Host is a wildcard, then the request matches - this rule if the http host header is to equal to - the suffix (removing the first label) of the wildcard - rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list of http - selectors pointing to backends. In the example: - http:///? -> backend where - where parts of the url correspond to RFC 3986, this - resource will be used to match against everything - after the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that map requests - to backends. - items: - description: HTTPIngressPath associates a path - with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: Backend defines the referenced - service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: Resource is an ObjectRef - to another Kubernetes resource in - the namespace of the Ingress object. - If resource is specified, serviceName - and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the - referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the - referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against the - path of an incoming request. Currently - it can contain characters disallowed from - the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin - with a '/'. When unspecified, all paths - from incoming requests are matched. - type: string - pathType: - description: 'PathType determines the interpretation - of the Path matching. PathType can be - one of the following values: * Exact: - Matches the URL path exactly. * Prefix: - Matches based on a URL path prefix split - by ''/''. Matching is done on a path - element by element basis. A path element - refers is the list of labels in the - path split by the ''/'' separator. A request - is a match for path p if every p is - an element-wise prefix of p of the request - path. Note that if the last element of - the path is a substring of the last - element in request path, it is not a match - (e.g. /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching is - up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix or Exact - path types. Implementations are required - to support all path types. Defaults to - ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress only - supports a single TLS port, 443. If multiple members of - this list specify different hosts, they will be multiplexed - on the same port according to the hostname specified through - the SNI TLS extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts - with the "Host" header field used by an IngressRule, - the SNI host is used for termination and value of - the Host header is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes load balancer - service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type load balancer - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring source - range - items: - type: string - type: array - port: - description: Port allows to configure external port for client - consumption If not configured, same internal/external port - will be configured per component Information about the port - can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port offset - to be used and will go in the increasing order with respect - to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for OpenShift - Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the OpenShift - service type route - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. It defaults - to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - internalTopicReplicationFactor: - description: ' InternalTopicReplicationFactor defines internal topic - replication factor If not configured, it will be configured as 3' - format: int32 - type: integer - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - keyConverterType: - description: KeyConverter defines the supported converters package for - CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters - By default, it is configured as org.apache.kafka.connect.json.JsonConverter - minLength: 1 - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - storageClass: - description: Storage class used for creating pvc's of created connect - pods - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - telemetry: - description: ConfluentTelemetry defines the confluent telemetry reporter - configuration - properties: - global: - description: Global will allow disabling telemetry configuration. - If Operator is deployed with telemetry, this field is only is - used to disabled. By default the value is true if telemetry is - enabled in global level. - type: boolean - type: object - tls: - description: TLS allows configuring CP Component's server configuration - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - valueConverterType: - description: ValueConverter defines the supported converters package - for CP platform Supported converter types here, https://docs.confluent.io/current/connect/concepts.html#connect-converters - By default, it is configured as org.apache.kafka.connect.json.JsonConverter - minLength: 1 - type: string - required: - - image - - replicas - type: object - status: - description: ConnectStatus defines the observed state of Connect - properties: - authorizationType: - type: string - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - groupId: - type: string - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - kafka: - description: KafkaClientInfoStatus defines the kafka client side status - for all CP component - properties: - authenticationType: - description: AuthenticationType defines the authentication type - for kafka - type: string - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - type: string - tls: - description: TLS defines if tls is enabled for kafka dependency - type: boolean - type: object - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - rbac: - description: RBACInfoStatus defines RBAC related status when RBAC is - enabled - properties: - clusterId: - description: ClusterId defines the id of cluster - type: string - internalRolebindings: - description: RolebindingState defines the state of internal rolebindings - items: - type: string - type: array - type: object - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - restConfig: - description: ListenerStatus describes general information about a listeners - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to connect - to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to connect - to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_controlcenters.yaml b/kustomize/base/operator/crds/platform.confluent.io_controlcenters.yaml deleted file mode 100644 index b2c2a1d..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_controlcenters.yaml +++ /dev/null @@ -1,3032 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: controlcenters.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.kafka.bootstrapEndpoint - name: Kafka - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: ControlCenter - listKind: ControlCenterList - plural: controlcenters - shortNames: - - controlcenter - - c3 - singular: controlcenter - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: ControlCenter is the Schema for the controlcenter API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ControlCenterSpec defines the desired state of ControlCenter - properties: - authentication: - description: Authentication defines the rest-endpoint configuration - properties: - basic: - description: BasicAuthentication defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic credential - through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on the - server side only. Changes will be only reflected in ControlCenter - (C3). This configuration is ignored on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on the - server side only. This configuration is ignored on the client - side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - ldap: - description: C3LdapAuthentication defines ldap authentication - properties: - property: - additionalProperties: - type: string - description: Property defines all the properties for LDAP configuration - Make sure to use secret object to pass username/password - type: object - restrictedRoles: - description: RestrictedRoles defines restricted access roles - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on the - server side only. - items: - type: string - minItems: 1 - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - basic - - ldap - - mtls - type: string - required: - - type - type: object - authorization: - description: Authorization defines authorization configurations - properties: - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - type: - enum: - - rbac - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - dataVolumeCapacity: - anyOf: - - type: integer - - type: string - description: DataVolumeCapacity defines the data size for PV - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - dependencies: - description: Dependencies defines all the dependencies service configuration - properties: - connect: - description: Connect defines connect worker dependencies configuration - items: - description: ControlCenterConnectDependency - properties: - authentication: - description: Authentication defines the authentication for - the connect cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass - basic credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles - on the server side only. Changes will be only reflected - in ControlCenter (C3). This configuration is ignored - on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration is ignored - on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme - for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - name: - description: Name defines the cluster name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - tls: - description: TLSDependencyConfig defines the client side TLS - setting for connect cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - name - - url - type: object - type: array - kafka: - description: Kafka defines kafka dependencies configuration - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - ksqldb: - description: KsqlDB defines ksqldb dependencies configuration - items: - description: ControlCenterKSQLDependency - properties: - advertisedUrl: - description: AdvertisedURL defines the advertised url to use - in browser. - minLength: 1 - pattern: ^https?://.* - type: string - authentication: - description: Authentication defines the authentication for - the ksqldb cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass - basic credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles - on the server side only. Changes will be only reflected - in ControlCenter (C3). This configuration is ignored - on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration is ignored - on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme - for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - name: - description: Name defines the cluster name - minLength: 1 - type: string - tls: - description: TLSDependencyConfig defines the client side TLS - setting for ksqldb cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - name - - url - type: object - type: array - mds: - description: MDSDependencies defines the RBAC dependencies configurations - properties: - authentication: - description: Authentication defines MDS authentication configuration - properties: - bearer: - description: BearerAuthentication defines bearer authentication - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines the authentication type support - for MDS - enum: - - bearer - type: string - required: - - bearer - - type - type: object - endpoint: - description: Endpoint defines the mds endpoint - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: TokenKeyPair defines the token keypair to configure - MDS - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - authentication - - endpoint - - tokenKeyPair - type: object - schemaRegistry: - description: SchemaRegistry defines schema registry dependencies - configuration - properties: - authentication: - description: Authentication defines the authentication for the - schemaregistry cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass - basic credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles - on the server side only. Changes will be only reflected - in ControlCenter (C3). This configuration is ignored - on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration is ignored - on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme - for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - clusters: - items: - description: ControlCenterMultiSchemaRegistryDependency - properties: - authentication: - description: Authentication defines the authentication - for the schemaregistry cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to - pass basic credential through directory path - in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted - roles on the server side only. Changes will - be only reflected in ControlCenter (C3). This - configuration is ignored on the client side - configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration - is ignored on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication - scheme for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - name: - description: Name defines the cluster name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - tls: - description: TLSDependencyConfig defines the client side - TLS setting for schemaregistry cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the - directory path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration - for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure - ignores the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name - referenced for jks password More information - about jks password key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - name - - url - type: object - type: array - tls: - description: TLSDependencyConfig defines the client side TLS - setting for schemaregistry cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - url - type: object - type: object - externalAccess: - description: ExternalAccess defines the external access configuration - properties: - ingress: - description: Ingress allows to create a ingress service Not implemented - yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user wishes - to exist. - properties: - backend: - description: A default backend capable of servicing requests - that don't match any rule. At least one of 'backend' or - 'rules' must be specified. This field is optional to allow - the loadbalancer controller or defaulting logic to specify - a global default. - properties: - resource: - description: Resource is an ObjectRef to another Kubernetes - resource in the namespace of the Ingress object. If - resource is specified, serviceName and servicePort - must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the IngressClass - cluster resource. The associated IngressClass defines - which controller will implement the resource. This replaces - the deprecated `kubernetes.io/ingress.class` annotation. - For backwards compatibility, when that annotation is set, - it must be given precedence over this field. The controller - may emit a warning if the field and annotation have different - values. Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource may - be marked as default, which can be used to set a default - value for this field. For more information, refer to the - IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure the - Ingress. If unspecified, or no rule matches, all traffic - is sent to the default backend. - items: - description: IngressRule represents the rules mapping - the paths under a specified host to the related backend - services. Incoming requests are first evaluated for - a host match, then routed to the backend associated - with the matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified domain name - of a network host, as defined by RFC 3986. Note - the following deviations from the \"host\" part - of the URI as defined in RFC 3986: 1. IPs are not - allowed. Currently an IngressRuleValue can only - apply to the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected because ports - are not allowed. \t Currently the port of an Ingress - is implicitly :80 for http and \t :443 for https. - Both these may change in the future. Incoming requests - are matched against the host before the IngressRuleValue. - If the host is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a domain name - without the terminating dot of a network host (e.g. - \"foo.bar.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. - \"*.foo.com\"). The wildcard character '*' must - appear by itself as the first DNS label and matches - only a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests will - be matched against the Host field in the following - way: 1. If Host is precise, the request matches - this rule if the http host header is equal to Host. - 2. If Host is a wildcard, then the request matches - this rule if the http host header is to equal to - the suffix (removing the first label) of the wildcard - rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list of http - selectors pointing to backends. In the example: - http:///? -> backend where - where parts of the url correspond to RFC 3986, this - resource will be used to match against everything - after the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that map requests - to backends. - items: - description: HTTPIngressPath associates a path - with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: Backend defines the referenced - service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: Resource is an ObjectRef - to another Kubernetes resource in - the namespace of the Ingress object. - If resource is specified, serviceName - and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the - referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the - referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against the - path of an incoming request. Currently - it can contain characters disallowed from - the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin - with a '/'. When unspecified, all paths - from incoming requests are matched. - type: string - pathType: - description: 'PathType determines the interpretation - of the Path matching. PathType can be - one of the following values: * Exact: - Matches the URL path exactly. * Prefix: - Matches based on a URL path prefix split - by ''/''. Matching is done on a path - element by element basis. A path element - refers is the list of labels in the - path split by the ''/'' separator. A request - is a match for path p if every p is - an element-wise prefix of p of the request - path. Note that if the last element of - the path is a substring of the last - element in request path, it is not a match - (e.g. /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching is - up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix or Exact - path types. Implementations are required - to support all path types. Defaults to - ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress only - supports a single TLS port, 443. If multiple members of - this list specify different hosts, they will be multiplexed - on the same port according to the hostname specified through - the SNI TLS extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts - with the "Host" header field used by an IngressRule, - the SNI host is used for termination and value of - the Host header is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes load balancer - service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type load balancer - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring source - range - items: - type: string - type: array - port: - description: Port allows to configure external port for client - consumption If not configured, same internal/external port - will be configured per component Information about the port - can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port offset - to be used and will go in the increasing order with respect - to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for OpenShift - Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the OpenShift - service type route - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. It defaults - to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - id: - description: ControlCenterID identifier used as a prefix so that multiple - instances of Control Center can co-exist. - format: int32 - type: integer - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - internalTopicReplicatorFactor: - format: int32 - type: integer - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - mail: - description: ControlCenterSMTPServer, these settings control the SMTP - server and account used when an alerts triggers the email action. - properties: - authentication: - description: Authentication SMTP supports basic authentication support - only For other types of authentication use config overrides capability. - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic - credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on - the server side only. Changes will be only reflected in - ControlCenter (C3). This configuration is ignored on the - client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on - the server side only. This configuration is ignored on - the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme for - Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - checkServerIdentity: - description: CheckServerIdentity forces validation of server’s certificate - when using STARTTLS or SSL. - type: boolean - hostname: - description: Hostname of outgoing SMTP server - minLength: 1 - type: string - mailBounceAddress: - description: MailBounceAddress override for MailFrom config to send - message - minLength: 1 - type: string - mailFrom: - description: MailFrom the originating address for emails sent from - Control Center. - minLength: 1 - type: string - port: - description: Port SMTP port open on for hostname - format: int32 - type: integer - startTLSRequired: - description: StartTLSRequired forces using STARTTLS. - type: boolean - required: - - hostname - type: object - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - monitoringKafkaClusters: - description: MonitoringKafkaClusters defines configuring monitoring - clusters - items: - description: MonitoringKafkaClusters kafka cluster configuration - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - name: - description: Name defines the cluster name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - tls: - description: TLSDependencyConfig defines the client side TLS setting - for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - required: - - name - type: object - type: array - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - name: - description: ControlCenterName name of the cluster - type: string - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - storageClass: - description: StorageClass defines user provided storage class reference - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - telemetry: - description: ConfluentTelemetry defines the confluent telemetry reporter - configuration - properties: - global: - description: Global will allow disabling telemetry configuration. - If Operator is deployed with telemetry, this field is only is - used to disabled. By default the value is true if telemetry is - enabled in global level. - type: boolean - type: object - tls: - description: TLS defines tls configuration for rest-endpoint - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - dataVolumeCapacity - - image - - replicas - type: object - status: - description: ControlCenterStatus defines the observed state of ControlCenter - properties: - authorizationType: - type: string - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - controlCenterName: - type: string - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - id: - format: int32 - type: integer - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - kafka: - description: KafkaClientInfoStatus defines the kafka client side status - for all CP component - properties: - authenticationType: - description: AuthenticationType defines the authentication type - for kafka - type: string - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - type: string - tls: - description: TLS defines if tls is enabled for kafka dependency - type: boolean - type: object - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - rbac: - description: RBACInfoStatus defines RBAC related status when RBAC is - enabled - properties: - clusterId: - description: ClusterId defines the id of cluster - type: string - internalRolebindings: - description: RolebindingState defines the state of internal rolebindings - items: - type: string - type: array - type: object - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - restConfig: - description: ListenerStatus describes general information about a listeners - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to connect - to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to connect - to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - required: - - id - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_kafkarestclasses.yaml b/kustomize/base/operator/crds/platform.confluent.io_kafkarestclasses.yaml deleted file mode 100644 index 2158aca..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_kafkarestclasses.yaml +++ /dev/null @@ -1,361 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: kafkarestclasses.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: KafkaRestClass - listKind: KafkaRestClassList - plural: kafkarestclasses - shortNames: - - krc - - kafkarestclass - singular: kafkarestclass - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: KafkaRestClass is the Schema for the kafkarestclasses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaRestClassSpec defines the desired state of KafkaRestClass - properties: - kafkaClusterRef: - description: KafkaClusterRef defines the name of the kafka cluster - properties: - name: - description: Name defines name of the Kafka cluster - minLength: 1 - type: string - namespace: - description: Namespace defines namespace where kafka cluster is - running - minLength: 1 - type: string - required: - - name - type: object - kafkaRest: - description: KafkaRestApiInfo defines Kafka Rest API configuration - properties: - authentication: - description: Authentication defines authentication of Kafka Rest - API - properties: - basic: - description: BasicAuthentication defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic - credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on - the server side only. Changes will be only reflected in - ControlCenter (C3). This configuration is ignored on the - client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on - the server side only. This configuration is ignored on - the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - bearer: - description: BearerAuthentication used by MDS clients - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - basic - - bearer - type: string - required: - - type - type: object - endpoint: - description: Endpoint defines where confluent Kafka Rest API is - running - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: TLSDependencyConfig defines the client side tls configuration - to connect to Kafka Rest API - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - secondaryKafkaClusterRef: - description: SecondaryKafkaClusterRef defines the name of the secondary - kafka cluster when using centralized RBAC - properties: - name: - description: Name defines name of the Kafka cluster - minLength: 1 - type: string - namespace: - description: Namespace defines namespace where kafka cluster is - running - minLength: 1 - type: string - required: - - name - type: object - secondaryKafkaRest: - description: SeconaryKafkaRestApiInfo defines secondary Kafka Rest API - configuration when using centralized RBAC - properties: - authentication: - description: Authentication defines authentication of Kafka Rest - API - properties: - basic: - description: BasicAuthentication defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic - credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on - the server side only. Changes will be only reflected in - ControlCenter (C3). This configuration is ignored on the - client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on - the server side only. This configuration is ignored on - the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - bearer: - description: BearerAuthentication used by MDS clients - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - basic - - bearer - type: string - required: - - type - type: object - endpoint: - description: Endpoint defines where confluent Kafka Rest API is - running - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: TLSDependencyConfig defines the client side tls configuration - to connect to Kafka Rest API - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - type: object - status: - description: KafkaRestClassStatus defines the observed state of KafkaRestClass - properties: - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - endpoint: - description: Endpoint defines the kafkarest/mds endpoint - type: string - kafkaClusterId: - description: KafkaClusterId defines the cluster id of kafka cluster - If using centralized RBAC and kafkarestclass is for secondary kafka - cluster, it will be clusterId of secondary kafka cluster - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_kafkas.yaml b/kustomize/base/operator/crds/platform.confluent.io_kafkas.yaml deleted file mode 100644 index 00cfcb9..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_kafkas.yaml +++ /dev/null @@ -1,4981 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: kafkas.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.zookeeperConnect - name: Zookeeper - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: Kafka - listKind: KafkaList - plural: kafkas - shortNames: - - kafka - - broker - singular: kafka - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: Kafka is the Schema for the kafkas API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaSpec defines the desired state of CP component, Kafka - Server - properties: - authorization: - description: Authorization defines authorization support - properties: - superUsers: - description: SuperUsers defines list of supers user to give admin - privilege on the Kafka Cluster This list takes the format as User: - items: - type: string - type: array - type: - enum: - - rbac - - simple - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - dataVolumeCapacity: - anyOf: - - type: integer - - type: string - description: DataVolumeCapacity defines the PV capacity. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - dependencies: - description: Dependencies defines all the kafka dependencies like zookeeper - and centralized MDS settings - properties: - kafkaRest: - description: KafkaRestApiClientDep provides rest client auth for - MDS when RBAC is enabled - properties: - authentication: - description: Authentication defines authentication of Kafka - Rest API - properties: - bearer: - description: BearerAuthentication defines bearer authentication - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines the authentication type support - for MDS - enum: - - bearer - type: string - required: - - bearer - - type - type: object - endpoint: - description: Endpoint defines where confluent Kafka Rest API - is running - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: TLSDependencyConfig defines the client side tls - configuration to connect to Kafka Rest API - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mds: - description: KafkaPrimaryMetaDataServerDep configure a secondary - Kafka cluster managed by the MDS of the primary Kafka cluster - properties: - endpoint: - description: URLEndpoint defines the URL endpoint in format - http|s://:port - minLength: 1 - pattern: ^https?://.* - type: string - kafka: - description: KafkaClientDependency allows configuring CP component - dependency to configure kafka settings - properties: - authentication: - description: Authentication defines the authentication for - the kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's - JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference - to pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete - JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap - endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability - to discover kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is - running Uses the same namespace where Operator is - running if not configured - type: string - secretRef: - description: SecretRef defines the name of the secret - reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side - TLS setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: MDSTokenKeyPair load either through secretRef or - directory path - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - endpoint - - kafka - - tokenKeyPair - type: object - zookeeper: - description: KafkaZookeeperDependencies - properties: - authentication: - description: KafkaClientAuthentication defines the authentication - structure for all dependent CP Component for Kafka Cluster. - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - discovery: - description: Discovery discover structure used by Confluent - platform (CP) - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - endpoint: - description: Endpoint defines the endpoint for service is format - endpoint:port - minLength: 1 - pattern: .+:[0-9]+ - type: string - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - type: object - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - listeners: - description: Listeners defines listeners configurations - properties: - custom: - items: - description: KafkaCustomListener ... - properties: - authentication: - description: KafkaZkAuthentication defines authentication - structure for Kafka/ZK cluster. - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to - pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - principalMappingRules: - items: - type: string - type: array - type: - description: Type defines supported kafka authentication - types - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - externalAccess: - description: KafkaExternalAccess allows to configure external - access for Kafka cluster - properties: - ingress: - description: Ingress allows to create a ingress service - Not implemented yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations - for the kubernetes service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the - user wishes to exist. - properties: - backend: - description: A default backend capable of servicing - requests that don't match any rule. At least - one of 'backend' or 'rules' must be specified. - This field is optional to allow the loadbalancer - controller or defaulting logic to specify a - global default. - properties: - resource: - description: Resource is an ObjectRef to another - Kubernetes resource in the namespace of - the Ingress object. If resource is specified, - serviceName and servicePort must not be - specified. - properties: - apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the - IngressClass cluster resource. The associated - IngressClass defines which controller will implement - the resource. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when - that annotation is set, it must be given precedence - over this field. The controller may emit a warning - if the field and annotation have different values. - Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource - may be marked as default, which can be used - to set a default value for this field. For more - information, refer to the IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure - the Ingress. If unspecified, or no rule matches, - all traffic is sent to the default backend. - items: - description: IngressRule represents the rules - mapping the paths under a specified host to - the related backend services. Incoming requests - are first evaluated for a host match, then - routed to the backend associated with the - matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified - domain name of a network host, as defined - by RFC 3986. Note the following deviations - from the \"host\" part of the URI as defined - in RFC 3986: 1. IPs are not allowed. Currently - an IngressRuleValue can only apply to - \ the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected - because ports are not allowed. \t Currently - the port of an Ingress is implicitly :80 - for http and \t :443 for https. Both - these may change in the future. Incoming - requests are matched against the host - before the IngressRuleValue. If the host - is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a - domain name without the terminating dot - of a network host (e.g. \"foo.bar.com\") - or \"wildcard\", which is a domain name - prefixed with a single wildcard label - (e.g. \"*.foo.com\"). The wildcard character - '*' must appear by itself as the first - DNS label and matches only a single label. - You cannot have a wildcard label by itself - (e.g. Host == \"*\"). Requests will be - matched against the Host field in the - following way: 1. If Host is precise, - the request matches this rule if the http - host header is equal to Host. 2. If Host - is a wildcard, then the request matches - this rule if the http host header is to - equal to the suffix (removing the first - label) of the wildcard rule." - type: string - http: - description: 'HTTPIngressRuleValue is a - list of http selectors pointing to backends. - In the example: http:///? - -> backend where where parts of the url - correspond to RFC 3986, this resource - will be used to match against everything - after the last ''/'' and before the first - ''?'' or ''#''.' - properties: - paths: - description: A collection of paths that - map requests to backends. - items: - description: HTTPIngressPath associates - a path with a backend. Incoming - urls matching the path are forwarded - to the backend. - properties: - backend: - description: Backend defines the - referenced service endpoint - to which the traffic will be - forwarded to. - properties: - resource: - description: Resource is an - ObjectRef to another Kubernetes - resource in the namespace - of the Ingress object. If - resource is specified, serviceName - and servicePort must not - be specified. - properties: - apiGroup: - description: APIGroup - is the group for the - resource being referenced. - If APIGroup is not specified, - the specified Kind must - be in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the - name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the - port of the referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against - the path of an incoming request. - Currently it can contain characters - disallowed from the conventional - "path" part of a URL as defined - by RFC 3986. Paths must begin - with a '/'. When unspecified, - all paths from incoming requests - are matched. - type: string - pathType: - description: 'PathType determines - the interpretation of the Path - matching. PathType can be one - of the following values: * Exact: - Matches the URL path exactly. - * Prefix: Matches based on a - URL path prefix split by ''/''. - Matching is done on a path - element by element basis. A - path element refers is the list - of labels in the path split - by the ''/'' separator. A request - is a match for path p if every - p is an element-wise prefix - of p of the request path. - Note that if the last element - of the path is a substring of - the last element in request - path, it is not a match (e.g. - /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). - * ImplementationSpecific: Interpretation - of the Path matching is up to the - IngressClass. Implementations - can treat this as a separate - PathType or treat it identically - to Prefix or Exact path types. - Implementations are required - to support all path types. Defaults - to ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the - Ingress only supports a single TLS port, 443. - If multiple members of this list specify different - hosts, they will be multiplexed on the same - port according to the hostname specified through - the SNI TLS extension, if the ingress controller - fulfilling the ingress supports SNI. - items: - description: IngressTLS describes the transport - layer security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included - in the TLS certificate. The values in - this list must match the name/s used in - the tlsSecret. Defaults to the wildcard - host setting for the loadbalancer controller - fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the - secret used to terminate TLS traffic on - port 443. Field is left optional to allow - TLS routing based on SNI hostname alone. - If the SNI host in a listener conflicts - with the "Host" header field used by an - IngressRule, the SNI host is used for - termination and value of the Host header - is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes - load balancer service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations - for the kubernetes service type load balancer - type: object - bootstrapPrefix: - description: BootstrapPrefix defines the prefix for - bootstrap advertised endpoint and will be added - as bootstrapPrefix.domain If not configured it will - be the cluster name of CR - minLength: 1 - type: string - brokerPrefix: - description: 'BrokerPrefix defines the prefix for - broker advertised endpoint and will be added as - brokerPrefix.domain If not configured, it will add - b as a prefix, like b#.domain where # will start - from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring - source range - items: - type: string - type: array - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on - service's port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed - names such as mycompany.com/my-custom-protocol. - Field can be enabled with ServiceAppProtocol - feature gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which - this service is exposed when type=NodePort - or LoadBalancer. Usually assigned by the system. - If specified, it will be allocated to the - service if unused or else creation of the - service will fail. Default is to auto-allocate - a port if the ServiceType of this Service - requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. - Supports "TCP", "UDP", and "SCTP". Default - is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to - access on the pods targeted by the service. - Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. If this is a string, - it will be looked up as a named port in the - target Pod''s container ports. If this is - not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should - be omitted or set equal to the ''port'' field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node - port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations - for the kubernetes service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port - offset to be used and will go in the increasing - order with respect to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on - service's port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed - names such as mycompany.com/my-custom-protocol. - Field can be enabled with ServiceAppProtocol - feature gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which - this service is exposed when type=NodePort - or LoadBalancer. Usually assigned by the system. - If specified, it will be allocated to the - service if unused or else creation of the - service will fail. Default is to auto-allocate - a port if the ServiceType of this Service - requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. - Supports "TCP", "UDP", and "SCTP". Default - is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to - access on the pods targeted by the service. - Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. If this is a string, - it will be looked up as a named port in the - target Pod''s container ports. If this is - not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should - be omitted or set equal to the ''port'' field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for - OpenShift Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations - for the OpenShift service type route - type: object - bootstrapPrefix: - description: BootstrapPrefix defines the prefix for - bootstrap advertised endpoint and will be added - as bootstrapPrefix.domain If not configured it will - be the cluster name of CR - minLength: 1 - type: string - brokerPrefix: - description: 'BrokerPrefix defines the prefix for - broker advertised endpoint and will be added as - brokerPrefix.domain If not configured, it will add - b as a prefix, like b#.domain where # will start - from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. - It defaults to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - staticForHostBasedRouting: - description: StaticForHostBasedRouting allows to integrate - with external ingress controllers by doing host based - routing through SNI capability. With this schema, operator - configures kafka advertised listeners only and no kubernetes - external service will be created. - properties: - brokerPrefix: - description: 'BrokerPrefix defines the prefix for - broker advertised endpoint and will be added as - brokerPrefix.domain If not configured, it will add - b as a prefix, like b#.domain where # will start - from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - port: - description: Port defines the port to be used in the - advertised listener for a broker - format: int32 - type: integer - required: - - domain - - port - type: object - staticForPortBasedRouting: - description: StaticForPortBasedRouting allows to enable - external access by port routing With this schema, operator - configures kafka advertised listeners only and no kubernetes - external service will be created. - properties: - host: - description: Host defines the host name to be used - in the advertised listener for a broker - minLength: 1 - type: string - portOffset: - description: PortOffset defines the portOffset to - be used and will go in the increasing order with - respect to the replicas count - format: int32 - type: integer - required: - - host - - portOffset - type: object - type: - description: Type defines supported kubernetes external - services - enum: - - loadBalancer - - nodePort - - route - - staticForPortBasedRouting - - staticForHostBasedRouting - type: string - required: - - type - type: object - name: - description: Name defines the name of the custom listener - internal/external/token can't be used as they are reserved - by the Operator - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - port: - description: Port will bind given port to the custom listener. - Port < 9093 is reserved by the Operator - format: int32 - minimum: 9093 - type: integer - tls: - description: ClientTLSConfig defines TLS configuration for - CP component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - required: - - name - - port - type: object - type: array - external: - description: KafkaExternalAccessListener is the kafka specific external - listener - properties: - authentication: - description: KafkaZkAuthentication defines authentication structure - for Kafka/ZK cluster. - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - principalMappingRules: - items: - type: string - type: array - type: - description: Type defines supported kafka authentication - types - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - externalAccess: - description: KafkaExternalAccess allows to configure external - access for Kafka cluster - properties: - ingress: - description: Ingress allows to create a ingress service - Not implemented yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user - wishes to exist. - properties: - backend: - description: A default backend capable of servicing - requests that don't match any rule. At least one - of 'backend' or 'rules' must be specified. This - field is optional to allow the loadbalancer controller - or defaulting logic to specify a global default. - properties: - resource: - description: Resource is an ObjectRef to another - Kubernetes resource in the namespace of the - Ingress object. If resource is specified, - serviceName and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the - resource being referenced. If APIGroup - is not specified, the specified Kind must - be in the core API group. For any other - third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the - IngressClass cluster resource. The associated - IngressClass defines which controller will implement - the resource. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when - that annotation is set, it must be given precedence - over this field. The controller may emit a warning - if the field and annotation have different values. - Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource - may be marked as default, which can be used to - set a default value for this field. For more information, - refer to the IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure - the Ingress. If unspecified, or no rule matches, - all traffic is sent to the default backend. - items: - description: IngressRule represents the rules - mapping the paths under a specified host to - the related backend services. Incoming requests - are first evaluated for a host match, then routed - to the backend associated with the matching - IngressRuleValue. - properties: - host: - description: "Host is the fully qualified - domain name of a network host, as defined - by RFC 3986. Note the following deviations - from the \"host\" part of the URI as defined - in RFC 3986: 1. IPs are not allowed. Currently - an IngressRuleValue can only apply to the - IP in the Spec of the parent Ingress. 2. - The `:` delimiter is not respected because - ports are not allowed. \t Currently the - port of an Ingress is implicitly :80 for - http and \t :443 for https. Both these - may change in the future. Incoming requests - are matched against the host before the - IngressRuleValue. If the host is unspecified, - the Ingress routes all traffic based on - the specified IngressRuleValue. \n Host - can be \"precise\" which is a domain name - without the terminating dot of a network - host (e.g. \"foo.bar.com\") or \"wildcard\", - which is a domain name prefixed with a single - wildcard label (e.g. \"*.foo.com\"). The - wildcard character '*' must appear by itself - as the first DNS label and matches only - a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests - will be matched against the Host field in - the following way: 1. If Host is precise, - the request matches this rule if the http - host header is equal to Host. 2. If Host - is a wildcard, then the request matches - this rule if the http host header is to - equal to the suffix (removing the first - label) of the wildcard rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list - of http selectors pointing to backends. - In the example: http:///? - -> backend where where parts of the url - correspond to RFC 3986, this resource will - be used to match against everything after - the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that - map requests to backends. - items: - description: HTTPIngressPath associates - a path with a backend. Incoming urls - matching the path are forwarded to - the backend. - properties: - backend: - description: Backend defines the - referenced service endpoint to - which the traffic will be forwarded - to. - properties: - resource: - description: Resource is an - ObjectRef to another Kubernetes - resource in the namespace - of the Ingress object. If - resource is specified, serviceName - and servicePort must not be - specified. - properties: - apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name - of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port - of the referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against - the path of an incoming request. - Currently it can contain characters - disallowed from the conventional - "path" part of a URL as defined - by RFC 3986. Paths must begin - with a '/'. When unspecified, - all paths from incoming requests - are matched. - type: string - pathType: - description: 'PathType determines - the interpretation of the Path - matching. PathType can be one - of the following values: * Exact: - Matches the URL path exactly. - * Prefix: Matches based on a URL - path prefix split by ''/''. Matching - is done on a path element by - element basis. A path element - refers is the list of labels - in the path split by the ''/'' - separator. A request is a match - for path p if every p is an element-wise - prefix of p of the request path. - Note that if the last element - of the path is a substring of - the last element in request path, - it is not a match (e.g. /foo/bar matches - /foo/bar/baz, but does not match - /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching - is up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix - or Exact path types. Implementations - are required to support all path - types. Defaults to ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress - only supports a single TLS port, 443. If multiple - members of this list specify different hosts, - they will be multiplexed on the same port according - to the hostname specified through the SNI TLS - extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport - layer security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included - in the TLS certificate. The values in this - list must match the name/s used in the tlsSecret. - Defaults to the wildcard host setting for - the loadbalancer controller fulfilling this - Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the - secret used to terminate TLS traffic on - port 443. Field is left optional to allow - TLS routing based on SNI hostname alone. - If the SNI host in a listener conflicts - with the "Host" header field used by an - IngressRule, the SNI host is used for termination - and value of the Host header is used for - routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes - load balancer service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type load balancer - type: object - bootstrapPrefix: - description: BootstrapPrefix defines the prefix for - bootstrap advertised endpoint and will be added as - bootstrapPrefix.domain If not configured it will be - the cluster name of CR - minLength: 1 - type: string - brokerPrefix: - description: 'BrokerPrefix defines the prefix for broker - advertised endpoint and will be added as brokerPrefix.domain - If not configured, it will add b as a prefix, like - b#.domain where # will start from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring - source range - items: - type: string - type: array - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node - port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port - offset to be used and will go in the increasing order - with respect to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for - OpenShift Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the OpenShift service type route - type: object - bootstrapPrefix: - description: BootstrapPrefix defines the prefix for - bootstrap advertised endpoint and will be added as - bootstrapPrefix.domain If not configured it will be - the cluster name of CR - minLength: 1 - type: string - brokerPrefix: - description: 'BrokerPrefix defines the prefix for broker - advertised endpoint and will be added as brokerPrefix.domain - If not configured, it will add b as a prefix, like - b#.domain where # will start from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. - It defaults to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - staticForHostBasedRouting: - description: StaticForHostBasedRouting allows to integrate - with external ingress controllers by doing host based - routing through SNI capability. With this schema, operator - configures kafka advertised listeners only and no kubernetes - external service will be created. - properties: - brokerPrefix: - description: 'BrokerPrefix defines the prefix for broker - advertised endpoint and will be added as brokerPrefix.domain - If not configured, it will add b as a prefix, like - b#.domain where # will start from 0 to replicas count' - minLength: 1 - type: string - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - port: - description: Port defines the port to be used in the - advertised listener for a broker - format: int32 - type: integer - required: - - domain - - port - type: object - staticForPortBasedRouting: - description: StaticForPortBasedRouting allows to enable - external access by port routing With this schema, operator - configures kafka advertised listeners only and no kubernetes - external service will be created. - properties: - host: - description: Host defines the host name to be used in - the advertised listener for a broker - minLength: 1 - type: string - portOffset: - description: PortOffset defines the portOffset to be - used and will go in the increasing order with respect - to the replicas count - format: int32 - type: integer - required: - - host - - portOffset - type: object - type: - description: Type defines supported kubernetes external - services - enum: - - loadBalancer - - nodePort - - route - - staticForPortBasedRouting - - staticForHostBasedRouting - type: string - required: - - type - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - internal: - description: Listener is the base fields for component listener - configuration - properties: - authentication: - description: KafkaZkAuthentication defines authentication structure - for Kafka/ZK cluster. - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - principalMappingRules: - items: - type: string - type: array - type: - description: Type defines supported kafka authentication - types - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - type: object - metricReporter: - description: MetricsReporter defines the metric reporter configuration - which will be enabled by default, and piggyback internal listener's - authentication and TLS if it is not set - properties: - authentication: - description: KafkaClientAuthentication defines the authentication - structure for all dependent CP Component for Kafka Cluster. - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - type: string - enabled: - type: boolean - replicationFactor: - format: int32 - type: integer - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - required: - - enabled - type: object - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - rackAssignment: - description: RackAssignment defines the rack awareness capability for - kafka - properties: - availabilityZoneCount: - description: AvailabilityZoneCount if configured will configure - broker.rack with formula (pod_id % azCount) this is mainly for - backwards compatibility with Operator 1.0 - format: int32 - type: integer - nodeLabels: - description: NodeLabels if configured uses the kubernetes node APIs - to to retrieve the value to be used in the broker.rack. This feature - requires Confluent Operaotr to run in cluster-level access - items: - type: string - minItems: 1 - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - services: - description: KafkaServices defines services supported part of kafka - properties: - kafkaRest: - description: RestApiServer embedded rest api server - properties: - externalAccess: - description: CPExternalAccess holds all external access policies - for non-kafka components - properties: - ingress: - description: Ingress allows to create a ingress service - Not implemented yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user - wishes to exist. - properties: - backend: - description: A default backend capable of servicing - requests that don't match any rule. At least one - of 'backend' or 'rules' must be specified. This - field is optional to allow the loadbalancer controller - or defaulting logic to specify a global default. - properties: - resource: - description: Resource is an ObjectRef to another - Kubernetes resource in the namespace of the - Ingress object. If resource is specified, - serviceName and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the - resource being referenced. If APIGroup - is not specified, the specified Kind must - be in the core API group. For any other - third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the - IngressClass cluster resource. The associated - IngressClass defines which controller will implement - the resource. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when - that annotation is set, it must be given precedence - over this field. The controller may emit a warning - if the field and annotation have different values. - Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource - may be marked as default, which can be used to - set a default value for this field. For more information, - refer to the IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure - the Ingress. If unspecified, or no rule matches, - all traffic is sent to the default backend. - items: - description: IngressRule represents the rules - mapping the paths under a specified host to - the related backend services. Incoming requests - are first evaluated for a host match, then routed - to the backend associated with the matching - IngressRuleValue. - properties: - host: - description: "Host is the fully qualified - domain name of a network host, as defined - by RFC 3986. Note the following deviations - from the \"host\" part of the URI as defined - in RFC 3986: 1. IPs are not allowed. Currently - an IngressRuleValue can only apply to the - IP in the Spec of the parent Ingress. 2. - The `:` delimiter is not respected because - ports are not allowed. \t Currently the - port of an Ingress is implicitly :80 for - http and \t :443 for https. Both these - may change in the future. Incoming requests - are matched against the host before the - IngressRuleValue. If the host is unspecified, - the Ingress routes all traffic based on - the specified IngressRuleValue. \n Host - can be \"precise\" which is a domain name - without the terminating dot of a network - host (e.g. \"foo.bar.com\") or \"wildcard\", - which is a domain name prefixed with a single - wildcard label (e.g. \"*.foo.com\"). The - wildcard character '*' must appear by itself - as the first DNS label and matches only - a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests - will be matched against the Host field in - the following way: 1. If Host is precise, - the request matches this rule if the http - host header is equal to Host. 2. If Host - is a wildcard, then the request matches - this rule if the http host header is to - equal to the suffix (removing the first - label) of the wildcard rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list - of http selectors pointing to backends. - In the example: http:///? - -> backend where where parts of the url - correspond to RFC 3986, this resource will - be used to match against everything after - the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that - map requests to backends. - items: - description: HTTPIngressPath associates - a path with a backend. Incoming urls - matching the path are forwarded to - the backend. - properties: - backend: - description: Backend defines the - referenced service endpoint to - which the traffic will be forwarded - to. - properties: - resource: - description: Resource is an - ObjectRef to another Kubernetes - resource in the namespace - of the Ingress object. If - resource is specified, serviceName - and servicePort must not be - specified. - properties: - apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name - of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port - of the referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against - the path of an incoming request. - Currently it can contain characters - disallowed from the conventional - "path" part of a URL as defined - by RFC 3986. Paths must begin - with a '/'. When unspecified, - all paths from incoming requests - are matched. - type: string - pathType: - description: 'PathType determines - the interpretation of the Path - matching. PathType can be one - of the following values: * Exact: - Matches the URL path exactly. - * Prefix: Matches based on a URL - path prefix split by ''/''. Matching - is done on a path element by - element basis. A path element - refers is the list of labels - in the path split by the ''/'' - separator. A request is a match - for path p if every p is an element-wise - prefix of p of the request path. - Note that if the last element - of the path is a substring of - the last element in request path, - it is not a match (e.g. /foo/bar matches - /foo/bar/baz, but does not match - /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching - is up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix - or Exact path types. Implementations - are required to support all path - types. Defaults to ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress - only supports a single TLS port, 443. If multiple - members of this list specify different hosts, - they will be multiplexed on the same port according - to the hostname specified through the SNI TLS - extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport - layer security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included - in the TLS certificate. The values in this - list must match the name/s used in the tlsSecret. - Defaults to the wildcard host setting for - the loadbalancer controller fulfilling this - Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the - secret used to terminate TLS traffic on - port 443. Field is left optional to allow - TLS routing based on SNI hostname alone. - If the SNI host in a listener conflicts - with the "Host" header field used by an - IngressRule, the SNI host is used for termination - and value of the Host header is used for - routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes - load balancer service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type load balancer - type: object - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring - source range - items: - type: string - type: array - port: - description: Port allows to configure external port - for client consumption If not configured, same internal/external - port will be configured per component Information - about the port can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured - for the given domain If prefix is not configured, - the name of the cluster will be used as a default - value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node - port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port - offset to be used and will go in the increasing order - with respect to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for - OpenShift Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the OpenShift service type route - type: object - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured - for the given domain If prefix is not configured, - the name of the cluster will be used as a default - value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. - It defaults to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external - services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mds: - description: MetaDataServer - properties: - authentication: - description: MDSAuthentication supported MDS server configuration - properties: - type: - enum: - - bearer - type: string - required: - - type - type: object - externalAccess: - description: CPExternalAccess holds all external access policies - for non-kafka components - properties: - ingress: - description: Ingress allows to create a ingress service - Not implemented yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user - wishes to exist. - properties: - backend: - description: A default backend capable of servicing - requests that don't match any rule. At least one - of 'backend' or 'rules' must be specified. This - field is optional to allow the loadbalancer controller - or defaulting logic to specify a global default. - properties: - resource: - description: Resource is an ObjectRef to another - Kubernetes resource in the namespace of the - Ingress object. If resource is specified, - serviceName and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the - resource being referenced. If APIGroup - is not specified, the specified Kind must - be in the core API group. For any other - third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced - service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced - service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the - IngressClass cluster resource. The associated - IngressClass defines which controller will implement - the resource. This replaces the deprecated `kubernetes.io/ingress.class` - annotation. For backwards compatibility, when - that annotation is set, it must be given precedence - over this field. The controller may emit a warning - if the field and annotation have different values. - Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource - may be marked as default, which can be used to - set a default value for this field. For more information, - refer to the IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure - the Ingress. If unspecified, or no rule matches, - all traffic is sent to the default backend. - items: - description: IngressRule represents the rules - mapping the paths under a specified host to - the related backend services. Incoming requests - are first evaluated for a host match, then routed - to the backend associated with the matching - IngressRuleValue. - properties: - host: - description: "Host is the fully qualified - domain name of a network host, as defined - by RFC 3986. Note the following deviations - from the \"host\" part of the URI as defined - in RFC 3986: 1. IPs are not allowed. Currently - an IngressRuleValue can only apply to the - IP in the Spec of the parent Ingress. 2. - The `:` delimiter is not respected because - ports are not allowed. \t Currently the - port of an Ingress is implicitly :80 for - http and \t :443 for https. Both these - may change in the future. Incoming requests - are matched against the host before the - IngressRuleValue. If the host is unspecified, - the Ingress routes all traffic based on - the specified IngressRuleValue. \n Host - can be \"precise\" which is a domain name - without the terminating dot of a network - host (e.g. \"foo.bar.com\") or \"wildcard\", - which is a domain name prefixed with a single - wildcard label (e.g. \"*.foo.com\"). The - wildcard character '*' must appear by itself - as the first DNS label and matches only - a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests - will be matched against the Host field in - the following way: 1. If Host is precise, - the request matches this rule if the http - host header is equal to Host. 2. If Host - is a wildcard, then the request matches - this rule if the http host header is to - equal to the suffix (removing the first - label) of the wildcard rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list - of http selectors pointing to backends. - In the example: http:///? - -> backend where where parts of the url - correspond to RFC 3986, this resource will - be used to match against everything after - the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that - map requests to backends. - items: - description: HTTPIngressPath associates - a path with a backend. Incoming urls - matching the path are forwarded to - the backend. - properties: - backend: - description: Backend defines the - referenced service endpoint to - which the traffic will be forwarded - to. - properties: - resource: - description: Resource is an - ObjectRef to another Kubernetes - resource in the namespace - of the Ingress object. If - resource is specified, serviceName - and servicePort must not be - specified. - properties: - apiGroup: - description: APIGroup is - the group for the resource - being referenced. If APIGroup - is not specified, the - specified Kind must be - in the core API group. - For any other third-party - types, APIGroup is required. - type: string - kind: - description: Kind is the - type of resource being - referenced - type: string - name: - description: Name is the - name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name - of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port - of the referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against - the path of an incoming request. - Currently it can contain characters - disallowed from the conventional - "path" part of a URL as defined - by RFC 3986. Paths must begin - with a '/'. When unspecified, - all paths from incoming requests - are matched. - type: string - pathType: - description: 'PathType determines - the interpretation of the Path - matching. PathType can be one - of the following values: * Exact: - Matches the URL path exactly. - * Prefix: Matches based on a URL - path prefix split by ''/''. Matching - is done on a path element by - element basis. A path element - refers is the list of labels - in the path split by the ''/'' - separator. A request is a match - for path p if every p is an element-wise - prefix of p of the request path. - Note that if the last element - of the path is a substring of - the last element in request path, - it is not a match (e.g. /foo/bar matches - /foo/bar/baz, but does not match - /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching - is up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix - or Exact path types. Implementations - are required to support all path - types. Defaults to ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress - only supports a single TLS port, 443. If multiple - members of this list specify different hosts, - they will be multiplexed on the same port according - to the hostname specified through the SNI TLS - extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport - layer security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included - in the TLS certificate. The values in this - list must match the name/s used in the tlsSecret. - Defaults to the wildcard host setting for - the loadbalancer controller fulfilling this - Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the - secret used to terminate TLS traffic on - port 443. Field is left optional to allow - TLS routing based on SNI hostname alone. - If the SNI host in a listener conflicts - with the "Host" header field used by an - IngressRule, the SNI host is used for termination - and value of the Host header is used for - routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes - load balancer service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type load balancer - type: object - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring - source range - items: - type: string - type: array - port: - description: Port allows to configure external port - for client consumption If not configured, same internal/external - port will be configured per component Information - about the port can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured - for the given domain If prefix is not configured, - the name of the cluster will be used as a default - value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node - port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the kubernetes service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure - Service External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port - offset to be used and will go in the increasing order - with respect to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided - service port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. Field - can be enabled with ServiceAppProtocol feature - gate. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type=NodePort or LoadBalancer. - Usually assigned by the system. If specified, - it will be allocated to the service if unused - or else creation of the service will fail. Default - is to auto-allocate a port if the ServiceType - of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number - must be in the range 1 to 65535. Name must be - an IANA_SVC_NAME. If this is a string, it will - be looked up as a named port in the target Pod''s - container ports. If this is not specified, the - value of the ''port'' field is used (an identity - map). This field is ignored for services with - clusterIP=None, and should be omitted or set - equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for - OpenShift Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for - the OpenShift service type route - type: object - domain: - description: Domain allows to configure domain name - for the cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured - for the given domain If prefix is not configured, - the name of the cluster will be used as a default - value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. - It defaults to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external - services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - provider: - properties: - ldap: - description: LdapService LDAP configuration for RBAC - properties: - address: - type: string - authentication: - description: LdapAuthentication supported ldap configuration - for RBAC - properties: - simple: - description: LdapSimpleAuthentication load credential - either for secret or directory path in container - for RBAC - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - simple - - mtls - type: string - required: - - type - type: object - configurations: - description: LdapSettings ldap configurations for CP - RBAC. Anything missing can be passed through configOverride - capability - properties: - groupMemberAttribute: - minLength: 1 - type: string - groupMemberAttributePattern: - minLength: 1 - type: string - groupNameAttribute: - minLength: 1 - type: string - groupObjectClass: - minLength: 1 - type: string - groupSearchBase: - minLength: 1 - type: string - groupSearchFilter: - minLength: 1 - type: string - groupSearchScope: - format: int32 - type: integer - userMemberOfAttributePattern: - minLength: 1 - type: string - userNameAttribute: - minLength: 1 - type: string - userObjectClass: - minLength: 1 - type: string - userSearchBase: - minLength: 1 - type: string - userSearchFilter: - minLength: 1 - type: string - userSearchScope: - format: int32 - type: integer - type: object - tls: - description: ClientTLSConfig defines TLS configuration - for CP component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the - directory path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration - for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure - ignores the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name - referenced for jks password - properties: - secretRef: - description: SecretRef defines the secret name - referenced for jks password More information - about jks password key/value format can be - found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - required: - - address - - authentication - - configurations - type: object - type: - enum: - - ldap - type: string - required: - - ldap - - type - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: MDSTokenKeyPair load either through secretRef or - directory path - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - provider - - tokenKeyPair - type: object - type: object - storageClass: - description: StorageClass defines the user provided storage class. If - not configured, it will use default storage class. - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - telemetry: - description: ConfluentTelemetry defines the confluent telemetry reporter - configuration - properties: - global: - description: Global will allow disabling telemetry configuration. - If Operator is deployed with telemetry, this field is only is - used to disabled. By default the value is true if telemetry is - enabled in global level. - type: boolean - type: object - tls: - description: TLS defines the global level TLS configuration which can - be used by listeners and services if they all want to share same certificate. - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - dataVolumeCapacity - - image - - replicas - type: object - status: - description: KafkaStatus defines the observed state of KafkaServer - properties: - authorizationType: - type: string - brokerIdOffset: - format: int32 - type: integer - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - externalClient: - type: string - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - listeners: - additionalProperties: - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - client: - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to - connect to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to - connect to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - type: object - minISR: - format: int32 - type: integer - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - replicationFactor: - format: int32 - type: integer - services: - additionalProperties: - description: ListenerStatus describes general information about a - listeners - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to - connect to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to - connect to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - type: object - zookeeperConnect: - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_kafkatopics.yaml b/kustomize/base/operator/crds/platform.confluent.io_kafkatopics.yaml deleted file mode 100644 index e6afabd..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_kafkatopics.yaml +++ /dev/null @@ -1,287 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: kafkatopics.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.partitionCount - name: Partition - type: string - - JSONPath: .status.state - name: Status - type: string - - JSONPath: .status.kafkaClusterId - name: ClusterId - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: KafkaTopic - listKind: KafkaTopicList - plural: kafkatopics - shortNames: - - kt - - topic - singular: kafkatopic - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: KafkaTopic is the Schema for the kafkatopics API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaTopicSpec defines the desired state of KafkaTopic - properties: - configs: - additionalProperties: - type: string - description: Configs allows passing configs for topic More information - about topic configs is available here https://docs.confluent.io/current/installation/configuration/topic-configs.html - type: object - kafkaClusterRef: - description: KafkaClusterRef defines the name of the kafka cluster - properties: - name: - description: Name defines name of the Kafka cluster - minLength: 1 - type: string - namespace: - description: Namespace defines namespace where kafka cluster is - running - minLength: 1 - type: string - required: - - name - type: object - kafkaRest: - description: KafkaRestRef defines the Kafka Rest API configuration - properties: - authentication: - description: Authentication defines authentication of Kafka Rest - API - properties: - basic: - description: BasicAuthentication defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic - credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on - the server side only. Changes will be only reflected in - ControlCenter (C3). This configuration is ignored on the - client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on - the server side only. This configuration is ignored on - the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - bearer: - description: BearerAuthentication used by MDS clients - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - basic - - bearer - type: string - required: - - type - type: object - endpoint: - description: Endpoint defines where confluent Kafka Rest API is - running - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: TLSDependencyConfig defines the client side tls configuration - to connect to Kafka Rest API - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - name: - description: Name defines the topic name. If not configured uses the - CR name as topic name. - maxLength: 255 - minLength: 1 - pattern: ^[a-zA-Z0-9\._\-]*$ - type: string - partitionCount: - description: PartitionCount defines the partition count - format: int32 - minimum: 1 - type: integer - replicas: - description: Replicas defines the replication factor for a topic - format: int32 - minimum: 1 - type: integer - type: object - status: - description: KafkaTopicStatus defines the observed state of KafkaTopic - properties: - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - kafkaClusterId: - type: string - kafkaRestEndpoint: - type: string - partitionCount: - format: int32 - type: integer - replicas: - format: int32 - type: integer - state: - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_ksqldbs.yaml b/kustomize/base/operator/crds/platform.confluent.io_ksqldbs.yaml deleted file mode 100644 index 5f99859..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_ksqldbs.yaml +++ /dev/null @@ -1,2719 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: ksqldbs.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.kafka.bootstrapEndpoint - name: Kafka - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: KsqlDB - listKind: KsqlDBList - plural: ksqldbs - shortNames: - - ksqldb - - ksql - singular: ksqldb - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: KsqlDB is the Schema for the ksql API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KafkaSpec defines the desired state of CP component, Kafka - Server - properties: - authentication: - description: Authentication specifies whether auth is needed when accessing - the ksqlDB rest server. - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic credential - through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on the - server side only. Changes will be only reflected in ControlCenter - (C3). This configuration is ignored on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on the - server side only. This configuration is ignored on the client - side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme for Rest - Server - enum: - - basic - - mtls - type: string - required: - - type - type: object - authorization: - description: Authorization configuration defines RBAC configuration - properties: - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - type: - enum: - - rbac - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - dataVolumeCapacity: - anyOf: - - type: integer - - type: string - description: Data volume - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - dependencies: - description: Dependencies defines dependencies Kafka, interceptor, schemaregistry, - mds dependencies - properties: - interceptor: - description: InterceptorDependency defines interceptor settings - for CP component - properties: - configs: - description: Configs defines configs for the CP interceptor - Config override feature can be used to pass config - items: - type: string - type: array - consumer: - description: Consumer defines the consumer configuration for - interceptor. If not configured it will use the kafka dependency - configuration - properties: - authentication: - description: Authentication defines the authentication for - the kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's - JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference - to pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete - JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap - endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability - to discover kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is - running Uses the same namespace where Operator is - running if not configured - type: string - secretRef: - description: SecretRef defines the name of the secret - reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side - TLS setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - enabled: - description: Enabled defines to enable the CP interceptor configuration - type: boolean - producer: - description: Producer defines the producer configuration for - interceptor. If not configured it will use the kafka dependency - configuration - properties: - authentication: - description: Authentication defines the authentication for - the kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's - JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference - to pass required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete - JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap - endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability - to discover kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is - running Uses the same namespace where Operator is - running if not configured - type: string - secretRef: - description: SecretRef defines the name of the secret - reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side - TLS setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for - CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - publishMs: - type: integer - required: - - enabled - type: object - kafka: - description: KafkaClientDependency allows configuring CP component - dependency to configure kafka settings - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mds: - description: MDSDependencies defines MDS configure when CP RBAC - is enabled - properties: - authentication: - description: Authentication defines MDS authentication configuration - properties: - bearer: - description: BearerAuthentication defines bearer authentication - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines the authentication type support - for MDS - enum: - - bearer - type: string - required: - - bearer - - type - type: object - endpoint: - description: Endpoint defines the mds endpoint - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: TokenKeyPair defines the token keypair to configure - MDS - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - authentication - - endpoint - - tokenKeyPair - type: object - schemaRegistry: - description: SchemaRegistryClientDependency allows configuring CP - component dependency to configure schemaRegistry settings - properties: - authentication: - description: Authentication defines the authentication for the - schemaregistry cluster - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass - basic credential through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles - on the server side only. Changes will be only reflected - in ControlCenter (C3). This configuration is ignored - on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration - on the server side only. This configuration is ignored - on the client side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme - for Rest client - enum: - - basic - - mtls - type: string - required: - - type - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for schemaregistry cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - url: - description: URL defines the URL endpoint - minLength: 1 - pattern: ^https?://.* - type: string - required: - - url - type: object - type: object - externalAccess: - description: Provides configuring endpoints and services to make ksqlDB - accessible from outside the cluster - properties: - ingress: - description: Ingress allows to create a ingress service Not implemented - yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user wishes - to exist. - properties: - backend: - description: A default backend capable of servicing requests - that don't match any rule. At least one of 'backend' or - 'rules' must be specified. This field is optional to allow - the loadbalancer controller or defaulting logic to specify - a global default. - properties: - resource: - description: Resource is an ObjectRef to another Kubernetes - resource in the namespace of the Ingress object. If - resource is specified, serviceName and servicePort - must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the IngressClass - cluster resource. The associated IngressClass defines - which controller will implement the resource. This replaces - the deprecated `kubernetes.io/ingress.class` annotation. - For backwards compatibility, when that annotation is set, - it must be given precedence over this field. The controller - may emit a warning if the field and annotation have different - values. Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource may - be marked as default, which can be used to set a default - value for this field. For more information, refer to the - IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure the - Ingress. If unspecified, or no rule matches, all traffic - is sent to the default backend. - items: - description: IngressRule represents the rules mapping - the paths under a specified host to the related backend - services. Incoming requests are first evaluated for - a host match, then routed to the backend associated - with the matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified domain name - of a network host, as defined by RFC 3986. Note - the following deviations from the \"host\" part - of the URI as defined in RFC 3986: 1. IPs are not - allowed. Currently an IngressRuleValue can only - apply to the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected because ports - are not allowed. \t Currently the port of an Ingress - is implicitly :80 for http and \t :443 for https. - Both these may change in the future. Incoming requests - are matched against the host before the IngressRuleValue. - If the host is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a domain name - without the terminating dot of a network host (e.g. - \"foo.bar.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. - \"*.foo.com\"). The wildcard character '*' must - appear by itself as the first DNS label and matches - only a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests will - be matched against the Host field in the following - way: 1. If Host is precise, the request matches - this rule if the http host header is equal to Host. - 2. If Host is a wildcard, then the request matches - this rule if the http host header is to equal to - the suffix (removing the first label) of the wildcard - rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list of http - selectors pointing to backends. In the example: - http:///? -> backend where - where parts of the url correspond to RFC 3986, this - resource will be used to match against everything - after the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that map requests - to backends. - items: - description: HTTPIngressPath associates a path - with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: Backend defines the referenced - service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: Resource is an ObjectRef - to another Kubernetes resource in - the namespace of the Ingress object. - If resource is specified, serviceName - and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the - referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the - referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against the - path of an incoming request. Currently - it can contain characters disallowed from - the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin - with a '/'. When unspecified, all paths - from incoming requests are matched. - type: string - pathType: - description: 'PathType determines the interpretation - of the Path matching. PathType can be - one of the following values: * Exact: - Matches the URL path exactly. * Prefix: - Matches based on a URL path prefix split - by ''/''. Matching is done on a path - element by element basis. A path element - refers is the list of labels in the - path split by the ''/'' separator. A request - is a match for path p if every p is - an element-wise prefix of p of the request - path. Note that if the last element of - the path is a substring of the last - element in request path, it is not a match - (e.g. /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching is - up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix or Exact - path types. Implementations are required - to support all path types. Defaults to - ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress only - supports a single TLS port, 443. If multiple members of - this list specify different hosts, they will be multiplexed - on the same port according to the hostname specified through - the SNI TLS extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts - with the "Host" header field used by an IngressRule, - the SNI host is used for termination and value of - the Host header is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes load balancer - service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type load balancer - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring source - range - items: - type: string - type: array - port: - description: Port allows to configure external port for client - consumption If not configured, same internal/external port - will be configured per component Information about the port - can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port offset - to be used and will go in the increasing order with respect - to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for OpenShift - Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the OpenShift - service type route - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. It defaults - to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - internalTopicReplicationFactor: - description: Replication factor for internal topics - format: int32 - type: integer - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - storageClass: - description: Storage class used for creating pvc's of created ksqlDB - pods - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - telemetry: - description: ConfluentTelemetry defines the confluent telemetry reporter - configuration - properties: - global: - description: Global will allow disabling telemetry configuration. - If Operator is deployed with telemetry, this field is only is - used to disabled. By default the value is true if telemetry is - enabled in global level. - type: boolean - type: object - tls: - description: Specifies TLS configurations for the ksqlDB rest server. - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - dataVolumeCapacity - - image - - replicas - type: object - status: - description: KsqlDBStatus defines the observed state of KSQLServer - properties: - authorizationType: - type: string - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - kafka: - description: KafkaClientInfoStatus defines the kafka client side status - for all CP component - properties: - authenticationType: - description: AuthenticationType defines the authentication type - for kafka - type: string - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - type: string - tls: - description: TLS defines if tls is enabled for kafka dependency - type: boolean - type: object - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - rbac: - description: RBACInfoStatus defines RBAC related status when RBAC is - enabled - properties: - clusterId: - description: ClusterId defines the id of cluster - type: string - internalRolebindings: - description: RolebindingState defines the state of internal rolebindings - items: - type: string - type: array - type: object - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - restConfig: - description: ListenerStatus describes general information about a listeners - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to connect - to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to connect - to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - serviceId: - type: string - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_migrationjobs.yaml b/kustomize/base/operator/crds/platform.confluent.io_migrationjobs.yaml deleted file mode 100644 index ead0c24..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_migrationjobs.yaml +++ /dev/null @@ -1,669 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: migrationjobs.platform.confluent.io -spec: - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: MigrationJob - listKind: MigrationJobList - plural: migrationjobs - shortNames: - - migrationjob - - migration - singular: migrationjob - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: MigrationJob is the Schema for the migrationjobs API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MigrationJobSpec defines the desired state of MigrationJob - properties: - blockReconcile: - type: boolean - connect: - description: ConnectMigrationJobSpec defines the desired state of Connect - after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - controlcenter: - description: ControlCenterMigrationJobSpec defines the desired state - of ControlCenter after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - initContainerImage: - minLength: 1 - type: string - kafka: - description: KafkaMigrationJobSpec defines the descired state of Kafka - after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - ksqldb: - description: KsqlDBMigrationJobSpec defines the desired state of KsqlDB - after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - pullSecretRef: - items: - type: string - type: array - replicator: - description: ReplicatorMigrationJobSpec defines the desired state of - Replicator after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - schemaRegistry: - description: SchemaRegistryMigrationJobSpec defines the desired state - of SchemaRegistry after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - skipCleanup: - type: boolean - skipRollback: - type: boolean - zookeeper: - description: ZookeeperMigrationJobSpec defines the desired state of - Zookeeper after migration - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations for the new resource created. Annotations - is an unstructured key value map stored with a resource that may - be set by external tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - configOverrides: - description: ConfigurationOverrides for the new resource created. - Takes precedence over configuration already present in old CR - properties: - jvm: - description: JVM defines a list of jvm configuration supported - by application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - enabled: - description: Indicates if Migration of this component is enabled - type: boolean - labels: - additionalProperties: - type: string - description: 'Labels for the new resource created. Map of string - keys and values that can be used to organize and categorize (scope - and select) objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: Name of the V1 resource to migrate. It must be unique - within a namespace Note that the resource will be deleted once - the migration is complete Required if this component is enabled - type: string - namespace: - description: Namespace defines the space within each name must be - unique. An empty namespace is equivalent to the "default" namespace, - but "default" is the canonical representation. Not all objects - are required to be scoped to a namespace - the value of this field - for those objects will be empty. - type: string - release: - description: ReleaseName for the helm release for the component. - It is optional for kafka and zookeeper release. - minLength: 1 - type: string - required: - - enabled - type: object - required: - - initContainerImage - type: object - status: - description: MigrationJobStatus defines the observed state of MigrationJob - properties: - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - connect: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - controlcenter: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - kafka: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - ksqldb: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - phase: - type: string - replicator: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - schemaRegistry: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - zookeeper: - description: CommonMigrationStatus defines spec common to different - migration resources - properties: - message: - type: string - phase: - type: string - required: - - message - - phase - type: object - required: - - phase - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_schemaregistries.yaml b/kustomize/base/operator/crds/platform.confluent.io_schemaregistries.yaml deleted file mode 100644 index 5d5723a..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_schemaregistries.yaml +++ /dev/null @@ -1,2333 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: schemaregistries.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.kafka.bootstrapEndpoint - name: Kafka - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: SchemaRegistry - listKind: SchemaRegistryList - plural: schemaregistries - shortNames: - - schemaregistry - - sr - singular: schemaregistry - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: SchemaRegistry is the Schema for the schemaregistries API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: SchemaRegistrySpec defines the desired state of SchemaRegistry - properties: - authentication: - description: Authentication defines the rest-endpoint configuration - properties: - basic: - description: Basic defines basic authentication - properties: - directoryPathInContainer: - description: DirectoryPathInContainer allows to pass basic credential - through directory path in a container - minLength: 1 - type: string - restrictedRoles: - description: RestrictedRoles defines restricted roles on the - server side only. Changes will be only reflected in ControlCenter - (C3). This configuration is ignored on the client side configuration - items: - type: string - minItems: 1 - type: array - roles: - description: Role defines list of roles configuration on the - server side only. This configuration is ignored on the client - side configuration - items: - type: string - type: array - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines supported authentication scheme for Rest - Server - enum: - - basic - - mtls - type: string - required: - - type - type: object - authorization: - description: Authorization defines authorization configurations - properties: - kafkaRestClassRef: - description: KafkaRestClassRef defines the reference for KafkaRestClass - which defines Kafka Rest API - properties: - name: - description: Name defines the name of KafkaRestClass - minLength: 1 - type: string - namespace: - description: Namespace defines the namespace of the KafkaRestClass - type: string - required: - - name - type: object - type: - enum: - - rbac - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - dependencies: - description: Dependencies defines all the dependencies service configuration - properties: - kafka: - description: Kafka defines kafka dependencies configuration - properties: - authentication: - description: Authentication defines the authentication for the - kafka cluster - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS - configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass - required credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS - configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced - for authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - minLength: 1 - pattern: .+:[0-9]+ - type: string - discovery: - description: Discovery defines the discovery capability to discover - kafka cluster - properties: - name: - description: Name is the name of the CP component - type: string - namespace: - description: Namespace defines where CP component is running - Uses the same namespace where Operator is running if not - configured - type: string - secretRef: - description: SecretRef defines the name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLSDependencyConfig defines the client side TLS - setting for kafka cluster - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mds: - description: MDSDependencies defines the RBAC dependencies configurations - properties: - authentication: - description: Authentication defines MDS authentication configuration - properties: - bearer: - description: BearerAuthentication defines bearer authentication - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - type: - description: Type defines the authentication type support - for MDS - enum: - - bearer - type: string - required: - - bearer - - type - type: object - endpoint: - description: Endpoint defines the mds endpoint - minLength: 1 - pattern: ^https?://.* - type: string - tls: - description: ClientTLSConfig defines TLS configuration for CP - component (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks - can be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP - component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores - the truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password - key/value format can be found in Confluent Operator - document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced - for certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - tokenKeyPair: - description: TokenKeyPair defines the token keypair to configure - MDS - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: Name of the secret reference - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - authentication - - endpoint - - tokenKeyPair - type: object - type: object - externalAccess: - description: ExternalAccess defines the external access configuration - properties: - ingress: - description: Ingress allows to create a ingress service Not implemented - yet! - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type ingress service - type: object - spec: - description: IngressSpec describes the Ingress the user wishes - to exist. - properties: - backend: - description: A default backend capable of servicing requests - that don't match any rule. At least one of 'backend' or - 'rules' must be specified. This field is optional to allow - the loadbalancer controller or defaulting logic to specify - a global default. - properties: - resource: - description: Resource is an ObjectRef to another Kubernetes - resource in the namespace of the Ingress object. If - resource is specified, serviceName and servicePort - must not be specified. - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the referenced service. - x-kubernetes-int-or-string: true - type: object - ingressClassName: - description: IngressClassName is the name of the IngressClass - cluster resource. The associated IngressClass defines - which controller will implement the resource. This replaces - the deprecated `kubernetes.io/ingress.class` annotation. - For backwards compatibility, when that annotation is set, - it must be given precedence over this field. The controller - may emit a warning if the field and annotation have different - values. Implementations of this API should ignore Ingresses - without a class specified. An IngressClass resource may - be marked as default, which can be used to set a default - value for this field. For more information, refer to the - IngressClass documentation. - type: string - rules: - description: A list of host rules used to configure the - Ingress. If unspecified, or no rule matches, all traffic - is sent to the default backend. - items: - description: IngressRule represents the rules mapping - the paths under a specified host to the related backend - services. Incoming requests are first evaluated for - a host match, then routed to the backend associated - with the matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified domain name - of a network host, as defined by RFC 3986. Note - the following deviations from the \"host\" part - of the URI as defined in RFC 3986: 1. IPs are not - allowed. Currently an IngressRuleValue can only - apply to the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected because ports - are not allowed. \t Currently the port of an Ingress - is implicitly :80 for http and \t :443 for https. - Both these may change in the future. Incoming requests - are matched against the host before the IngressRuleValue. - If the host is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a domain name - without the terminating dot of a network host (e.g. - \"foo.bar.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. - \"*.foo.com\"). The wildcard character '*' must - appear by itself as the first DNS label and matches - only a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests will - be matched against the Host field in the following - way: 1. If Host is precise, the request matches - this rule if the http host header is equal to Host. - 2. If Host is a wildcard, then the request matches - this rule if the http host header is to equal to - the suffix (removing the first label) of the wildcard - rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list of http - selectors pointing to backends. In the example: - http:///? -> backend where - where parts of the url correspond to RFC 3986, this - resource will be used to match against everything - after the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that map requests - to backends. - items: - description: HTTPIngressPath associates a path - with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: Backend defines the referenced - service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: Resource is an ObjectRef - to another Kubernetes resource in - the namespace of the Ingress object. - If resource is specified, serviceName - and servicePort must not be specified. - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - serviceName: - description: Specifies the name of the - referenced service. - type: string - servicePort: - anyOf: - - type: integer - - type: string - description: Specifies the port of the - referenced service. - x-kubernetes-int-or-string: true - type: object - path: - description: Path is matched against the - path of an incoming request. Currently - it can contain characters disallowed from - the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin - with a '/'. When unspecified, all paths - from incoming requests are matched. - type: string - pathType: - description: 'PathType determines the interpretation - of the Path matching. PathType can be - one of the following values: * Exact: - Matches the URL path exactly. * Prefix: - Matches based on a URL path prefix split - by ''/''. Matching is done on a path - element by element basis. A path element - refers is the list of labels in the - path split by the ''/'' separator. A request - is a match for path p if every p is - an element-wise prefix of p of the request - path. Note that if the last element of - the path is a substring of the last - element in request path, it is not a match - (e.g. /foo/bar matches /foo/bar/baz, - but does not match /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching is - up to the IngressClass. Implementations - can treat this as a separate PathType or - treat it identically to Prefix or Exact - path types. Implementations are required - to support all path types. Defaults to - ImplementationSpecific.' - type: string - required: - - backend - type: object - type: array - required: - - paths - type: object - type: object - type: array - tls: - description: TLS configuration. Currently the Ingress only - supports a single TLS port, 443. If multiple members of - this list specify different hosts, they will be multiplexed - on the same port according to the hostname specified through - the SNI TLS extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - secretName: - description: SecretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts - with the "Host" header field used by an IngressRule, - the SNI host is used for termination and value of - the Host header is used for routing. - type: string - type: object - type: array - type: object - required: - - spec - type: object - loadBalancer: - description: LoadBalancer allows to create a kubernetes load balancer - service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type load balancer - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - loadBalancerSourceRanges: - description: LoadBalancerSourceRanges allows configuring source - range - items: - type: string - type: array - port: - description: Port allows to configure external port for client - consumption If not configured, same internal/external port - will be configured per component Information about the port - can be retrieved through status API - format: int32 - type: integer - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - domain - type: object - nodePort: - description: NodePort allows to create a kubernetes node port service - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the kubernetes - service type node port - type: object - externalTrafficPolicy: - description: ExternalTrafficPolicy allows to configure Service - External Traffic Policy - enum: - - Local - - Cluster - type: string - host: - minLength: 1 - type: string - nodePortOffset: - description: NodePortOffset configures the node port offset - to be used and will go in the increasing order with respect - to the replicas count - format: int32 - maximum: 32767 - minimum: 30000 - type: integer - servicePorts: - description: ServicePorts allows to specify user-provided service - port(s) - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. This - field follows standard Kubernetes label syntax. Un-prefixed - names are reserved for IANA standard service names (as - per RFC-6335 and http://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such - as mycompany.com/my-custom-protocol. Field can be enabled - with ServiceAppProtocol feature gate. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field in the - EndpointPort. Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which this service - is exposed when type=NodePort or LoadBalancer. Usually - assigned by the system. If specified, it will be allocated - to the service if unused or else creation of the service - will fail. Default is to auto-allocate a port if the - ServiceType of this Service requires one. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this service. - format: int32 - type: integer - protocol: - description: The IP protocol for this port. Supports "TCP", - "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access on - the pods targeted by the service. Number must be in - the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this is - not specified, the value of the ''port'' field is used - (an identity map). This field is ignored for services - with clusterIP=None, and should be omitted or set equal - to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - required: - - host - - nodePortOffset - type: object - route: - description: Route allows to create a route service for OpenShift - Platform - properties: - annotations: - additionalProperties: - type: string - description: Annotations allows to add annotations for the OpenShift - service type route - type: object - domain: - description: Domain allows to configure domain name for the - cluster. - minLength: 1 - type: string - prefix: - description: Prefix will add prefix when configured for the - given domain If prefix is not configured, the name of the - cluster will be used as a default value - minLength: 1 - type: string - wildcardPolicy: - description: WildcardPolicy allows wild card polices. It defaults - to None if not configured - enum: - - Subdomain - - None - type: string - required: - - domain - type: object - type: - description: Type defines supported kubernetes external services - enum: - - loadBalancer - - nodePort - - route - minLength: 1 - type: string - required: - - type - type: object - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - internalTopicReplicatorFactor: - format: int32 - minimum: 1 - type: integer - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - storageClass: - description: Storage defines - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - telemetry: - description: ConfluentTelemetry defines the confluent telemetry reporter - configuration - properties: - global: - description: Global will allow disabling telemetry configuration. - If Operator is deployed with telemetry, this field is only is - used to disabled. By default the value is true if telemetry is - enabled in global level. - type: boolean - type: object - tls: - description: TLS defines tls configuration for rest-endpoint - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - image - - replicas - type: object - status: - description: SchemaRegistryStatus defines the observed state of SchemaRegistry - properties: - authorizationType: - type: string - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - groupId: - type: string - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - kafka: - description: KafkaClientInfoStatus defines the kafka client side status - for all CP component - properties: - authenticationType: - description: AuthenticationType defines the authentication type - for kafka - type: string - bootstrapEndpoint: - description: BootstrapEndpoint defines the kafka bootstrap endpoint - type: string - tls: - description: TLS defines if tls is enabled for kafka dependency - type: boolean - type: object - metricPrefix: - type: string - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - rbac: - description: RBACInfoStatus defines RBAC related status when RBAC is - enabled - properties: - clusterId: - description: ClusterId defines the id of cluster - type: string - internalRolebindings: - description: RolebindingState defines the state of internal rolebindings - items: - type: string - type: array - type: object - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - restConfig: - description: ListenerStatus describes general information about a listeners - properties: - advertisedExternalEndpoints: - description: AdvertisedExternalEndpoints defines other advertised - endpoints, especially use for kafka - items: - type: string - type: array - authenticationType: - description: AuthenticationType defines authentication type configured - by a listener - type: string - externalEndpoint: - description: ExternalEndpoint defines the external endpoint to connect - to the service - type: string - internalEndpoint: - description: InternalEndpoint defines the internal endpoint to connect - to the service - type: string - tls: - description: TLS defines whether tls is configured by a listener - type: boolean - type: object - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/crds/platform.confluent.io_zookeepers.yaml b/kustomize/base/operator/crds/platform.confluent.io_zookeepers.yaml deleted file mode 100644 index e8c7c7b..0000000 --- a/kustomize/base/operator/crds/platform.confluent.io_zookeepers.yaml +++ /dev/null @@ -1,1551 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: zookeepers.platform.confluent.io -spec: - additionalPrinterColumns: - - JSONPath: .status.replicas - name: Replicas - type: string - - JSONPath: .status.readyReplicas - name: Ready - type: string - - JSONPath: .status.phase - name: Status - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - - JSONPath: .status.endpoint - name: Endpoint - priority: 1 - type: string - group: platform.confluent.io - names: - categories: - - all - - confluent-platform - - confluent - kind: Zookeeper - listKind: ZookeeperList - plural: zookeepers - shortNames: - - zookeeper - - zk - singular: zookeeper - preserveUnknownFields: false - scope: Namespaced - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} - validation: - openAPIV3Schema: - description: Zookeeper is the Schema for the zookeepers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ZookeeperSpec defines the desired state of Confluent Platform - (CP) component, Zookeeper - properties: - authentication: - description: Authentication defines support authentication configuration - properties: - jaasConfig: - description: JaaS defines opinionated CP component's JaaS configuration. - properties: - secretRef: - description: SecretRef defines secret reference to pass required - credentials - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - jaasConfigPassThrough: - description: JaaSPassThrough user provided complete JaaS configuration. - properties: - directoryPathInContainer: - minLength: 1 - type: string - secretRef: - description: SecretRef defines the secret name referenced for - authentication - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - principalMappingRules: - items: - type: string - type: array - type: - description: Type defines supported kafka authentication types - enum: - - plain - - oauthbearer - - scram - - digest - - kerberos - - mtls - type: string - required: - - type - type: object - configOverrides: - description: ConfigurationOverrides defines capability to override server/jvm/log4j - properties for each Confluent platform component. Change will roll - the cluster - properties: - jvm: - description: JVM defines a list of jvm configuration supported by - application. This will either add or update existing configuration - items: - type: string - type: array - log4j: - description: Log4j defines a list of log4J configuration supported - by application. This will either add or update existing configuration. - items: - type: string - type: array - server: - description: server is list of server configuration supported by - application. This will either add or update existing configuration. - items: - type: string - type: array - type: object - dataVolumeCapacity: - anyOf: - - type: integer - - type: string - description: DataVolumeCapacity defines the data volume size - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - image: - description: Image defines application and init docker image configuration. - Change will roll the cluster - properties: - application: - description: Application defines application docker image name - pattern: .+:.+ - type: string - init: - description: Init defines init-container name - pattern: .+:.+ - type: string - pullSecretRef: - description: 'ImagePullSecrets is a list of references to secrets - in the same namespace to use for pulling any images in pods that - reference this ServiceAccount. ImagePullSecrets are distinct from - Secrets because Secrets can be mounted in the pod, but ImagePullSecrets - are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' - items: - type: string - type: array - required: - - application - - init - type: object - injectAnnotations: - additionalProperties: - type: string - description: InjectAnnotations annotations are injected to all the internal - resources created by Operator. All the internal annotations is preserved - and forbidden to override. For pod annotations, use podTemplate.annotations - type: object - injectLabels: - additionalProperties: - type: string - description: InjectLabels labels are injected to all the internal resources - created by Operator. All the internal labels is preserved and forbidden - to override. For pod labels, use podTemplate.labels - type: object - k8sClusterDomain: - description: K8SClusterDomain defines configuring kubernetes cluster - domain if required. If this setting is not configured it will default - to cluster.local domain. - type: string - license: - description: License defines license configuration for Confluent platform - component - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where license key is mounted. More information about - the usage be found in Confluent Operator document. - minLength: 1 - type: string - globalLicense: - description: GlobalLicense specifies whether operator pod license - will be used for this component If enabled then Confluent platform - component shares Confluent Operator license. - type: boolean - secretRef: - description: SecretRef is secret reference which provides license - for CP component More information about the license key struct - can be found in Confluent Operator document. - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - logVolumeCapacity: - anyOf: - - type: integer - - type: string - description: LogVolumeCapacity defines the log volume size - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - metrics: - description: Metrics specifies the security settings for metric services - properties: - authentication: - description: Metrics security authentication - properties: - type: - enum: - - mtls - type: string - required: - - type - type: object - prometheus: - description: Override for jmx-prometheus exporter configs - properties: - blacklist: - items: - type: string - type: array - rules: - items: - description: Prometheus exporter rule override - properties: - attrNameSnakeCase: - minLength: 1 - type: string - cache: - minLength: 1 - type: string - help: - minLength: 1 - type: string - labels: - additionalProperties: - type: string - type: object - name: - minLength: 1 - type: string - pattern: - minLength: 1 - type: string - type: - minLength: 1 - type: string - value: - minLength: 1 - type: string - valueFactor: - minLength: 1 - type: string - type: object - type: array - whitelist: - items: - type: string - type: array - type: object - tls: - description: ClientTLSConfig defines TLS configuration for CP component - (dependencies, listeners). - properties: - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory - path in container where keystore/truststore.jks/jksPassword.txt - keys are mounted. CP will not configure truststore.jks can - be ignored with IgnoreTrustStoreConfig field - minLength: 1 - type: string - enabled: - description: Enabled enables the TLS configuration for CP component - type: boolean - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the - truststore configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced - for jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced - for jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for - certificates More information about certificates key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - enabled - type: object - type: object - mountedSecrets: - description: MountedSecrets defines list of secrets reference injected - to the the underlying statefulset configuration. The secret reference - is mounted secret mounted in default path /mnt/secrets/. - The underlying resources will follow the secret as a file configuration - as described here https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-files-from-a-pod - Change will roll the cluster - items: - description: MountedSecrets allows provides a way to inject custom - secret to underlying statefulset. - properties: - keyItems: - description: keyItems is list of key and path names - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must - be a value between 0 and 0777. If not specified, the volume - defaultMode will be used. This might be in conflict with - other options that affect the file mode, like fsGroup, - and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key - to. May not be an absolute path. May not contain the path - element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - secretRef: - description: SecretRef defines the secret name referenced - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - type: array - oneReplicaPerNode: - description: OneReplicaPerNode enforces to run 1 pod per node through - pod anti-affinity capability. Enabling this configuration in existing - cluster will roll. Change will roll the cluster - type: boolean - podTemplate: - description: PodTemplate defines some statefulset pod template configuration - properties: - affinity: - description: 'Affinity is a group of affinity scheduling rules. - More info: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - matches the corresponding matchExpressions; the node(s) - with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects - (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with - the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its - node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. - The TopologySelectorTerm type implements a subset - of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values - array must be empty. If the operator is - Gt or Lt, the values array must have a - single element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node - has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not - be scheduled onto the node. If the affinity requirements - specified by this field cease to be met at some point - during pod execution (e.g. due to a pod label update), - the system may or may not try to eventually evict the - pod from its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm are - intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling requirements - (resource request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the - sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum are - the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the pod - will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met at - some point during pod execution (e.g. due to a pod label - update), the system may or may not try to eventually evict - the pod from its node. When there are multiple elements, - the lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - annotations: - additionalProperties: - type: string - description: 'Annotations defines an unstructured key value map - stored with a resource that may be set by external tools to store - and retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - envVars: - description: 'EnvVars defines the collection of EnvVar to inject - into containers. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/' - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - labels: - additionalProperties: - type: string - description: 'Labels defines map of string keys and values that - can be used to organize and categorize (scope and select) objects. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - podSecurityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in - container.securityContext. Field values of container.securityContext - take precedence over field values of PodSecurityContext. - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit - is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions - of any volume." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will - have no effect on ephemeral volume types such as: secret, - configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set in - SecurityContext. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence for - that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to - start the container if it does. If unset or false, no such - validation will be performed. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary - GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - priorityClassName: - description: PriorityClassName defines priority class for the pod - (if any). - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - probe: - description: Probe defines some fields of standard kubernetes readiness/liveness - probe configuration. - properties: - liveness: - description: Liveness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - readiness: - description: Readiness allows to configure some some probe configuration - The changes will override the existing default configuration - properties: - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. CP component - comes with right configuration, not required to change - most of the time - format: int32 - type: integer - initialDelaySeconds: - description: Number of seconds after the container has started - before probes are initiated. CP component comes with right - configuration, not required to change most of the time - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - CP component comes with right configuration, not required - to change most of the time - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - timeoutSeconds: - description: Number of seconds after which the probe times - out. CP component comes with right configuration, not - required to change most of the time - format: int32 - type: integer - type: object - type: object - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount - to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds defines grace period - for pod deletion - format: int64 - type: integer - tolerations: - description: Tolerations defines The pod this Toleration is attached - to tolerates any taint that matches the triple - using the matching operator . - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - description: Replicas is the desired number of replicas of the given - Template. Change will roll the cluster - format: int32 - type: integer - storageClass: - description: StorageClass defines the user provided storage class. If - not configured, it will use default storage class. - properties: - name: - description: Name defines name is the storage class reference name - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - name - type: object - tls: - description: TLS defines TLS setting - properties: - autoGeneratedCerts: - description: AutoGenerated if configures generates the certificates - based on the CA key pair provided. - type: boolean - directoryPathInContainer: - description: DirectoryPathInContainer contains the directory path - in container where keystore/truststore.jks/jksPassword.txt keys - are mounted. CP will not configure truststore.jks can be ignored - with IgnoreTrustStoreConfig field - minLength: 1 - type: string - ignoreTrustStoreConfig: - description: IgnoreTrustStoreConfig when configure ignores the truststore - configuration for CP component - type: boolean - jksPassword: - description: JksPassword defines the secret name referenced for - jks password - properties: - secretRef: - description: SecretRef defines the secret name referenced for - jks password More information about jks password key/value - format can be found in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - required: - - secretRef - type: object - secretRef: - description: SecretRef defines the secret name referenced for certificates - More information about certificates key/value format can be found - in Confluent Operator document - maxLength: 30 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - type: object - required: - - dataVolumeCapacity - - image - - logVolumeCapacity - - replicas - type: object - status: - description: ZookeeperStatus defines the observed state of Zookeeper - properties: - authenticationType: - type: string - authorizationType: - type: string - clusterName: - description: ClusterName defines the name of the cluster - type: string - clusterNamespace: - description: ClusterNamespace provides the namespace where cluster is - running - type: string - conditions: - items: - description: Conditions represents the latest available observations - of a statefulset's current state. - properties: - lastProbeTime: - description: LastProbeTime defines a last time the condition is - evaluated. - format: date-time - type: string - lastTransitionTime: - description: LastTransitionTime defines a last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: ' Message defines a human readable message indicating - details about the transition.' - type: string - reason: - description: ' Reason defines reason for the condition''s last - transition.' - type: string - status: - description: Status defines a status of the condition, one of - True, False, Unknown - type: string - type: - description: Type defines type of condition - type: string - type: object - type: array - currentReplicas: - description: CurrentReplicas defines current running replicas - format: int32 - type: integer - endpoint: - type: string - internalSecrets: - description: InternalSecrets defines the list of internal secrets created - by Operator for each CP component. - items: - type: string - type: array - internalTopicNames: - description: InternalTopicNames is a list of topics used by the component - for internal use - items: - type: string - type: array - operatorVersion: - description: OperatorVersion defines the internal version of operator - type: string - phase: - description: Phase defines the state of the CP component - type: string - readyReplicas: - description: ReadyReplicas defines current ready replicas - format: int32 - type: integer - replicas: - description: Replicas defines replicas - format: int32 - type: integer - tls: - type: boolean - type: object - required: - - spec - type: object - version: v1beta1 - versions: - - name: v1beta1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/kustomize/base/operator/resources/clusterrole.yaml b/kustomize/base/operator/resources/clusterrole.yaml deleted file mode 100644 index e933d3a..0000000 --- a/kustomize/base/operator/resources/clusterrole.yaml +++ /dev/null @@ -1,116 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - meta.helm.sh/release-name: confluent - meta.helm.sh/release-namespace: production - labels: - app: confluent-for-kubernetes - app.kubernetes.io/component: confluent-operator - app.kubernetes.io/instance: confluent - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: confluent-for-kubernetes - helm.sh/chart: confluent-for-kubernetes-0.174.6 - helm.toolkit.fluxcd.io/name: confluent - helm.toolkit.fluxcd.io/namespace: production - name: confluent-operator-global -rules: - - apiGroups: - - cluster.confluent.com - resources: - - zookeeperclusters - - zookeeperclusters/status - - zookeeperclusters/scale - - zookeeperclusters/finalizers - - kafkaclusters - - kafkaclusters/status - - kafkaclusters/scale - - kafkaclusters/finalizers - verbs: - - '*' - - apiGroups: - - operator.confluent.cloud - resources: - - physicalstatefulclusters - - physicalstatefulclusters/scale - - physicalstatefulclusters/status - - physicalstatefulclusters/finalizers - verbs: - - '*' - - apiGroups: - - platform.confluent.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - apps - resources: - - statefulsets - - statefulsets/scale - - statefulsets/status - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - configmaps - - events - - persistentvolumeclaims - - secrets - - secrets/finalizers - - pods - - pods/exec - - services - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - networking.k8s.io - resources: - - ingresses - - ingresses/status - verbs: - - get - - list - - watch - - create - - update - - patch - - delete diff --git a/kustomize/base/operator/resources/clusterrolebinding.yaml b/kustomize/base/operator/resources/clusterrolebinding.yaml deleted file mode 100644 index 23c5f6c..0000000 --- a/kustomize/base/operator/resources/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - labels: - app: confluent-for-kubernetes - app.kubernetes.io/name: confluent-for-kubernetes - app.kubernetes.io/instance: confluent - app.kubernetes.io/managed-by: git - app.kubernetes.io/component: confluent-operator - helm.sh/chart: confluent-for-kubernetes-0.174.6 - name: confluent-operator-global -subjects: -- kind: ServiceAccount - name: confluent-for-kubernetes - namespace: production -roleRef: - kind: Role - name: confluent-operator-global - apiGroup: rbac.authorization.k8s.io diff --git a/kustomize/base/operator/resources/deployment.yaml b/kustomize/base/operator/resources/deployment.yaml deleted file mode 100644 index 2c731ba..0000000 --- a/kustomize/base/operator/resources/deployment.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: "confluent-for-kubernetes" - app.kubernetes.io/name: "confluent-for-kubernetes" - app.kubernetes.io/instance: "confluent" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: "confluent-for-kubernetes-0.174.6" - name: confluent-operator-global -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/instance: confluent - app.kubernetes.io/name: confluent-operator - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - template: - metadata: - annotations: - prometheus.io/path: "/metrics" - prometheus.io/port: "7778" - prometheus.io/scrape: "true" - labels: - app: "confluent-operator" - app.kubernetes.io/name: "confluent-operator" - app.kubernetes.io/instance: "confluent" - confluent-platform: "true" - version: "0.174.6" - spec: - containers: - - args: - - --debug=false - - --namespaces=production - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: NODEIP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: DD_ENTITY_ID - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.uid - image: docker.io/confluentinc/confluent-operator:0.174.6 - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: confluent-operator-global - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readyz - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 100m - memory: 256Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: - fsGroup: 1001 - runAsNonRoot: true - runAsUser: 1001 - serviceAccount: confluent-for-kubernetes - serviceAccountName: confluent-for-kubernetes - terminationGracePeriodSeconds: 30 \ No newline at end of file diff --git a/kustomize/base/operator/resources/kustomization.yaml b/kustomize/base/operator/resources/kustomization.yaml deleted file mode 100644 index aff33c3..0000000 --- a/kustomize/base/operator/resources/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - clusterrole.yaml - - clusterrolebinding.yaml - - deployment.yaml - - service.yaml - - serviceaccount.yaml diff --git a/kustomize/base/operator/resources/service.yaml b/kustomize/base/operator/resources/service.yaml deleted file mode 100644 index e527612..0000000 --- a/kustomize/base/operator/resources/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: "confluent-for-kubernetes" - app.kubernetes.io/name: "confluent-for-kubernetes" - app.kubernetes.io/instance: "confluent" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: "confluent-for-kubernetes-0.174.6" - name: "confluent-operator" -spec: - ports: - - name: http-metric - port: 7778 - protocol: TCP - targetPort: 7778 - selector: - app: "confluent-operator" - app.kubernetes.io/name: "confluent-operator" - type: ClusterIP - diff --git a/kustomize/base/operator/resources/serviceaccount.yaml b/kustomize/base/operator/resources/serviceaccount.yaml deleted file mode 100644 index cf95403..0000000 --- a/kustomize/base/operator/resources/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -imagePullSecrets: -- name: "confluent-registry" -kind: ServiceAccount -metadata: - labels: - app: "confluent-for-kubernetes" - app.kubernetes.io/name: "confluent-for-kubernetes" - app.kubernetes.io/instance: "confluent" - app.kubernetes.io/managed-by: "Helm" - app.kubernetes.io/component: "confluent-operator" - helm.sh/chart: "confluent-for-kubernetes-0.174.6" - name: confluent-for-kubernetes - diff --git a/kustomize/base/rolebindings/connect/connect-base.yaml b/kustomize/base/rolebindings/connect/connect-base.yaml deleted file mode 100644 index 0dfc382..0000000 --- a/kustomize/base/rolebindings/connect/connect-base.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: connect-cluster-base -spec: - clustersScopeByIds: - connectClusterId: confluent.connect - principal: - name: connect - type: user - role: SecurityAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: connect-resources-base -spec: - principal: - name: connect - type: user - resourcePatterns: - - name: confluent.connect - patternType: LITERAL - resourceType: Group - - name: confluent.connect- - patternType: PREFIXED - resourceType: Topic - role: ResourceOwner ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: connect-monitoring-base -spec: - principal: - name: connect - type: user - resourcePatterns: - - name: _confluent-monitoring - patternType: PREFIXED - resourceType: Topic - role: DeveloperWrite - - diff --git a/kustomize/base/rolebindings/connect/connect-groups.yaml b/kustomize/base/rolebindings/connect/connect-groups.yaml deleted file mode 100644 index c62b7b5..0000000 --- a/kustomize/base/rolebindings/connect/connect-groups.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: connect-groups -spec: - principal: - name: connect - type: user - resourcePatterns: - - name: connect-cluster - patternType: LITERAL - resourceType: Group - - name: connect-secrets - patternType: LITERAL - resourceType: Group - role: ResourceOwner diff --git a/kustomize/base/rolebindings/connect/connect-topics.yaml b/kustomize/base/rolebindings/connect/connect-topics.yaml deleted file mode 100644 index 316544e..0000000 --- a/kustomize/base/rolebindings/connect/connect-topics.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: connect-topics -spec: - principal: - name: connect - type: user - resourcePatterns: - - name: _confluent-connect-secrets - patternType: LITERAL - resourceType: Topic - - name: _confluent-connect-status - patternType: LITERAL - resourceType: Topic - - name: _confluent-connect-offsets - patternType: LITERAL - resourceType: Topic - - name: _confluent-connect-configs - patternType: LITERAL - resourceType: Topic - - name: confluent.connect- - patternType: PREFIXED - resourceType: Topic - role: ResourceOwner diff --git a/kustomize/base/rolebindings/connect/kustomization.yaml b/kustomize/base/rolebindings/connect/kustomization.yaml deleted file mode 100644 index 6275c8d..0000000 --- a/kustomize/base/rolebindings/connect/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - connect-base.yaml - - connect-groups.yaml - - connect-topics.yaml diff --git a/kustomize/base/rolebindings/controlcenter/controlcentre-base.yaml b/kustomize/base/rolebindings/controlcenter/controlcentre-base.yaml deleted file mode 100644 index 64a4063..0000000 --- a/kustomize/base/rolebindings/controlcenter/controlcentre-base.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: control-centre-base -spec: - principal: - name: ccc - type: user - role: SystemAdmin diff --git a/kustomize/base/rolebindings/controlcenter/controlcentre-clusters.yaml b/kustomize/base/rolebindings/controlcenter/controlcentre-clusters.yaml deleted file mode 100644 index 600571f..0000000 --- a/kustomize/base/rolebindings/controlcenter/controlcentre-clusters.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: control-centre-cluster-registry -spec: - clustersScopeByIds: - schemaRegistryClusterId: schema-registry - principal: - name: ccc - type: user - role: SystemAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: control-centre-cluster-connect -spec: - clustersScopeByIds: - connectClusterId: confluent.connect - principal: - name: ccc - type: user - role: SystemAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: control-centre-cluster-ksqldb -spec: - clustersScopeByIds: - ksqlClusterId: ksqldb-cluster - principal: - name: ccc - type: user - role: SystemAdmin diff --git a/kustomize/base/rolebindings/controlcenter/kustomization.yaml b/kustomize/base/rolebindings/controlcenter/kustomization.yaml deleted file mode 100644 index 5b6c76f..0000000 --- a/kustomize/base/rolebindings/controlcenter/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - controlcentre-base.yaml - - controlcentre-clusters.yaml \ No newline at end of file diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-base.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-base.yaml deleted file mode 100644 index bc777a6..0000000 --- a/kustomize/base/rolebindings/ksqldb/ksqldb-base.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-base -spec: - clustersScopeByIds: - ksqlClusterId: confluent.ksqldb_ - principal: - name: ksql - type: user - resourcePatterns: - - name: ksql-cluster - patternType: LITERAL - resourceType: KsqlCluster - role: ResourceOwner ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-resources-base -spec: - principal: - name: ksql - type: user - resourcePatterns: - - name: _confluent-ksql-confluent.ksqldb_ - patternType: PREFIXED - resourceType: Topic - role: ResourceOwner diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-cluster.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-cluster.yaml deleted file mode 100644 index ce34f3f..0000000 --- a/kustomize/base/rolebindings/ksqldb/ksqldb-cluster.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster -spec: - clustersScopeByIds: - kafkaClusterId: qrGPK1LPTaa1s9d5D4V1rw - principal: - name: ksql - type: user - resourcePatterns: - - name: kafka-cluster - resourceType: Cluster - role: DeveloperWrite \ No newline at end of file diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-groups.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-groups.yaml deleted file mode 100644 index 04083cd..0000000 --- a/kustomize/base/rolebindings/ksqldb/ksqldb-groups.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-groups -spec: - principal: - name: ksql - type: user - resourcePatterns: - - name: _confluent-ksql-ksqldb-cluster - patternType: PREFIXED - resourceType: Group - role: ResourceOwner diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml deleted file mode 100644 index 63e70dc..0000000 --- a/kustomize/base/rolebindings/ksqldb/ksqldb-ksqlcluster.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-ksqlcluster -spec: - clustersScopeByIds: - ksqlClusterId: confluent.ksqldb_ - principal: - name: ksql - type: user - resourcePatterns: - - name: ksql-cluster - patternType: LITERAL - resourceType: KsqlCluster - role: ResourceOwner ---- diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-topics.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-topics.yaml deleted file mode 100644 index 0ba6994..0000000 --- a/kustomize/base/rolebindings/ksqldb/ksqldb-topics.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-topics -spec: - principal: - name: ksql - type: user - resourcePatterns: - - name: _confluent-ksql-confluent.ksqldb_ - patternType: PREFIXED - resourceType: Topic - - name: _confluent-ksql-ksqldb-cluster_command_topic - patternType: PREFIXED - resourceType: Topic - - name: ksqldb-clusterksql_processing_log - patternType: PREFIXED - resourceType: Topic - role: ResourceOwner diff --git a/kustomize/base/rolebindings/ksqldb/ksqldb-transaction.yaml b/kustomize/base/rolebindings/ksqldb/ksqldb-transaction.yaml deleted file mode 100644 index 0e7910b..0000000 --- a/kustomize/base/rolebindings/ksqldb/ksqldb-transaction.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: ksqldb-cluster-transaction -spec: - principal: - name: ksql - type: user - resourcePatterns: - - name: ksqldb-cluster - patternType: PREFIXED - resourceType: TransactionalId - role: ResourceOwner diff --git a/kustomize/base/rolebindings/ksqldb/kustomization.yaml b/kustomize/base/rolebindings/ksqldb/kustomization.yaml deleted file mode 100644 index 3d026df..0000000 --- a/kustomize/base/rolebindings/ksqldb/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - ksqldb-base.yaml - - ksqldb-cluster.yaml - - ksqldb-groups.yaml - - ksqldb-ksqlcluster.yaml - - ksqldb-topics.yaml - - ksqldb-transaction.yaml \ No newline at end of file diff --git a/kustomize/base/rolebindings/kustomization.yaml b/kustomize/base/rolebindings/kustomization.yaml deleted file mode 100644 index c00c807..0000000 --- a/kustomize/base/rolebindings/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - ldap - - controlcenter - - connect - - ksqldb - - schemaregistry \ No newline at end of file diff --git a/kustomize/base/rolebindings/ldap/groups/kustomization.yaml b/kustomize/base/rolebindings/ldap/groups/kustomization.yaml deleted file mode 100644 index 3ced4b9..0000000 --- a/kustomize/base/rolebindings/ldap/groups/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - ldap-groups.yaml \ No newline at end of file diff --git a/kustomize/base/rolebindings/ldap/groups/ldap-groups.yaml b/kustomize/base/rolebindings/ldap/groups/ldap-groups.yaml deleted file mode 100644 index 755ce6e..0000000 --- a/kustomize/base/rolebindings/ldap/groups/ldap-groups.yaml +++ /dev/null @@ -1,77 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-groups-kafka-cluster-connect -spec: - clustersScopeByIds: - connectClusterId: confluent.connect - principal: - name: admins - type: group - resourcePatterns: - - name: "*" - resourceType: Connector - role: ResourceOwner ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-groups-kafka-cluster-sr -spec: - clustersScopeByIds: - schemaRegistryClusterId: schema-registry - principal: - name: admins - type: group - role: SystemAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-groups-kafka-cluster-ksql -spec: - clustersScopeByIds: - ksqlClusterId: ksqldb-cluster - principal: - name: admins - type: group - role: SystemAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-group-topics -spec: - principal: - name: admins - type: group - resourcePatterns: - - name: "*" - resourceType: Topic - role: ResourceOwner ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-group-groups -spec: - principal: - name: admins - type: group - resourcePatterns: - - name: "*" - resourceType: Group - role: ResourceOwner ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: admin-group-transactionalid -spec: - principal: - name: admins - type: group - resourcePatterns: - - name: "*" - resourceType: TransactionalId - role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/rolebindings/ldap/kustomization.yaml b/kustomize/base/rolebindings/ldap/kustomization.yaml deleted file mode 100644 index c860fd8..0000000 --- a/kustomize/base/rolebindings/ldap/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - groups - - users \ No newline at end of file diff --git a/kustomize/base/rolebindings/ldap/users/kustomization.yaml b/kustomize/base/rolebindings/ldap/users/kustomization.yaml deleted file mode 100644 index 63f5568..0000000 --- a/kustomize/base/rolebindings/ldap/users/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - ldap-users.yaml \ No newline at end of file diff --git a/kustomize/base/rolebindings/ldap/users/ldap-users.yaml b/kustomize/base/rolebindings/ldap/users/ldap-users.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/kustomize/base/rolebindings/schemaregistry/kustomization.yaml b/kustomize/base/rolebindings/schemaregistry/kustomization.yaml deleted file mode 100644 index 9e63810..0000000 --- a/kustomize/base/rolebindings/schemaregistry/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: confluent -resources: - - schemaregistry-base.yaml - - schemaregistry-groups.yaml - - schemaregistry-topics.yaml \ No newline at end of file diff --git a/kustomize/base/rolebindings/schemaregistry/schemaregistry-base.yaml b/kustomize/base/rolebindings/schemaregistry/schemaregistry-base.yaml deleted file mode 100644 index 3a9eea6..0000000 --- a/kustomize/base/rolebindings/schemaregistry/schemaregistry-base.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: registry-base - namespace: confluent -spec: - clustersScopeByIds: - schemaRegistryClusterId: id_registry_confluent - principal: - name: registry - type: user - role: SecurityAdmin ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: registry-mds-client-resources-base - namespace: confluent -spec: - principal: - name: registry - type: user - resourcePatterns: - - name: _confluent-license - patternType: LITERAL - resourceType: Topic - - name: _schemas_schemaregistry_confluent - patternType: LITERAL - resourceType: Topic - - name: id_schemaregistry_confluent - patternType: LITERAL - resourceType: Group - role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/rolebindings/schemaregistry/schemaregistry-groups.yaml b/kustomize/base/rolebindings/schemaregistry/schemaregistry-groups.yaml deleted file mode 100644 index 1696c23..0000000 --- a/kustomize/base/rolebindings/schemaregistry/schemaregistry-groups.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: registry-groups - namespace: confluent -spec: - principal: - name: registry - type: user - resourcePatterns: - - name: id_schemaregistry_confluent - patternType: LITERAL - resourceType: Group - - name: schema-registry - patternType: LITERAL - resourceType: Group - role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/rolebindings/schemaregistry/schemaregistry-topics.yaml b/kustomize/base/rolebindings/schemaregistry/schemaregistry-topics.yaml deleted file mode 100644 index ab7d24b..0000000 --- a/kustomize/base/rolebindings/schemaregistry/schemaregistry-topics.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: ConfluentRolebinding -metadata: - name: registry-topics - namespace: confluent -spec: - principal: - name: registry - type: user - resourcePatterns: - - name: _schemas - patternType: LITERAL - resourceType: Topic - role: ResourceOwner \ No newline at end of file diff --git a/kustomize/base/secrets/c3-mds-client.yaml b/kustomize/base/secrets/c3-mds-client.yaml deleted file mode 100644 index d88f450..0000000 --- a/kustomize/base/secrets/c3-mds-client.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -data: - basic.txt: dXNlcm5hbWU9YzMKcGFzc3dvcmQ9YzMtc2VjcmV0Cg== - bearer.txt: dXNlcm5hbWU9YzMKcGFzc3dvcmQ9YzMtc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: c3-mds-client diff --git a/kustomize/base/secrets/ca-pair.yaml b/kustomize/base/secrets/ca-pair.yaml deleted file mode 100644 index f13fa06..0000000 --- a/kustomize/base/secrets/ca-pair.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURtRENDQW9DZ0F3SUJBZ0lVSkp6bXBNdTJ4dzh3N2p5SUpGOTVaWDhPbHE0d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pERVJNQThHQTFVRUJoTUlWVzVwZG1WeWMyVXhEekFOQmdOVkJBZ1RCbEJoYm1kbFlURU9NQXdHQTFVRQpCeE1GUldGeWRHZ3hEVEFMQmdOVkJBb1RCRUZqYldVeERqQU1CZ05WQkFzVEJVMTVUM0puTVE4d0RRWURWUVFECkV3WlVaWE4wUTBFd0hoY05NakV3TlRJeE1UQXlNVEF3V2hjTk1qWXdOVEl3TVRBeU1UQXdXakJrTVJFd0R3WUQKVlFRR0V3aFZibWwyWlhKelpURVBNQTBHQTFVRUNCTUdVR0Z1WjJWaE1RNHdEQVlEVlFRSEV3VkZZWEowYURFTgpNQXNHQTFVRUNoTUVRV050WlRFT01Bd0dBMVVFQ3hNRlRYbFBjbWN4RHpBTkJnTlZCQU1UQmxSbGMzUkRRVENDCkFTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVlGTHZrQ2pUOFFoMHp5Nm9EaFdVUWkKMUtnZUViMEVrT1V5eFJEelJZa0Faa1pTMTFRZ0tNQmJBdVRvcHBNa2Z1Y3lDUGhPSmhDZEh3ZUlzM2dlWlhQVgpnUDY4WHAzdXdEYlRNTGJ0bTR1c2M0Wkl4b3g2aVlzczNoQjhOV0wwelRHZXUweXdleWhXbFd5VG11bndSU3NtClRTcGlVNVZCMTJPbWM3UWtsWkl3Wk5YNk1GVE5zLzFWQ2FPcC9HdG9NMDQ0RG95eGpNalJNQllaNDAxMjh2UnEKZFp1MFpLdTUvazUreHM2TDE4NTBkeTRNc2JrS3MzTDNTMHdKS0o0SkoxaDFZbDNhakk4Q0NvMG1ZWTBmeGl5MQovc0YxQ2NxNnVXTEJnR1gzWE02NnMycWZwN3k1OTdrKzNpUWhHdnd6bEpnYi9MUFQ3ZDk4dTlJc0dtYk0yR2tDCkF3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0VHTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME8KQkJZRUZFeWMycVlqaGN2bUJMRFEvWFJxSlBSNi9zaFlNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFFMVJMQQpyako5Y1o1dDZIUTZ1L0lpK1Z1M04vbGVyKzA5YWpGZmhPZlhuNlRUYXBHcU15ZmIzVjJGUWsyNDJEZjNKTWtsCmowdXdyY2w2Qy9XMURZbmZkcmxHM1ZpaTlrQmhoVEZTbVRsQnM1NXFlVzhrME9ZcGlGbnYrLzFuMjl6L0ZuMUwKWXdTQUt0N0xDYk5NTnRVaUIvZW5KdkU3NSsxNHUwb0lwTXRzV2Jna0U0Ykc4amcyVkNWL3JmZ1hjTzRGcDh0bQorWHlON0dLVGpMcGtOU0JUd2lYMTk0eVZrQUd6VTZ1bFQ2QS8zL2pMZ2o0L3R6ZXBJbkpGK1dYL1lJZWphTTR4CjBZSzdCblA1Z2RyNEh1V1djc2JLRnBwRStVdmxQb0dOcUpVa1JqQVZ0NklyWjgweWlUQlA5eXYwblZIaFBrVlgKcElmS2hyQ294QXRiTDl6eAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeGdVdStRS05QeENIVFBMcWdPRlpSQ0xVcUI0UnZRU1E1VExGRVBORmlRQm1SbExYClZDQW93RnNDNU9pbWt5Uis1eklJK0U0bUVKMGZCNGl6ZUI1bGM5V0EvcnhlbmU3QU50TXd0dTJiaTZ4emhrakcKakhxSml5emVFSHcxWXZUTk1aNjdUTEI3S0ZhVmJKT2E2ZkJGS3laTkttSlRsVUhYWTZaenRDU1ZrakJrMWZvdwpWTTJ6L1ZVSm82bjhhMmd6VGpnT2pMR015TkV3RmhualRYYnk5R3AxbTdSa3E3bitUbjdHem92WHpuUjNMZ3l4CnVRcXpjdmRMVEFrb25na25XSFZpWGRxTWp3SUtqU1poalIvR0xMWCt3WFVKeXJxNVlzR0FaZmRjenJxemFwK24KdkxuM3VUN2VKQ0VhL0RPVW1CdjhzOVB0MzN5NzBpd2Fac3pZYVFJREFRQUJBb0lCQUQ0QkY0RS9MRTBuOXNYQQpkbTllb0ozMkxoSnFQL0dvd1ZvVE9LT2pHUTNhQXl4WCtqYk1UeFpVS1NiV05ucHlmZzRVbTd4c2MvelZ4Z2FNCjVtMWhUekVqRkY0dlM0MDJXaGVRcjN0SUVXRjk0VHFXQlIydHJPM1lZYnhWdUQzQkc1TkMrYkQ4dmNPV3dQa2IKaXZGZm03ajBLRXR5T0d2UER3dVQ3anpsQzdTWFIzZm0xRHlXYjAxY2g3ZXpLQXI0eXJ3NTdPekpEdlEybzZEKwpHb2paS1J0WmNBU1NicjBDMWoxcU5POGlLQkQyT05JL1N1Si9kaDZlcldIUGZuWGVEMG9ielNtai9qRnQwcWpoCjJhV2R4UlFnWFBPdXFGOUloYWl3ZW14ZHBVaDdqNEduYTBPRGdmdWUyTTlkdFlDKzIzbHhOenJXWkd1NHpnWisKVHZhSzZ0RUNnWUVBN1lDREdhdU03YWhONXUyNi9Od1ZSb3FNS2Z6M2pvUTBlQkRQYmMwSjJVWllaVDFnbm1xaQpFTnh5YmVzNWVnK002bzVlNlJyVkhjaFpqWEVPS1dSTFMwRlNTdG0zM2NKREwvYWxwMUpydDB3bFJKMkZZcWxsCmFMaUNwY3dwOHhUWERjNXRUdVBSV2Fjb3QxaTl6SFBJU3YrVVMxTFFqWndodGhUZEdLTjBHcVVDZ1lFQTFYRjAKbDM5OW9SakRXNWdMaFBkWHZtNk8vNitNNzhzcEVKa1N4c0NLQkpwd3lFQU9wWDFFREc0cHRZWDFJQmU1RzRUeApoWHJqWVFWV1RCQ0ppN1BLY2ZBempqWGo0cmN3UURBdEkyQWZpL2N3aE12dUFXWjFiVEZaTE1BekhTQzhQUXF6CmpVc0xwMU5WUWVBSEVXeXV2K3J1ZENuUTM3Z1JyMVZ2K1FIcEQzVUNnWUVBcXMydGV4eWc4Wm9Fekh0VDZ0M3MKZnhyTXlyV2U0K080U0ZEdW5LekUxSGwrd1BCdk4vN0FKeGdqUTJIVHFERGV5eUV3cUx3ZllKZmhyNU1LK0VHawoxSzVabkhNUGhIQmRHWFZzbFBUMWVwRk1qQmd0QVZPS0Z0SDdRM21kQWJDUEtPSzRRZkFkY3ppQVU3dUNaRE13CmJKOTU2dUhZRXIraWp1eGFSWW5ueWZFQ2dZQUZJU2ZqS0M0MXUrbWQvdVp2K0ozRU50WDY4UlliQVMvb2RUVk4KVDMxQnBSQ0d6M3RLb05zTXpXejFMdFg0UW5teFhwMkxUcXUrUGltWHhHSDUySVZKL2JMUGZSNFA2Y1VnRmNoUAo3RlIxd2FnSjJQak1VZEVLb2IvNTRsaVlINXhHZjBaWFkvRlF3U0R3WjFqa0kwK0R6enFSMGh0eDlQTi8yamJKCnJqRVNyUUtCZ1FDZnpJRk5UNmdiMnlJWU9LR2FPcFBwUUFtVE5MbUh6V0x4ZFRmc2ZGTUlqZStGall2QjJyL0QKOEdhQXFpOFdYNW9ML1BpUHpUMEUxbHhWUlB4LzBya2taOVRWZkdaL2ZOTXhaWEZBZlNibnhkME04MTN0cU1GdQo3RHZ2bzBhc29WSFU4b2NGSDVtTFFvNWQ0Snk2SHVZd0xQSG5abStHOEtqZjVZcE9TS3pXSHc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= -kind: Secret -metadata: - name: ca-pair-sslcerts -type: kubernetes.io/tls diff --git a/kustomize/base/secrets/confluent-license.yaml b/kustomize/base/secrets/confluent-license.yaml deleted file mode 100644 index 42d6e30..0000000 --- a/kustomize/base/secrets/confluent-license.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - license.txt: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5LmV5SmhkV1FpT2lKdmNHVnlZWFJ2Y2kxMGNtbGhiQ0lzSW1WNGNDSTZNVFl5TkRRME16VXpOU3dpYVdGMElqb3hOakl4T0RVeE5UTTFMQ0pwYzNNaU9pSkRiMjVtYkhWbGJuUWlMQ0p6ZFdJaU9pSmpiMjUwY205c0xXTmxiblJsY2lKOS5rak1nXzBKb0E5eGpubUNRcWd5VkFEb0ZoeVk2NklKUWZlM2ttT0wxclgydElmck1XY0dBek95aXVXYXlWVjJDa0IwTTdPTFlLdVdyVXR2N0R1OUc2WDJnR0Ntd0hVRTdjeW4wd0lxZm9ObllqTnBGVklNakZ6NlBUTDJobGRZTEJSMW93aXNHQjgyRC1lNU54d083NkRudm1zd2w1MEhXN25yYWRZdjJxOXk1czVBTEFZcE1Vb3RGY2lRd3puVGNabEdvd2Y4SThQZ045SVRfSnlqUHpPMkpwRGJjMG1ocmpaU05kcG15U3IzcFRlbjZXaGxlQUU0Q3VJd0FTQmFhdXJrckZUa1NlMU1EVlJRZnhLVDBqV0ZJdjFBX2p5LVpKR0lyRFZDejNkX3hRNjlIMV9kbWgzRktrVXdEbE5rdkVhNndqaXA5VDVRaEdTbnJNeUgtSHc= - publicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF2YUd5OFRPZGJDTXlTTTd6cVpzeApuNjJ5dUUrQmhJUGxjOXo5Y3RyWCt0QldOQ0NKZVBaYktIVFpTOXVLTGVLVWk5dTA3dHMvMzVYUm5FNEFURDZxCmx3am5Tb0pPa2VJWGNZaUorWEdFeE4xb1JFOFJsNW90dmRtSkVzYjlZNkpzZmUybFJDQ3NaTng2azFzMU5tUUYKUjR3blJpS3lsSWlZSjl1V1VHZkgxOEpLWnFNOHo5UXFrWi8relFrekhOWXNYbi9ZeVJ1RElRWGVVU2VjaHI5MwpKanQ3OUFpa3NraWNvVDA0bHF6L0dhSHoyV0pFeXV2TExFMWpOQk9Db21LbDA1UWIreXZKbUdudC83SFg2SFQ3CjNobkNYYnNsd3R6cDBDbWVHT2lKUmJKeGJhaGtURnFoMW9LcVpYVURDWnJLQ05OUnZYcU4vUUhxbmF3bzZrSnkKOHdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t -kind: Secret -metadata: - name: confluent-operator-licensing diff --git a/kustomize/base/secrets/connect-mds-client.yaml b/kustomize/base/secrets/connect-mds-client.yaml deleted file mode 100644 index 19f5229..0000000 --- a/kustomize/base/secrets/connect-mds-client.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9Y29ubmVjdApwYXNzd29yZD1jb25uZWN0LXNlY3JldAo= -kind: Secret -metadata: - name: connect-mds-client diff --git a/kustomize/base/secrets/credential.yaml b/kustomize/base/secrets/credential.yaml deleted file mode 100644 index 053a4d6..0000000 --- a/kustomize/base/secrets/credential.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -data: - basic.txt: YzM6IGMzLXNlY3JldCxBZG1pbmlzdHJhdG9ycwphZG1pbjogRGV2ZWxvcGVyMSxBZG1pbmlzdHJhdG9ycwphZG1pbjE6IERldmVsb3BlcjEsQWRtaW5pc3RyYXRvcnMK - digest-users.json: ewogICJrYWZrYSI6ICJrYWZrYS1zZWNyZXQiCn0K - digest.txt: dXNlcm5hbWU9ImthZmthIgpwYXNzd29yZD0ia2Fma2Etc2VjcmV0Ig== - ldap.txt: dXNlcm5hbWU9Y249bWRzLGRjPXRlc3QsZGM9Y29tCnBhc3N3b3JkPURldmVsb3BlciEK - mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t - mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== - plain-users.json: ewogICJrYWZrYV9jbGllbnQiOiAia2Fma2FfY2xpZW50LXNlY3JldCIsCiAgImMzIjogImMzLXNlY3JldCIsCiAgImthZmthIjogImthZmthLXNlY3JldCIKfQ== - plain.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: credential diff --git a/kustomize/base/secrets/ksqldb-mds-client.yaml b/kustomize/base/secrets/ksqldb-mds-client.yaml deleted file mode 100644 index 6a053fc..0000000 --- a/kustomize/base/secrets/ksqldb-mds-client.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9a3NxbApwYXNzd29yZD1rc3FsLXNlY3JldAo= -kind: Secret -metadata: - creationTimestamp: null - name: ksqldb-mds-client diff --git a/kustomize/base/secrets/kustomization.yaml b/kustomize/base/secrets/kustomization.yaml deleted file mode 100644 index 5f21d00..0000000 --- a/kustomize/base/secrets/kustomization.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ca-pair.yaml - - c3-mds-client.yaml - - confluent-license.yaml - - connect-mds-client.yaml - - credential.yaml - - ksqldb-mds-client.yaml - - mds-client.yaml - - mds-token.yaml - - rest-credential.yaml - - sr-mds-client.yaml \ No newline at end of file diff --git a/kustomize/base/secrets/mds-client.yaml b/kustomize/base/secrets/mds-client.yaml deleted file mode 100644 index 24de26d..0000000 --- a/kustomize/base/secrets/mds-client.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: mds-client diff --git a/kustomize/base/secrets/mds-token.yaml b/kustomize/base/secrets/mds-token.yaml deleted file mode 100644 index ae87e43..0000000 --- a/kustomize/base/secrets/mds-token.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -data: - mdsPublicKey.pem: LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF3TXlqblA0cWZkVEtoQ1M1c1BiVgpxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxM0VMT1Eyc3pXbjU3V3p1NzgyYnlFdFlGbEYzVG9WVzNjbDRkCk9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIvMkw0YnVidVFSR05lL0tyTE1FMGl2cjl1NElFYmJSUytsdHUKNkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONEJaaWpBZUtaY0RUano2YkhqSjZFUTNZTmdxeW44NDZyZVFrOQpUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54NkpHc2lVWjVQMzZXR2MzOFpJQi9tNDVvOGN2NGlmVVZQVUIwCklRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcydnFEV3lxWE9ZN2NTb0k3QWlrRmR3QVRXNFJ2N2V1RUpVeXoKTndJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t - mdsTokenKeyPair.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBd015am5QNHFmZFRLaENTNXNQYlZxaVhWeVExNXdyZVZBc0VxRXNuTUZ0Mkp0TUwxCjNFTE9RMnN6V241N1d6dTc4MmJ5RXRZRmxGM1RvVlczY2w0ZE9KUnphU0VRNnhlMTBSL2k3VG5lSXRFUWZwSnIKLzJMNGJ1YnVRUkdOZS9LckxNRTBpdnI5dTRJRWJiUlMrbHR1NkE5Z2d6R2NhRFN4Vi9leUtNTlBhZEhRL0FONApCWmlqQWVLWmNEVGp6NmJIako2RVEzWU5ncXluODQ2cmVRazlUb0habDhiR0hPaHo1Qzd5b0lmc3haZ1lIbG54CjZKR3NpVVo1UDM2V0djMzhaSUIvbTQ1bzhjdjRpZlVWUFVCMElRUTlBaFlJNVp1TXJ4RHNSUERYMkdHNkU1YlcKMnZxRFd5cVhPWTdjU29JN0Fpa0Zkd0FUVzRSdjdldUVKVXl6TndJREFRQUJBb0lCQVFDS3pJaFpoSTE0cTFIawprai93eTdNRTNGb3RkUHNjbUdlNVpQRHlONzhyRXZDSlp2WHpUVkVMTGtqNU5DZUFoZCtJbXF0WnJpUzBMRndvClFQcGhacW5veXM3UGQ1T2pmQjFUNFgzUVJTSEx0UEVIL2tlcncwZVJKOFdNcUtOUUFXTUVSRStjWXBkNmYxN0sKejlBUkZ2UWdNcm5MbVZLOW5ubXlGOHQyRnkyN3dxVVZCbVlYWC9tK25lLysyUzRQTzhac1BkM3dZMlk5UjhMVgp1ZmJIQytIMkV4QThuRTR6dGVmZzl6UHluMXdNaS9HTVVnMVdpQ1QzQjJ1M0Nac1dhWkp6Vkl0VDZ0N3FuQVpKClh6a2dOcElIbjltV3V3aDhreGdNZDZzeERSQU9ENWlQZDZhOWkwb0xTYVMzLzBMRGV6VUxDMFZoVFB5M0cyb1IKQTBBSmVPblJBb0dCQVBWMXV6MXBQSkF0ZW1yOHdMaUtoUU9lOGpBc3h0blN6VjhGcWQxMXFKWWduaWh3YWkrWQprNDRoT0ovMDIvNnd5cTQ5RmhNR21reUZXdjVkVURFUkdWN01jWFA2YkVmWTVjMVArUGRSVUFtNUg1bmVmMzd6Ck5SOWY3b2lmVjNqKzQ5dXkyVmZVUUNyL2grVCt5d3pBb2MwaVp5WUdhSTF3aktYUXIzKzFvNTV2QW9HQkFNa1UKQnEySWFJRHdvbUJnUUNLUWpDeS9BTmpRMzJ5TUFHSGYvbUUzMlJURnB1NVNaRUxlOXlyR1FyM3hIRnRROWFRTApWdjVQMDl3WmZiNElPZHAvM3d3SE1xRmpOak5kRzhzdzdSeU5TK3dmUUd1OHYxR2ZZc3N1QnVYaTl2MFhHWEZICldlbk5RRVVQYmliUmJvY0o5Mk9KVEpLNFAvczV2djEzMkhEUi9wdTVBb0dCQUorWThTbTQ1endIbGZWQ2FqeVQKTkhGcVE2YTNOb1FpNEkzTUxPcGx1andDOFZMeDVOa1ZwN3RlTm1jcTJtLzdtNDAzQXNkVUg3ZHBiZ1M5djRwbgp4OHN2dXdUaDZzMjhaWTdkVk0vWit1U1hqY2lLTnZQZ1JzWWpwZ0VIT2VUZU5tRi9KSHBLODM0QnIrWmhGTDB4Cjh3SmlRQmNsUzQzTGhHZThES0JKQmgzWkFvR0FONWJIdWRYS1BrdElPS2lqVW1ydnRiY2dQdENQMCt4b2RxWjgKSnRoUHRVUm5QOStiUkRscnozRjhKaEt3S2phWmtqNW9VR28xUWRYeVEwVDI2WWNNWE1Eb3FHRkxMS3dDOFF1WApvWnNXY0RLN2xvMVp2dkQzV1FCaWU4OWhSTnJMOTlzbjZsRUtBWTJnZ0M3S0JaOGx1MmpMdUl3amRBcWsyR0gzCmZra3Z3RkVDZ1lBeVhqNXo2Q09QSURKMUUxVkxySml3MVlCWGFhN1pMazVFcHczUXZDTTdoVEtTRmJ1U053c3AKRXVMbU03Zzh3TVBaQWJ6cy9SUU9hZjlJaEUveDUzZE8ySW1rNVBBUmFvRXNTRmpORDRkcFZIYUtlbTJjQm9tdAp4NXEwU3FVVnE2eHY0MjIxM2dsQlFNREo0cVFYVHJzRUJkcE55bnY3b1ZlWFh3Y2FPVFVhQnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ== -kind: Secret -metadata: - creationTimestamp: null - name: mds-token diff --git a/kustomize/base/secrets/rest-credential.yaml b/kustomize/base/secrets/rest-credential.yaml deleted file mode 100644 index f7901ac..0000000 --- a/kustomize/base/secrets/rest-credential.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -data: - basic.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== - bearer.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== - plain.txt: dXNlcm5hbWU9a2Fma2EKcGFzc3dvcmQ9a2Fma2Etc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: rest-credential diff --git a/kustomize/base/secrets/sr-mds-client.yaml b/kustomize/base/secrets/sr-mds-client.yaml deleted file mode 100644 index fb57182..0000000 --- a/kustomize/base/secrets/sr-mds-client.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -data: - bearer.txt: dXNlcm5hbWU9c3IKcGFzc3dvcmQ9c3Itc2VjcmV0Cg== -kind: Secret -metadata: - creationTimestamp: null - name: sr-mds-client diff --git a/kustomize/base/topics/example-topic.yaml b/kustomize/base/topics/example-topic.yaml deleted file mode 100644 index 6e62221..0000000 --- a/kustomize/base/topics/example-topic.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: KafkaTopic -metadata: - name: foobar -spec: - replicas: 1 - partitionCount: 6 diff --git a/kustomize/base/topics/kustomization.yaml b/kustomize/base/topics/kustomization.yaml deleted file mode 100644 index dc31c2e..0000000 --- a/kustomize/base/topics/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - example-topic.yaml diff --git a/kustomize/environments/dev/control-centre.yaml b/kustomize/environments/dev/control-centre.yaml deleted file mode 100644 index 0fbd39b..0000000 --- a/kustomize/environments/dev/control-centre.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ControlCenter -metadata: - name: controlcenter -spec: - dependencies: - kafka: - bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 - mds: - endpoint: https://kafka.dev.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/dev/kafka-connect.yaml b/kustomize/environments/dev/kafka-connect.yaml deleted file mode 100644 index ed69f20..0000000 --- a/kustomize/environments/dev/kafka-connect.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Connect -metadata: - name: connect -spec: - dependencies: - kafka: - bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 - mds: - endpoint: https://kafka.dev.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/dev/kafka.yaml b/kustomize/environments/dev/kafka.yaml deleted file mode 100644 index 5179afb..0000000 --- a/kustomize/environments/dev/kafka.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Kafka -metadata: - name: kafka -spec: - dependencies: - zookeeper: - endpoint: zookeeper.dev.svc.cluster.local:2182 - metricReporter: - bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 diff --git a/kustomize/environments/dev/ksqldb.yaml b/kustomize/environments/dev/ksqldb.yaml deleted file mode 100644 index 87ed05d..0000000 --- a/kustomize/environments/dev/ksqldb.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: KsqlDB -metadata: - name: ksqldb -spec: - dependencies: - kafka: - bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 - mds: - endpoint: https://kafka.dev.svc.cluster.local:8090 diff --git a/kustomize/environments/dev/kustomization.yaml b/kustomize/environments/dev/kustomization.yaml deleted file mode 100644 index 370dc91..0000000 --- a/kustomize/environments/dev/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -namespace: dev -resources: -- ../../base -patchesStrategicMerge: - - control-centre.yaml - - kafka.yaml - - kafka-connect.yaml - - ksqldb.yaml - - schema-registry.yaml \ No newline at end of file diff --git a/kustomize/environments/dev/schema-registry.yaml b/kustomize/environments/dev/schema-registry.yaml deleted file mode 100644 index 38942b2..0000000 --- a/kustomize/environments/dev/schema-registry.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: SchemaRegistry -metadata: - name: registry -spec: - dependencies: - kafka: - bootstrapEndpoint: kafka.dev.svc.cluster.local:9071 - mds: - endpoint: https://kafka.dev.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/kustomization.yaml b/kustomize/environments/kustomization.yaml index f847377..481ee6d 100644 --- a/kustomize/environments/kustomization.yaml +++ b/kustomize/environments/kustomization.yaml @@ -1,3 +1,2 @@ resources: -- dev -- production +- sandbox diff --git a/kustomize/environments/production/control-centre.yaml b/kustomize/environments/production/control-centre.yaml deleted file mode 100644 index 9a3a67e..0000000 --- a/kustomize/environments/production/control-centre.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: ControlCenter -metadata: - name: controlcenter -spec: - tls: - secretRef: tls-group1 - dependencies: - kafka: - bootstrapEndpoint: kafka.production.svc.cluster.local:9071 - mds: - endpoint: https://kafka.production.svc.cluster.local:8090 - connect: - - name: connect - url: https://connect.production.svc.cluster.local:8083 - ksqldb: - - name: ksqldb - url: https://ksqldb.production.svc.cluster.local:8088 - schemaRegistry: - url: https://registry.production.svc.cluster.local:8081 diff --git a/kustomize/environments/production/example-topic.yaml b/kustomize/environments/production/example-topic.yaml deleted file mode 100644 index e7460c7..0000000 --- a/kustomize/environments/production/example-topic.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: platform.confluent.io/v1beta1 -kind: KafkaTopic -metadata: - name: foobar -spec: - kafkaClusterRef: - name: kafka - namespace: production - kafkaRest: - authentication: - type: bearer - bearer: - secretRef: mds-client - endpoint: https://kafka.production.svc.cluster.local:8090 diff --git a/kustomize/environments/production/kafka-connect.yaml b/kustomize/environments/production/kafka-connect.yaml deleted file mode 100644 index 40bc5ac..0000000 --- a/kustomize/environments/production/kafka-connect.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Connect -metadata: - name: connect -spec: - tls: - secretRef: tls-group1 - dependencies: - kafka: - bootstrapEndpoint: kafka.production.svc.cluster.local:9071 - mds: - endpoint: https://kafka.production.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/production/kafka.yaml b/kustomize/environments/production/kafka.yaml deleted file mode 100644 index 94684b0..0000000 --- a/kustomize/environments/production/kafka.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: Kafka -metadata: - name: kafka -spec: - tls: - secretRef: tls-group1 - dependencies: - zookeeper: - endpoint: zookeeper.production.svc.cluster.local:2182 - metricReporter: - bootstrapEndpoint: kafka.production.svc.cluster.local:9071 diff --git a/kustomize/environments/production/ksqldb.yaml b/kustomize/environments/production/ksqldb.yaml deleted file mode 100644 index d80f4cb..0000000 --- a/kustomize/environments/production/ksqldb.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: KsqlDB -metadata: - name: ksqldb -spec: - tls: - secretRef: tls-group1 - dependencies: - kafka: - bootstrapEndpoint: kafka.production.svc.cluster.local:9071 - mds: - endpoint: https://kafka.production.svc.cluster.local:8090 diff --git a/kustomize/environments/production/schema-registry.yaml b/kustomize/environments/production/schema-registry.yaml deleted file mode 100644 index afea6b4..0000000 --- a/kustomize/environments/production/schema-registry.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: platform.confluent.io/v1beta1 -kind: SchemaRegistry -metadata: - name: registry -spec: - tls: - secretRef: tls-group1 - configOverrides: - server: - - confluent.schema.registry.anonymous.principal=true - - authentication.skip.paths=/* - dependencies: - kafka: - bootstrapEndpoint: kafka.production.svc.cluster.local:9071 - mds: - endpoint: https://kafka.production.svc.cluster.local:8090 \ No newline at end of file diff --git a/kustomize/environments/sandbox/control-centre.yaml b/kustomize/environments/sandbox/control-centre.yaml new file mode 100644 index 0000000..4187286 --- /dev/null +++ b/kustomize/environments/sandbox/control-centre.yaml @@ -0,0 +1,27 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: ControlCenter +metadata: + name: controlcenter +spec: + tls: + autoGeneratedCerts: true + dependencies: + kafka: + bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 + tls: + enabled: true + connect: + - name: connect + url: https://connect.sandbox.svc.cluster.local:8083 + tls: + enabled: true + ksqldb: + - name: ksqldb + url: https://ksqldb.sandbox.svc.cluster.local:8088 + tls: + enabled: true + schemaRegistry: + url: https://schemaregistry.sandbox.svc.cluster.local:8081 + tls: + enabled: true diff --git a/kustomize/environments/sandbox/kafka-connect.yaml b/kustomize/environments/sandbox/kafka-connect.yaml new file mode 100644 index 0000000..5c32954 --- /dev/null +++ b/kustomize/environments/sandbox/kafka-connect.yaml @@ -0,0 +1,12 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Connect +metadata: + name: connect +spec: + tls: + autoGeneratedCerts: true + dependencies: + kafka: + bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 + tls: + enabled: true diff --git a/kustomize/environments/sandbox/kafka.yaml b/kustomize/environments/sandbox/kafka.yaml new file mode 100644 index 0000000..ed1c269 --- /dev/null +++ b/kustomize/environments/sandbox/kafka.yaml @@ -0,0 +1,23 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Kafka +metadata: + name: kafka +spec: +# replicas: 4 + configOverrides: + server: + - confluent.schema.registry.url=https://schemaregistry.sandbox.svc.cluster.local:8081 + tls: + autoGeneratedCerts: true + listeners: + internal: + tls: + enabled: true + external: + tls: + enabled: true + dependencies: + zookeeper: + endpoint: zookeeper.sandbox.svc.cluster.local:2182 + tls: + enabled: true diff --git a/kustomize/environments/sandbox/ksqldb.yaml b/kustomize/environments/sandbox/ksqldb.yaml new file mode 100644 index 0000000..940dca4 --- /dev/null +++ b/kustomize/environments/sandbox/ksqldb.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: platform.confluent.io/v1beta1 +kind: KsqlDB +metadata: + name: ksqldb +spec: + tls: + autoGeneratedCerts: true + dependencies: + kafka: + bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 + tls: + enabled: true diff --git a/kustomize/environments/production/kustomization.yaml b/kustomize/environments/sandbox/kustomization.yaml similarity index 76% rename from kustomize/environments/production/kustomization.yaml rename to kustomize/environments/sandbox/kustomization.yaml index c91af77..051ba2a 100644 --- a/kustomize/environments/production/kustomization.yaml +++ b/kustomize/environments/sandbox/kustomization.yaml @@ -1,4 +1,4 @@ -namespace: production +namespace: sandbox resources: - ../../base patchesStrategicMerge: @@ -7,4 +7,4 @@ patchesStrategicMerge: - kafka-connect.yaml - ksqldb.yaml - schema-registry.yaml - - example-topic.yaml + - zookeeper.yaml \ No newline at end of file diff --git a/kustomize/environments/sandbox/schema-registry.yaml b/kustomize/environments/sandbox/schema-registry.yaml new file mode 100644 index 0000000..f98f5b6 --- /dev/null +++ b/kustomize/environments/sandbox/schema-registry.yaml @@ -0,0 +1,12 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: SchemaRegistry +metadata: + name: schemaregistry +spec: + tls: + autoGeneratedCerts: true + dependencies: + kafka: + bootstrapEndpoint: kafka.sandbox.svc.cluster.local:9071 + tls: + enabled: true diff --git a/kustomize/environments/sandbox/zookeeper.yaml b/kustomize/environments/sandbox/zookeeper.yaml new file mode 100644 index 0000000..fbf0fb4 --- /dev/null +++ b/kustomize/environments/sandbox/zookeeper.yaml @@ -0,0 +1,7 @@ +apiVersion: platform.confluent.io/v1beta1 +kind: Zookeeper +metadata: + name: zookeeper +spec: + tls: + autoGeneratedCerts: true \ No newline at end of file diff --git a/kustomize/infrastructure/confluent-operator-credentials.yaml b/kustomize/infrastructure/confluent-operator-credentials.yaml deleted file mode 100644 index c366c6e..0000000 --- a/kustomize/infrastructure/confluent-operator-credentials.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta1 -kind: HelmRepository -metadata: - name: confluent-private - namespace: flux-system -spec: - url: https://packages.confluent.io/helm - interval: 1m diff --git a/kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml b/kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml deleted file mode 100644 index 6d2989f..0000000 --- a/kustomize/infrastructure/confluent-operator-helm-release-confluent.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: confluent - namespace: confluent -spec: - interval: 1m - chart: - spec: - chart: confluent-for-kubernetes - sourceRef: - kind: HelmRepository - name: confluent-private - namespace: flux-system - values: - image: - registry: docker.io - rbac: true - name: confluent-operator-global \ No newline at end of file diff --git a/kustomize/infrastructure/confluent-operator-helm-release-dev.yaml b/kustomize/infrastructure/confluent-operator-helm-release-dev.yaml deleted file mode 100644 index de8b74f..0000000 --- a/kustomize/infrastructure/confluent-operator-helm-release-dev.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: confluent - namespace: dev -spec: - interval: 1m - chart: - spec: - chart: confluent-for-kubernetes - sourceRef: - kind: HelmRepository - name: confluent-private - namespace: flux-system - values: - image: - registry: docker.io \ No newline at end of file diff --git a/kustomize/infrastructure/kustomization.yaml b/kustomize/infrastructure/kustomization.yaml deleted file mode 100644 index ffd02fd..0000000 --- a/kustomize/infrastructure/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - namespaces.yaml - - proxy.yaml - - ldap.yaml -# - confluent-operator-credentials.yaml -# - confluent-operator-helm-release-dev.yaml -# - confluent-operator-helm-release-production.yaml -# - confluent-operator-helm-release-confluent.yaml \ No newline at end of file diff --git a/kustomize/infrastructure/ldap.yaml b/kustomize/infrastructure/ldap.yaml deleted file mode 100644 index b9b9485..0000000 --- a/kustomize/infrastructure/ldap.yaml +++ /dev/null @@ -1,149 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: ldap - namespace: tools - labels: - role: ldap - app: ldap -spec: - containers: - - name: ldap - args: - - --copy-service - - --loglevel=debug - image: osixia/openldap:1.4.0 - ports: - - name: ldap - containerPort: 389 - - name: ldaps - containerPort: 636 - livenessProbe: - tcpSocket: - port: 389 - initialDelaySeconds: 15 - periodSeconds: 20 - env: - - name: LDAP_ORGANISATION - value: "Test Inc" - - name: LDAP_DOMAIN - value: "test.com" - - name: LDAP_BASE_DN - value: "dc=test,dc=com" - - name: LDAP_ADMIN_PASSWORD - value: "confluentrox" - - name: LDAP_CONFIG_PASSWORD - value: "confluentconfigrox" - - name: KEEP_EXISTING_CONFIG - value: "False" - - name: LDAP_REMOVE_CONFIG_AFTER_SETUP - value: "True" - - name: LDAP_READONLY_USER - value: "True" - - name: LDAP_READONLY_USER_USERNAME - value: "mds" - - name: LDAP_READONLY_USER_PASSWORD - value: "Developer!" - - name: LDAP_TLS - value: "False" - volumeMounts: - - mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom - name: customldif - - mountPath: /var/lib/ldap - name: ldap-data - - mountPath: /etc/ldap/slapd.d - name: ldap-config - volumes: - - name: customldif - configMap: - defaultMode: 420 - name: ldap-ldifs - - name: ldap-data - emptyDir: {} - - name: ldap-config - emptyDir: {} - - restartPolicy: Always ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: ldap-ldifs - namespace: tools -data: - kafka.ldif: |- - dn: cn=kafka,dc=test,dc=com - userPassword: kafka-secret - description: kafka user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: kafka - erp.ldif: |- - dn: cn=erp,dc=test,dc=com - userPassword: erp-secret - description: erp user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: erp - sr.ldif: |- - dn: cn=sr,dc=test,dc=com - userPassword: sr-secret - description: schema registry user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: sr - c3.ldif: |- - dn: cn=c3,dc=test,dc=com - userPassword: c3-secret - description: control center user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: c3 - ksql.ldif: |- - dn: cn=ksql,dc=test,dc=com - userPassword: ksql-secret - description: ksql user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: ksql - connect.ldif: |- - dn: cn=connect,dc=test,dc=com - userPassword: connect-secret - description: connect user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: connect - replicator.ldif: |- - dn: cn=replicator,dc=test,dc=com - userPassword: replicator-secret - description: replicator user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: replicator - c3-test.ldif: |- - dn: cn=testadmin,dc=test,dc=com - userPassword: testadmin - description: testadmin user - objectClass: simpleSecurityObject - objectClass: organizationalRole - cn: testadmin ---- -apiVersion: v1 -kind: Service -metadata: - name: ldap - labels: - app: ldap - namespace: tools -spec: - ports: - - port: 389 - name: ldap - - port: 636 - name: ldaps - clusterIP: None - selector: - app: ldap - - - diff --git a/kustomize/infrastructure/namespaces.yaml b/kustomize/infrastructure/namespaces.yaml deleted file mode 100644 index b2edc54..0000000 --- a/kustomize/infrastructure/namespaces.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: tools ---- -apiVersion: v1 -kind: Namespace -metadata: - name: dev ---- -apiVersion: v1 -kind: Namespace -metadata: - name: staging ---- -apiVersion: v1 -kind: Namespace -metadata: - name: production ---- -apiVersion: v1 -kind: Namespace -metadata: - name: confluent \ No newline at end of file diff --git a/kustomize/infrastructure/proxy.yaml b/kustomize/infrastructure/proxy.yaml deleted file mode 100644 index 5f39f80..0000000 --- a/kustomize/infrastructure/proxy.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: proxy - namespace: tools - labels: - role: proxy -spec: - containers: - - name: proxy - image: serjs/go-socks5-proxy - ports: - - name: web - containerPort: 9100 - protocol: TCP - env: - - name: PROXY_PORT - value: "9100" \ No newline at end of file diff --git a/kustomize/infrastructure/confluent-operator-helm-release-production.yaml b/kustomize/operator/confluent-operator-helm-release-confluent.yaml similarity index 57% rename from kustomize/infrastructure/confluent-operator-helm-release-production.yaml rename to kustomize/operator/confluent-operator-helm-release-confluent.yaml index 3f16b0c..b4216b9 100644 --- a/kustomize/infrastructure/confluent-operator-helm-release-production.yaml +++ b/kustomize/operator/confluent-operator-helm-release-confluent.yaml @@ -1,21 +1,27 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: confluentinc + namespace: flux-system +spec: + url: https://packages.confluent.io/helm + interval: 1m +--- apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease metadata: name: confluent - namespace: production + namespace: sandbox spec: interval: 1m chart: spec: chart: confluent-for-kubernetes sourceRef: + name: confluentinc kind: HelmRepository - name: confluent-private namespace: flux-system values: image: registry: docker.io name: confluent-operator-global - rbac: true - namespaced: true - namespaceList: ["dev", "production", "confluent"] diff --git a/kustomize/base/operator/kustomization.yaml b/kustomize/operator/kustomization.yaml similarity index 51% rename from kustomize/base/operator/kustomization.yaml rename to kustomize/operator/kustomization.yaml index ffceabe..2b7b859 100644 --- a/kustomize/base/operator/kustomization.yaml +++ b/kustomize/operator/kustomization.yaml @@ -1,5 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - crds - - resources \ No newline at end of file + - confluent-operator-helm-release-confluent.yaml + - namespaces.yaml \ No newline at end of file diff --git a/kustomize/operator/namespaces.yaml b/kustomize/operator/namespaces.yaml new file mode 100644 index 0000000..723893d --- /dev/null +++ b/kustomize/operator/namespaces.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: sandbox +--- +apiVersion: v1 +kind: Namespace +metadata: + name: confluent \ No newline at end of file diff --git a/resources/application-secrets/README.md b/resources/application-secrets/README.md deleted file mode 100644 index a5a8d30..0000000 --- a/resources/application-secrets/README.md +++ /dev/null @@ -1,2 +0,0 @@ -### Application Secrets -The script populate_secrets.sh \ No newline at end of file diff --git a/resources/application-secrets/certs/mds-publickey.txt b/resources/application-secrets/certs/mds-publickey.txt deleted file mode 100644 index fadcb74..0000000 --- a/resources/application-secrets/certs/mds-publickey.txt +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMyjnP4qfdTKhCS5sPbV -qiXVyQ15wreVAsEqEsnMFt2JtML13ELOQ2szWn57Wzu782byEtYFlF3ToVW3cl4d -OJRzaSEQ6xe10R/i7TneItEQfpJr/2L4bubuQRGNe/KrLME0ivr9u4IEbbRS+ltu -6A9ggzGcaDSxV/eyKMNPadHQ/AN4BZijAeKZcDTjz6bHjJ6EQ3YNgqyn846reQk9 -ToHZl8bGHOhz5C7yoIfsxZgYHlnx6JGsiUZ5P36WGc38ZIB/m45o8cv4ifUVPUB0 -IQQ9AhYI5ZuMrxDsRPDX2GG6E5bW2vqDWyqXOY7cSoI7AikFdwATW4Rv7euEJUyz -NwIDAQAB ------END PUBLIC KEY----- \ No newline at end of file diff --git a/resources/application-secrets/certs/mds-tokenkeypair.txt b/resources/application-secrets/certs/mds-tokenkeypair.txt deleted file mode 100644 index 5e4c415..0000000 --- a/resources/application-secrets/certs/mds-tokenkeypair.txt +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAwMyjnP4qfdTKhCS5sPbVqiXVyQ15wreVAsEqEsnMFt2JtML1 -3ELOQ2szWn57Wzu782byEtYFlF3ToVW3cl4dOJRzaSEQ6xe10R/i7TneItEQfpJr -/2L4bubuQRGNe/KrLME0ivr9u4IEbbRS+ltu6A9ggzGcaDSxV/eyKMNPadHQ/AN4 -BZijAeKZcDTjz6bHjJ6EQ3YNgqyn846reQk9ToHZl8bGHOhz5C7yoIfsxZgYHlnx -6JGsiUZ5P36WGc38ZIB/m45o8cv4ifUVPUB0IQQ9AhYI5ZuMrxDsRPDX2GG6E5bW -2vqDWyqXOY7cSoI7AikFdwATW4Rv7euEJUyzNwIDAQABAoIBAQCKzIhZhI14q1Hk -kj/wy7ME3FotdPscmGe5ZPDyN78rEvCJZvXzTVELLkj5NCeAhd+ImqtZriS0LFwo -QPphZqnoys7Pd5OjfB1T4X3QRSHLtPEH/kerw0eRJ8WMqKNQAWMERE+cYpd6f17K -z9ARFvQgMrnLmVK9nnmyF8t2Fy27wqUVBmYXX/m+ne/+2S4PO8ZsPd3wY2Y9R8LV -ufbHC+H2ExA8nE4ztefg9zPyn1wMi/GMUg1WiCT3B2u3CZsWaZJzVItT6t7qnAZJ -XzkgNpIHn9mWuwh8kxgMd6sxDRAOD5iPd6a9i0oLSaS3/0LDezULC0VhTPy3G2oR -A0AJeOnRAoGBAPV1uz1pPJAtemr8wLiKhQOe8jAsxtnSzV8Fqd11qJYgnihwai+Y -k44hOJ/02/6wyq49FhMGmkyFWv5dUDERGV7McXP6bEfY5c1P+PdRUAm5H5nef37z -NR9f7oifV3j+49uy2VfUQCr/h+T+ywzAoc0iZyYGaI1wjKXQr3+1o55vAoGBAMkU -Bq2IaIDwomBgQCKQjCy/ANjQ32yMAGHf/mE32RTFpu5SZELe9yrGQr3xHFtQ9aQL -Vv5P09wZfb4IOdp/3wwHMqFjNjNdG8sw7RyNS+wfQGu8v1GfYssuBuXi9v0XGXFH -WenNQEUPbibRbocJ92OJTJK4P/s5vv132HDR/pu5AoGBAJ+Y8Sm45zwHlfVCajyT -NHFqQ6a3NoQi4I3MLOplujwC8VLx5NkVp7teNmcq2m/7m403AsdUH7dpbgS9v4pn -x8svuwTh6s28ZY7dVM/Z+uSXjciKNvPgRsYjpgEHOeTeNmF/JHpK834Br+ZhFL0x -8wJiQBclS43LhGe8DKBJBh3ZAoGAN5bHudXKPktIOKijUmrvtbcgPtCP0+xodqZ8 -JthPtURnP9+bRDlrz3F8JhKwKjaZkj5oUGo1QdXyQ0T26YcMXMDoqGFLLKwC8QuX -oZsWcDK7lo1ZvvD3WQBie89hRNrL99sn6lEKAY2ggC7KBZ8lu2jLuIwjdAqk2GH3 -fkkvwFECgYAyXj5z6COPIDJ1E1VLrJiw1YBXaa7ZLk5Epw3QvCM7hTKSFbuSNwsp -EuLmM7g8wMPZAbzs/RQOaf9IhE/x53dO2Imk5PARaoEsSFjND4dpVHaKem2cBomt -x5q0SqUVq6xv42213glBQMDJ4qQXTrsEBdpNynv7oVeXXwcaOTUaBw== ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/resources/application-secrets/licensing/license-key.txt b/resources/application-secrets/licensing/license-key.txt deleted file mode 100644 index 122a234..0000000 --- a/resources/application-secrets/licensing/license-key.txt +++ /dev/null @@ -1 +0,0 @@ -eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJvcGVyYXRvci10cmlhbCIsImV4cCI6MTYyNDQ0MzUzNSwiaWF0IjoxNjIxODUxNTM1LCJpc3MiOiJDb25mbHVlbnQiLCJzdWIiOiJjb250cm9sLWNlbnRlciJ9.kjMg_0JoA9xjnmCQqgyVADoFhyY66IJQfe3kmOL1rX2tIfrMWcGAzOyiuWayVV2CkB0M7OLYKuWrUtv7Du9G6X2gGCmwHUE7cyn0wIqfoNnYjNpFVIMjFz6PTL2hldYLBR1owisGB82D-e5NxwO76Dnvmswl50HW7nradYv2q9y5s5ALAYpMUotFciQwznTcZlGowf8I8PgN9IT_JyjPzO2JpDbc0mhrjZSNdpmySr3pTen6WhleAE4CuIwASBaaurkrFTkSe1MDVRQfxKT0jWFIv1A_jy-ZJGIrDVCz3d_xQ69H1_dmh3FKkUwDlNkvEa6wjip9T5QhGSnrMyH-Hw \ No newline at end of file diff --git a/resources/application-secrets/licensing/license-pem.txt b/resources/application-secrets/licensing/license-pem.txt deleted file mode 100644 index bdd4a81..0000000 --- a/resources/application-secrets/licensing/license-pem.txt +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaGy8TOdbCMySM7zqZsx -n62yuE+BhIPlc9z9ctrX+tBWNCCJePZbKHTZS9uKLeKUi9u07ts/35XRnE4ATD6q -lwjnSoJOkeIXcYiJ+XGExN1oRE8Rl5otvdmJEsb9Y6Jsfe2lRCCsZNx6k1s1NmQF -R4wnRiKylIiYJ9uWUGfH18JKZqM8z9QqkZ/+zQkzHNYsXn/YyRuDIQXeUSechr93 -Jjt79AikskicoT04lqz/GaHz2WJEyuvLLE1jNBOComKl05Qb+yvJmGnt/7HX6HT7 -3hnCXbslwtzp0CmeGOiJRbJxbahkTFqh1oKqZXUDCZrKCNNRvXqN/QHqnawo6kJy -8wIDAQAB ------END PUBLIC KEY----- \ No newline at end of file diff --git a/resources/application-secrets/populate_secrets.sh b/resources/application-secrets/populate_secrets.sh deleted file mode 100755 index 3992946..0000000 --- a/resources/application-secrets/populate_secrets.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -kubectl create secret generic credential \ ---from-file=plain-users.json=./users/creds-kafka-sasl-users.json \ ---from-file=digest-users.json=./users/creds-zookeeper-sasl-digest-users.json \ ---from-file=digest.txt=./users/creds-kafka-zookeeper-credentials.txt \ ---from-file=plain.txt=./users/creds-client-kafka-sasl-user.txt \ ---from-file=basic.txt=./users/creds-control-center-users.txt \ ---from-file=ldap.txt=./users/ldap.txt \ ---from-file=mdsPublicKey.pem=./certs/mds-publickey.txt \ ---from-file=mdsTokenKeyPair.pem=./certs/mds-tokenkeypair.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/credential.yaml - -kubectl create secret generic mds-token \ ---from-file=mdsPublicKey.pem=./certs/mds-publickey.txt \ ---from-file=mdsTokenKeyPair.pem=./certs/mds-tokenkeypair.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/mds-token.yaml - -# Kafka RBAC credential -kubectl create secret generic mds-client \ ---from-file=bearer.txt=./users/bearer.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/mds-client.yaml -# Control Center RBAC credential -kubectl create secret generic c3-mds-client \ ---from-file=bearer.txt=./users/c3-mds-client.txt \ ---from-file=basic.txt=./users/c3-mds-client.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/c3-mds-client.yaml -# Connect RBAC credential -kubectl create secret generic connect-mds-client \ ---from-file=bearer.txt=./users/connect-mds-client.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/connect-mds-client.yaml -# Schema Registry RBAC credential -kubectl create secret generic sr-mds-client \ ---from-file=bearer.txt=./users/sr-mds-client.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/sr-mds-client.yaml -# ksqlDB RBAC credential -kubectl create secret generic ksqldb-mds-client \ ---from-file=bearer.txt=./users/ksqldb-mds-client.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/ksqldb-mds-client.yaml -# Kafka REST credential -kubectl create secret generic rest-credential \ ---from-file=bearer.txt=./users/bearer.txt \ ---from-file=basic.txt=./users/bearer.txt \ ---from-file=plain.txt=./users/bearer.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/rest-credential.yaml - -# Confluent licensing -kubectl create secret generic confluent-operator-licensing \ ---from-file=license.txt=./licensing/license-key.txt \ ---from-file=publicKey.pem=./licensing/license-pem.txt \ ---dry-run=client --output=yaml > ../../kustomize/base/secrets/confluent-license.yaml \ No newline at end of file diff --git a/resources/application-secrets/users/bearer.txt b/resources/application-secrets/users/bearer.txt deleted file mode 100644 index eb2fc71..0000000 --- a/resources/application-secrets/users/bearer.txt +++ /dev/null @@ -1,2 +0,0 @@ -username=kafka -password=kafka-secret diff --git a/resources/application-secrets/users/c3-mds-client.txt b/resources/application-secrets/users/c3-mds-client.txt deleted file mode 100644 index 5a28076..0000000 --- a/resources/application-secrets/users/c3-mds-client.txt +++ /dev/null @@ -1,2 +0,0 @@ -username=c3 -password=c3-secret diff --git a/resources/application-secrets/users/connect-mds-client.txt b/resources/application-secrets/users/connect-mds-client.txt deleted file mode 100644 index ce4c7e7..0000000 --- a/resources/application-secrets/users/connect-mds-client.txt +++ /dev/null @@ -1,2 +0,0 @@ -username=connect -password=connect-secret diff --git a/resources/application-secrets/users/creds-client-kafka-sasl-user.txt b/resources/application-secrets/users/creds-client-kafka-sasl-user.txt deleted file mode 100644 index eb2fc71..0000000 --- a/resources/application-secrets/users/creds-client-kafka-sasl-user.txt +++ /dev/null @@ -1,2 +0,0 @@ -username=kafka -password=kafka-secret diff --git a/resources/application-secrets/users/creds-control-center-users.txt b/resources/application-secrets/users/creds-control-center-users.txt deleted file mode 100644 index 846ac30..0000000 --- a/resources/application-secrets/users/creds-control-center-users.txt +++ /dev/null @@ -1,3 +0,0 @@ -c3: c3-secret,Administrators -admin: Developer1,Administrators -admin1: Developer1,Administrators diff --git a/resources/application-secrets/users/creds-kafka-sasl-users.json b/resources/application-secrets/users/creds-kafka-sasl-users.json deleted file mode 100644 index d4537b7..0000000 --- a/resources/application-secrets/users/creds-kafka-sasl-users.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "kafka_client": "kafka_client-secret", - "c3": "c3-secret", - "kafka": "kafka-secret" -} \ No newline at end of file diff --git a/resources/application-secrets/users/creds-kafka-zookeeper-credentials.txt b/resources/application-secrets/users/creds-kafka-zookeeper-credentials.txt deleted file mode 100644 index 94e3cde..0000000 --- a/resources/application-secrets/users/creds-kafka-zookeeper-credentials.txt +++ /dev/null @@ -1,2 +0,0 @@ -username="kafka" -password="kafka-secret" \ No newline at end of file diff --git a/resources/application-secrets/users/creds-zookeeper-sasl-digest-users.json b/resources/application-secrets/users/creds-zookeeper-sasl-digest-users.json deleted file mode 100644 index 1df68af..0000000 --- a/resources/application-secrets/users/creds-zookeeper-sasl-digest-users.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "kafka": "kafka-secret" -} diff --git a/resources/application-secrets/users/ksqldb-mds-client.txt b/resources/application-secrets/users/ksqldb-mds-client.txt deleted file mode 100644 index 9e1f256..0000000 --- a/resources/application-secrets/users/ksqldb-mds-client.txt +++ /dev/null @@ -1,2 +0,0 @@ -username=ksql -password=ksql-secret diff --git a/resources/application-secrets/users/ldap.txt b/resources/application-secrets/users/ldap.txt deleted file mode 100644 index dfa92e7..0000000 --- a/resources/application-secrets/users/ldap.txt +++ /dev/null @@ -1,2 +0,0 @@ -username=cn=mds,dc=test,dc=com -password=Developer! diff --git a/resources/application-secrets/users/sr-mds-client.txt b/resources/application-secrets/users/sr-mds-client.txt deleted file mode 100644 index 854f639..0000000 --- a/resources/application-secrets/users/sr-mds-client.txt +++ /dev/null @@ -1,2 +0,0 @@ -username=sr -password=sr-secret diff --git a/resources/certificates/base-ca-config.json b/resources/certificates/base-ca-config.json deleted file mode 100644 index 9c9f5ac..0000000 --- a/resources/certificates/base-ca-config.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "signing": { - "default": { - "expiry": "43800h" - }, - "profiles": { - "server": { - "expiry": "43800h", - "usages": [ - "signing", - "key encipherment", - "server auth", - "client auth" - ] - }, - "client": { - "expiry": "43800h", - "usages": [ - "signing", - "key encipherment", - "client auth" - ] - } - } - } -} diff --git a/resources/certificates/base-ca-csr.json b/resources/certificates/base-ca-csr.json deleted file mode 100644 index d1eec56..0000000 --- a/resources/certificates/base-ca-csr.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "CN": "TestCA", - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "C": "Universe", - "L": "Earth", - "O": "Acme", - "ST": "Pangea", - "OU": "MyOrg" - } - ] -} diff --git a/resources/certificates/base-server-domain.json b/resources/certificates/base-server-domain.json deleted file mode 100644 index b804d2f..0000000 --- a/resources/certificates/base-server-domain.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "CN": "*.svc.cluster.local", - "hosts": [ - "*.production.svc.cluster.local", - "*.zookeeper.production.svc.cluster.local", - "*.kafka.production.svc.cluster.local" - ], - "key": { - "algo": "rsa", - "size": 2048 - }, - "names": [ - { - "C": "Universe", - "ST": "Pangea", - "L": "Earth" - } - ] -} diff --git a/resources/certificates/generate_certificate.sh b/resources/certificates/generate_certificate.sh deleted file mode 100755 index ef5ccaf..0000000 --- a/resources/certificates/generate_certificate.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -cfssl gencert -initca base-ca-csr.json | cfssljson -bare ./sensitive-ca - -# Verify with this: -#openssl x509 -in sensitive-ca.pem -text -noout -cfssl gencert -ca=./sensitive-ca.pem -ca-key=./sensitive-ca-key.pem -config=./base-ca-config.json -profile=server base-server-domain.json | cfssljson -bare sensitive-server -# Verify with this: -#openssl x509 -in sensitive-server.pem -text -noout - -kubectl create namespace production -kubectl create namespace dev -kubectl create secret -n production generic tls-group1 \ - --dry-run=client \ - --from-file=fullchain.pem=./sensitive-server.pem \ - --from-file=cacerts.pem=./sensitive-ca.pem \ - --from-file=privkey.pem=./sensitive-server-key.pem -o yaml | kubectl apply -f - -kubectl create secret -n production tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=sensitive-ca.pem \ ---key=sensitive-ca-key.pem -o yaml | kubectl apply -f - -kubectl create secret -n dev tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=./sensitive-ca.pem \ ---key=./sensitive-ca-key.pem -o yaml | kubectl apply -f - - -md5sum sensitive-ca.pem -md5sum sensitive-server.pem \ No newline at end of file diff --git a/resources/certificates/replace_certificate.sh b/resources/certificates/replace_certificate.sh deleted file mode 100755 index 8e1a0fd..0000000 --- a/resources/certificates/replace_certificate.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -cfssl gencert -initca base-ca-csr.json | cfssljson -bare ./sensitive-ca - -# Verify with this: -#openssl x509 -in sensitive-ca.pem -text -noout -cfssl gencert -ca=./sensitive-ca.pem -ca-key=./sensitive-ca-key.pem -config=./base-ca-config.json -profile=server base-server-domain.json | cfssljson -bare sensitive-server -# Verify with this: -#openssl x509 -in sensitive-server.pem -text -noout - -kubectl create secret -n production generic tls-group1 \ - --dry-run=client \ - --from-file=fullchain.pem=./sensitive-server.pem \ - --from-file=cacerts.pem=./sensitive-ca.pem \ - --from-file=privkey.pem=./sensitive-server-key.pem -o yaml | kubectl replace -f - -kubectl create secret -n production tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=sensitive-ca.pem \ ---key=sensitive-ca-key.pem -o yaml | kubectl replace -f - - -kubectl create secret -n dev tls ca-pair-sslcerts \ ---dry-run=client \ ---cert=./sensitive-ca.pem \ ---key=./sensitive-ca-key.pem -o yaml | kubectl replace -f - - -md5sum sensitive-ca.pem -md5sum sensitive-server.pem \ No newline at end of file diff --git a/resources/git/git_repo.sh b/resources/git/git_repo.sh deleted file mode 100755 index fa0c801..0000000 --- a/resources/git/git_repo.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -kubectl create ns flux-system && -kubectl create secret -n flux-system generic flux-system \ ---from-file=identity=./identity \ ---from-file=identity.pub=./identity.pub \ ---from-file=known_hosts=./known_hosts \ No newline at end of file diff --git a/tldr.sh b/tldr.sh deleted file mode 100755 index 15eb8c7..0000000 --- a/tldr.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -flux bootstrap github \ ---owner=${GITHUB_USER} \ ---repository=${GITHUB_REPO} \ ---path=clusters/production \ ---branch=develop \ ---personal -sleep 10 -echo "Sleeping for 10 seconds to ensure namespace is created" -kubectl create secret -n confluent docker-registry confluent-registry \ ---docker-server=confluent-docker-internal-early-access-operator-2.jfrog.io \ ---docker-username=$USER \ ---docker-password=$APIKEY \ ---docker-email=$EMAIL && \ -kubectl create secret -n flux-system generic https-credentials \ ---from-literal=username=$USER \ ---from-literal=password=$APIKEY -kubectl create secret -n confluent generic credential \ ---from-file=plain-users.json=./resources/users/creds-kafka-sasl-users.json \ ---from-file=digest-users.json=./resources/users/creds-zookeeper-sasl-digest-users.json \ ---from-file=digest.txt=./resources/users/creds-kafka-zookeeper-credentials.txt \ ---from-file=plain.txt=./resources/users/creds-client-kafka-sasl-user.txt \ ---from-file=basic.txt=./resources/users/creds-control-center-users.txt \ ---from-file=ldap.txt=./resources/users/ldap.txt -kubectl create secret -n confluent generic mds-token \ ---from-file=mdsPublicKey.pem=./resources/certs/mds-publickey.txt \ ---from-file=mdsTokenKeyPair.pem=./resources/certs/mds-tokenkeypair.txt -# Kafka RBAC credential -kubectl create secret -n confluent generic mds-client \ ---from-file=bearer.txt=./resources/users/bearer.txt -# Control Center RBAC credential -kubectl create secret -n confluent generic c3-mds-client \ ---from-file=bearer.txt=./resources/users/c3-mds-client.txt -# Connect RBAC credential -kubectl create secret -n confluent generic connect-mds-client \ ---from-file=bearer.txt=./resources/users/connect-mds-client.txt -# Schema Registry RBAC credential -kubectl create secret -n confluent generic sr-mds-client \ ---from-file=bearer.txt=./resources/users/sr-mds-client.txt -# ksqlDB RBAC credential -kubectl create secret -n confluent generic ksqldb-mds-client \ ---from-file=bearer.txt=./resources/users/ksqldb-mds-client.txt -# Kafka REST credential -kubectl create secret -n confluent generic rest-credential \ ---from-file=bearer.txt=./resources/users/bearer.txt \ ---from-file=basic.txt=./resources/users/bearer.txt \ No newline at end of file From e40b9243e745d366d7555c3c5873f24dc9c1875f Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Thu, 1 Jul 2021 16:41:20 +0100 Subject: [PATCH 10/11] Adusting description in README reagarding the flux directory --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0892116..325f14c 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ You may find this project helpful by simply referencing the documentation, code, The Git repository contains the following top directories: -- **flux-system** dir contains the required flux +- **flux-system** dir contains the required kubernetes resources for flux to operate - **kustomize/base** dir contains the base definition of the confluent stack. - **kustomize/environments** dir containing an example environment, folders could be copied to create additional environments. Files within are 'patches' which are layered on top of the definitions found in kustomize/base - **kustomize/operator** dir the helm chart definition for confluent-for-kubernetes (CFK). From 2c568ab14730b58d0296dbcc0dc580386d702546 Mon Sep 17 00:00:00 2001 From: Andrew McCully Date: Fri, 2 Jul 2021 09:14:26 +0100 Subject: [PATCH 11/11] updating branch watch of flux sync --- flux-system/gotk-sync.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flux-system/gotk-sync.yaml b/flux-system/gotk-sync.yaml index 589f197..0547bdf 100644 --- a/flux-system/gotk-sync.yaml +++ b/flux-system/gotk-sync.yaml @@ -7,7 +7,7 @@ metadata: spec: interval: 1m0s ref: - branch: develop + branch: main url: https://github.com/osodevops/kafka-gitops.git --- apiVersion: kustomize.toolkit.fluxcd.io/v1beta1